security updates

  1. CVE-2026-42898: Dynamics 365 On-Prem RCE & Patch Confidence Guide for Admins

    Microsoft lists CVE-2026-42898 as a Microsoft Dynamics 365 on-premises remote code execution vulnerability, published through the Microsoft Security Response Center’s Security Update Guide on May 12, 2026, with the disclosure pointing administrators toward Microsoft’s patching and risk-scoring...
  2. CVE-2026-35420 Windows Kernel EoP: Why Patch Tuesday Demands Fast Action

    Microsoft’s Security Response Center has listed CVE-2026-35420 as a Windows Kernel elevation-of-privilege vulnerability, published in the May 2026 security update cycle, with vendor acknowledgement establishing that the flaw exists even though public technical detail remains deliberately...
  3. Why Steam Gamers Still Use Windows 10 as End of Support Nears

    As of May 2026, a substantial minority of PC gamers on Steam still use Windows 10, even though Microsoft ended mainstream support on October 14, 2025, and the consumer Extended Security Updates runway is scheduled to expire on October 13, 2026. That is not merely nostalgia for a familiar Start...
  4. KB5083769 blocks Macrium psmounterex sys—backup image mounting fails on Win11

    Microsoft’s April 14, 2026 Windows 11 security update KB5083769, and the later optional preview update KB5083631, can stop some third-party backup tools from mounting disk images because Windows is now blocking vulnerable versions of the Macrium-associated psmounterex.sys kernel driver. That is...
  5. CVE-2026-31540 i915 NULL Pointer Dereference: Linux Intel GPU Sleep Crash Fix

    CVE-2026-31540 is a Linux kernel i915 graphics-driver NULL pointer dereference, published on April 24, 2026, affecting Intel GPU systems where required i915 firmware is missing and suspend triggers an unchecked function-pointer call. It is not a Windows vulnerability in the usual Patch Tuesday...
  6. April 2026 Windows RDP Security Warning Bug: Mixed DPI Makes Prompts Unreadable

    Microsoft’s April 2026 Windows security updates have created an awkward Remote Desktop moment: a security feature designed to make RDP files safer can itself become hard to read on some multi-monitor systems. The confirmed issue affects the new warning dialog shown when users open Remote Desktop...
  7. CVE-2026-31617 Linux USB NCM Info Leak: Block-Length Underflow Fix Explained

    CVE-2026-31617 is a newly disclosed Linux kernel vulnerability in the USB gadget Network Control Model path, and its importance lies less in a dramatic internet-scale exploit scenario than in the quiet places where Linux devices plug into trusted hosts. The flaw sits in f_ncm, the kernel...
  8. Windows Security Shows Secure Boot Certificate Status (April 2026)

    Starting in April 2026, Microsoft is doing something Windows users have not seen before: surfacing Secure Boot certificate status directly inside the Windows Security app. That matters because the company’s original Secure Boot certificates, issued in 2011, are now approaching expiration in June...
  9. Windows 11 April 2026 RDP Warning Bug: KB5083769 and KB5082052 Fixes Needed

    Microsoft’s April 2026 Windows 11 quality updates are doing exactly what modern Patch Tuesdays so often do: tightening security in one area while creating friction in another. KB5083769 for Windows 11 25H2 and 24H2 introduces new Remote Desktop safeguards meant to blunt spoofing attacks tied to...
  10. CVE-2026-35431: High-Confidence Spoofing Flaw in Entra Entitlement Management

    Microsoft has assigned CVE-2026-35431 to a Microsoft Entra ID Entitlement Management spoofing vulnerability, but the public confidence signal attached to the entry is what makes this disclosure especially important. Microsoft’s Security Update Guide uses that metric to express how certain it is...
  11. CVE-2026-31474: Linux ISO-TP Use-After-Free Fixed by sk_destruct

    Background CVE-2026-31474 is a Linux kernel use-after-free in the CAN ISO-TP path, specifically in isotp_sendmsg, where the transmit buffer can be freed too early while the sender is still consuming it for the final CAN frame. The kernel record describes a race between isotp_sendmsg and...
  12. CVE-2026-33103: Dynamics 365 On-Premises Local Info Disclosure Risk (CVSS 5.5)

    Microsoft has added a new Dynamics 365 on-premises vulnerability to its security roster, and the early signals point to a local information disclosure flaw with a medium CVSS score of 5.5. The issue, tracked as CVE-2026-33103, is described as an improper access control problem that could let an...
  13. CVE-2026-32196 Windows Admin Center Spoofing: Trust & XSS-Style Risks for Admins

    CVE-2026-32196 is a useful reminder that not every Windows security flaw arrives as a dramatic remote code execution headline. In this case, Microsoft’s Security Update Guide entry for Windows Admin Center Spoofing Vulnerability appears to place the issue in the broad, deceptively practical...
  14. CVE-2026-32086 Patch Quickly: Windows fdwsd.dll Local EoP Race Condition

    Microsoft’s entry for CVE-2026-32086 is a reminder that some of the most operationally important Windows flaws arrive with very little fanfare but a clear tactical message: patch quickly, because the bug sits in a core local privilege boundary and Microsoft is signaling that the issue is real...
  15. April 2026 No Exchange Server Security Updates: ESU Bridge Ends

    Although Microsoft’s Exchange Server security-update cadence has been unusually quiet in the months after Exchange 2016 and Exchange 2019 reached end of support, April 2026 is different for one important reason: it is the final month of the temporary Extended Security Update program, and...
  16. Microsoft Forces Windows 11 25H2 on Some PCs—What Home Users Need to Know

    Microsoft’s latest Windows update strategy is drawing fresh criticism because it extends a familiar pattern into territory that many users will find hard to ignore: if your PC is running an eligible consumer edition of Windows 11 and falls behind support, the company is increasingly willing to...
  17. Windows 11 Build 26300.8142 Adds Admin Protection, NPU Task Manager & Touchpad Control

    Windows 11 is getting a fresh round of Insider-only refinements in Build 26300.8142, and this flight is less about flashy consumer features than about sharpening the platform’s underpinnings. Microsoft is using the Dev Channel to test Administrator Protection, a touchpad control for the...
  18. CVE-2026-23253: dvb-core ringbuffer reopen reinit bug and stable kernel fix

    CVE-2026-23253 is another reminder that not every security-relevant kernel issue begins with a dramatic buffer overflow or a flashy exploit chain. In this case, Microsoft’s Security Response Center has published a vulnerability entry tied to the Linux media stack, specifically the dvb-core...
  19. CVE-2026-23171: Microsoft Security Vulnerability Analysis and Remediation

    Microsoft’s CVE pages are often the first place administrators, analysts, and reporters look when a new flaw lands in Windows, Office, Exchange, or another Microsoft product. When that page is unavailable, slow, or difficult to navigate, it can feel like the whole disclosure process has gone...
  20. Windows 10 End of Support: Upgrade, ESU, Linux, ChromeOS Flex, or Replace by 2026

    Windows 10 has reached a genuine turning point: Microsoft ended mainstream security support on 14 October 2025, and the clock is already ticking on the one-year consumer Extended Security Updates bridge that runs only until 13 October 2026. For millions of households and small businesses, that...