vendor advisories

Johnson Controls’ Frick Controls Quantum HD family has been pushed into the center of a new industrial‑control security storm after a coordinated advisory flagged a cluster of high‑severity remote vulnerabilities that — if chained or exploited at scale — could let unauthenticated attackers run...

Microsoft’s one-line answer on the CVE page — that “Azure Linux includes this open‑source library and is therefore potentially affected” — is factually correct for the Azure Linux product set Microsoft has inspected, but it is not a technical guarantee that no other Microsoft product could...

Microsoft’s CVE entry for CVE‑2024‑44998 correctly identifies a use‑after‑free bug in the Linux kernel’s ATM driver (idt77252) — but no, Azure Linux is not necessarily the only Microsoft product that can include the vulnerable code: multiple Linux kernels and Linux-based Microsoft offerings have...

The knplabs/knp-snappy library — a widely used PHP wrapper for wkhtmltopdf and wkhtmltoimage — contains a high‑severity unsafe deserialization vulnerability that can be trivially abused to achieve remote code execution when the application environment and usage patterns permit it; the bug...

Microsoft’s short public attestation that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate for the product Microsoft has inventory‑checked — but it is not a categorical, cross‑product guarantee that no other Microsoft artifact may contain the...

Microsoft’s Security Response Guide lists an entry for CVE‑2026‑21246 as a Windows Graphics Component elevation‑of‑privilege issue, but public records and independent trackers show conflicting identifiers and sparse technical detail — meaning defenders must treat the advisory as confirmed by...

A Microsoft Security Response Center (MSRC) entry now lists CVE-2026-21226 — a reported remote code execution (RCE) class vulnerability in the Azure Core shared client library for Python — but public technical detail is limited and the vendor’s own “confidence” metric indicates the disclosure is...

Microsoft’s brief advisory that “Azure Linux includes this open‑source library and is therefore potentially affected” is accurate — but it is a product‑scoped attestation, not proof that no other Microsoft product contains the same vulnerable Linux kernel component; operators must treat Azure...

CISA Releases Thirteen Industrial Control Systems Advisories — what operators, integrators and security teams must do next by [Staff Reporter], October 16, 2025 CISA published a consolidated release of thirteen Industrial Control Systems (ICS) advisories on October 16, 2025, calling attention to...

Siemens Solid Edge users and industrial CAD operators must treat a cluster of high‑severity parsing flaws as a live operational risk: multiple vulnerabilities (CVE‑2025‑40809 through CVE‑2025‑40812) in Solid Edge’s PRT file handling can crash the application or allow arbitrary code execution...

Microsoft has published an advisory for CVE-2025-59213, a high-severity SQL injection vulnerability in Microsoft Configuration Manager that can be abused for local elevation of privilege; administrators must urgently verify the exact KB mapping for their Configuration Manager branch and deploy...

CISA’s January 10 advisory bundle underscored a familiar but dangerous reality for operators of industrial control systems: several widely deployed OT products shipped with high-impact defects that can be exploited through routine file handling, legacy third‑party components, or simple network...

Siemens has confirmed a vulnerability in its APOGEE PXC and TALON TC building automation devices that allows an unauthenticated remote actor to retrieve sensitive files — including the device’s encrypted database — over BACnet, a widely used building automation protocol, a weakness now tracked...

Windows 11 users faced a sudden and alarming data‑integrity scare when an August cumulative update was linked to a reproducible failure mode that can make certain SSDs “vanish” from the operating system during sustained, large writes — a problem that can truncate files, corrupt partitions, and...

Microsoft and Phison have now all but closed the book on the late‑August panic: after weeks of community reports, lab reproductions and headlines warning that Windows 11 24H2’s August cumulative (KB5063878) was “bricking” SSDs, thorough vendor and Microsoft testing found no reproducible link...

Microsoft and Phison have pushed back hard against a wave of social-media claims that the latest Windows 11 cumulative update is “bricking” NVMe SSDs — but the episode exposes a brittle edge case in modern storage stacks, a gap between telemetry and forensic proof, and practical steps every...

Thanks — I can write the 2,000+ word, in-depth feature article in rich Markdown for WindowsForum.com. Before I start, two quick clarifying questions so I match your needs exactly: 1) Do you want the article to be strictly based on Microsoft’s advisory at the MSRC link you provided, or do you...

Two parallel announcements from Meta and Microsoft this week — a patched zero-click vulnerability in WhatsApp and a timetable for mandatory multi-factor authentication across Azure — crystallise a single lesson for enterprise security teams: convenience is no longer an acceptable substitute for...

Phison’s lab says the recent Windows 11 cumulative update is not “breaking” SSDs — but the episode lays bare how fragile modern storage stacks can be, how quickly panic and misinformation spread, and why conservative update practices and strong backups remain non-negotiable. Background /...

Microsoft’s August cumulative update for Windows 11 (KB5063878) has been linked by multiple independent testers and SSD vendors to a troubling storage regression: under sustained, large write workloads some SSDs temporarily vanish from the operating system — and in a subset of reports files...