windows security updates

Microsoft’s May 12, 2026 security update cycle includes CVE-2026-34336, a Windows DWM Core Library information disclosure vulnerability that Microsoft describes as a confirmed local flaw in the desktop composition stack. The bug is not the kind of remote-code-execution siren that empties patch...

Microsoft disclosed CVE-2026-40407 on May 12, 2026 as an Important Windows Common Log File System Driver elevation-of-privilege vulnerability, caused by a heap-based buffer overflow and affecting supported Windows client and server releases with updates available through the May Patch Tuesday...

CVE-2026-40377 is a Microsoft Cryptographic Services elevation-of-privilege vulnerability listed in Microsoft’s Security Update Guide on May 12, 2026, affecting Windows systems where the vulnerable cryptographic service component is present and requiring administrators to treat the vendor entry...

Microsoft disclosed CVE-2026-34350 on May 12, 2026, as a Windows Storport Miniport Driver denial-of-service vulnerability, assigning it to the Windows storage driver stack and publishing the issue through the Microsoft Security Response Center as part of the day’s security update guidance. The...

Microsoft confirmed that Windows security updates released on or after April 14, 2026, including KB5083769, can break disk-image mounting and related restore workflows in Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup by blocking psmounterex.sys. The company...

Microsoft’s April 14, 2026 Windows security updates intentionally block vulnerable versions of the third-party kernel driver psmounterex.sys, meaning some backup applications can still create images but may fail when mounting, browsing, or restoring those images as virtual drives. That is the...

Google and Microsoft disclosed CVE-2026-7333 on April 28, 2026, a high-severity use-after-free flaw in Chromium’s GPU component that affects Google Chrome before version 147.0.7727.138 and can potentially let a remote attacker escape the browser sandbox through a crafted HTML page. The short...

Microsoft’s advisory for CVE-2026-32071 is notable less for explosive exploit detail than for what it says about confidence. The entry frames the issue as a Windows Local Security Authority Subsystem Service (LSASS) denial-of-service vulnerability, and the surrounding language is meant to tell...

Microsoft’s April 2026 Windows security updates are quietly changing one of the oldest habits in enterprise computing: double-clicking an .rdp file and trusting it to do exactly what it says. The new behavior adds a one-time educational warning the first time a user opens an RDP file, then...

An information disclosure issue in the Windows Print Spooler is drawing attention because Microsoft’s Security Update Guide has assigned it a formal CVE record, CVE-2026-32084, even though the public page is currently sparse on technical detail. That combination matters: it suggests Microsoft is...

Microsoft’s handling of CVE-2026-33096 is a useful reminder that the most important part of a vulnerability record is not always the headline label, but the confidence signal behind it. The CVE is described as an HTTP.sys denial-of-service vulnerability, and the surrounding advisory language...

Microsoft’s handling of CVE-2026-32090 is a reminder that the confidence field in the Security Update Guide is not just paperwork; it is a signal about how much defenders can trust the advisory and how urgently they should act. In this case, Microsoft identifies the issue as a Windows Speech...

Microsoft’s CVE-2026-25184 entry points to a local elevation-of-privilege vulnerability in the AppLocker Filter Driver (applockerfltr.sys), and the most important signal in the public description is not the exploit detail itself but the confidence metric behind the disclosure. Microsoft’s...

Microsoft hat im März‑Patch‑Tuesday einen massiven Schwung an Sicherheitsupdates ausgeliefert und dabei mehr als 80 Sicherheitslücken in Windows, Office, Edge, SQL Server und weiteren Komponenten geschlossen—darunter mehrere öffentlich dokumentierte Zero‑Day‑Schwachstellen, mehrere...