security updates

  1. June 2026 Windows Update Breaks Custom Folder Icons from desktop.ini

    Microsoft says Windows security updates released on or after June 9, 2026, may stop some custom folder icons and localized folder display names from appearing because Windows now ignores desktop.ini files whose source it cannot verify as trusted. That is not a cosmetic bug in the usual Patch...
  2. June 2026 Windows Update: Desktop.ini Trust Changes in File Explorer

    Microsoft’s June 9, 2026 Windows security updates, including KB5094126 for Windows 11 24H2 and 25H2 and KB5093998 for Windows 11 23H2, changed how File Explorer handles desktop.ini folder customizations from sources Windows does not trust. The result is not data loss, and it is not a broken...
  3. Windows 11 June 2026 Patch Tuesday (June 9): Secure Boot & Key New Features

    Microsoft’s June 2026 Patch Tuesday for Windows 11 is scheduled for June 9, bringing the usual security fixes alongside new user-facing features such as low-latency performance boosts, Shared Audio, richer NPU monitoring, setup-time user-folder naming, and Secure Boot certificate updates. The...
  4. CVE-2026-48560 SharePoint Spoofing: Patch Guidance for June 9 2026

    Microsoft disclosed CVE-2026-48560 on June 9, 2026, as a Microsoft SharePoint Server spoofing vulnerability addressed in June security updates for SharePoint Server 2016, SharePoint Server 2019, and SharePoint Server Subscription Edition on on-premises Windows infrastructure. The important word...
  5. CVE-2026-45501 Exchange Spoofing: Patch Tuesday Guidance and Action Steps

    CVE-2026-45501 is an Important-rated Microsoft Exchange Server spoofing vulnerability disclosed in Microsoft’s June 9, 2026 security updates, affecting on-premises Exchange Server and arriving alongside a broader Exchange patch set that also includes spoofing, information-disclosure...
  6. CVE-2026-45500 Exchange Spoofing: June 2026 Patch Guidance for Admins

    Microsoft disclosed CVE-2026-45500, a Microsoft Exchange Server spoofing vulnerability, as part of the June 9, 2026 Exchange security updates for Exchange Server Subscription Edition and Exchange Server 2019 CU15, placing it among a cluster of Exchange flaws patched in the same release. The...
  7. CVE-2026-42829: Windows 11 Admin Protection Bypass—KB5094126 & KB5095051

    Microsoft disclosed CVE-2026-42829 on June 9, 2026, as an Important Windows Administrator Protection security feature bypass affecting Windows 11 versions 24H2, 25H2, and 26H1, with fixes delivered through KB5094126 and KB5095051 for x64 and Arm64 systems in the June Patch Tuesday release cycle...
  8. CVE-2026-47636 SharePoint Server Spoofing: Patch Tuesday Guidance

    Microsoft disclosed CVE-2026-47636 on June 9, 2026, as a spoofing vulnerability in Microsoft SharePoint Server, placing the issue in the on-premises collaboration stack that many organizations still use for intranets, document workflows, and line-of-business portals rather than SharePoint...
  9. CVE-2026-45467 SharePoint Spoofing: Patch Now, Expect Sparse Details

    Microsoft has listed CVE-2026-45467 as a Microsoft SharePoint Server spoofing vulnerability in its Security Update Guide as of June 2026, but the public record available to administrators appears to offer more confidence in the flaw’s existence than in its operational details. That distinction...
  10. June 2026 Exchange Security Updates: ESU Gate, CVE-2026-42897, and OWA Mitigations

    Microsoft released June 2026 Security Updates for Exchange Server Subscription Edition, plus ESU-only updates for Exchange Server 2019 CU14/CU15 and Exchange Server 2016 CU23, on June 9, 2026, addressing newly disclosed Exchange vulnerabilities and the earlier CVE-2026-42897 Outlook Web Access...
  11. CVE-2026-6843: GNU nano Format String DoS and Why Windows Shops Should Patch

    Microsoft’s Security Response Center is tracking CVE-2026-6843, a medium-severity GNU nano vulnerability disclosed in April 2026 in which a local attacker can crash the editor by luring it into displaying a specially named directory containing printf-style format specifiers. The bug is not a...
  12. CVE-2026-41257 jq Integer Overflow: Azure Linux Patch and CI Inventory Guide

    CVE-2026-41257 is a newly published jq vulnerability, released in Microsoft’s Security Update Guide on May 13, 2026 and updated on June 3, affecting Azure Linux 3.0 jq packages where a signed integer overflow in the jq virtual machine stack can corrupt memory. The bug is not a Windows desktop...
  13. KB5089573 Optional Preview: Secure Boot Prep, AI Updates, and EFI Error 0x800f0922

    Microsoft released KB5089573 on May 26, 2026, as the optional non-security preview update for Windows 11 version 25H2 and 24H2, moving supported systems to OS builds 26200.8524 and 26100.8524 while also documenting a lingering installation failure tied to May’s earlier KB5089549 update. The...
  14. CVE-2026-46048: ALSA caiaq USB Audio Driver Reference Leak Fixed

    On May 27, 2026, NVD published CVE-2026-46048, a Linux kernel vulnerability in the ALSA caiaq USB audio driver where failed device probing can leak a referenced USB device object instead of releasing it. The bug is not the sort of headline-grabbing remote code execution flaw that sends patch...
  15. CVE-2026-46004: Linux ALSA caiaq USB Driver Use-After-Free Patch Guide

    CVE-2026-46004, published by NVD on May 27, 2026, is a Linux kernel vulnerability in the ALSA caiaq USB audio driver where failed device probing could continue after cleanup and create a use-after-free condition in later initialization code. It is not the kind of bug that should send every...
  16. Microsoft Defender

    Hello, I've been using a competitor's antivirus on my Windows 11 Home 25H2 for several years. I'm thinking of switching to Microsoft Defender. I'd like information on whether this new product maintains the same level of security as before in terms of detecting intrusions that could damage the...
  17. Fix CVE-2026-45659 on SharePoint 2016 Using the “Enterprise Server” KB

    Microsoft’s May 2026 guidance for CVE-2026-45659 says the security update identified for SharePoint Enterprise Server 2016 also applies to SharePoint Server 2016, meaning administrators running either 2016-branded deployment should install the same KB to close the remote code execution flaw. The...
  18. CVE-2026-42822 ALDO Fix: Update to ALDO 2604 or Later for Disconnected Azure

    Microsoft says CVE-2026-42822 is mitigated for customers using Microsoft-operated Azure Resource Manager environments, while Azure Local Disconnected Operations customers must update their ALDO deployment to version 2604 or later through the Azure portal using the full system update process...
  19. KB5089549 May 2026 Fails at 35%: EFI System Partition 10MB Space Fix

    Microsoft confirmed on May 15, 2026, that the May 2026 Windows 11 security update KB5089549 can fail on some Windows 11 24H2 and 25H2 devices when the EFI System Partition has roughly 10MB or less free space. The failure typically arrives during the reboot phase, around 35–36 percent, then...
  20. CVE-2026-33110: Install the SharePoint 2016 KB Even If Labeled Enterprise

    Microsoft’s guidance for CVE-2026-33110 says SharePoint Server 2016 customers should install the same security update listed for SharePoint Enterprise Server 2016, because the KB applies to both product names and protects both supported 2016 deployments from the remote code execution flaw. That...