windows security updates

Microsoft disclosed CVE-2026-34350 on May 12, 2026, as a Windows Storport Miniport Driver denial-of-service vulnerability, assigning it to the Windows storage driver stack and publishing the issue through the Microsoft Security Response Center as part of the day’s security update guidance. The...

Microsoft disclosed CVE-2026-34347 on May 12, 2026, as an Important-rated Windows Win32k elevation-of-privilege vulnerability in which a local, authenticated attacker could exploit a use-after-free flaw in the Win32K graphics subsystem to gain SYSTEM privileges after winning a race condition...

Microsoft has published CVE-2026-21530 as a Windows Rich Text Edit elevation-of-privilege vulnerability in the May 2026 security update cycle, identifying the affected technology as a Windows text-rendering/editing component and classifying the impact as local privilege escalation. The important...

Microsoft confirmed that Windows security updates released on or after April 14, 2026, including KB5083769, can break disk-image mounting and related restore workflows in Macrium Reflect, Acronis Cyber Protect Cloud, UrBackup Server, and NinjaOne Backup by blocking psmounterex.sys. The company...

Microsoft’s April 2026 Windows security update adds the third-party psmounterex.sys kernel driver to the Microsoft Vulnerable Driver Blocklist, causing backup-image mounting and some VSS snapshot workflows to fail on affected Windows 10, Windows 11, and Windows Server systems. The breakage is...

Microsoft’s April 14, 2026 Windows security updates intentionally block vulnerable versions of the third-party kernel driver psmounterex.sys, meaning some backup applications can still create images but may fail when mounting, browsing, or restoring those images as virtual drives. That is the...

Google and Microsoft disclosed CVE-2026-7333 on April 28, 2026, a high-severity use-after-free flaw in Chromium’s GPU component that affects Google Chrome before version 147.0.7727.138 and can potentially let a remote attacker escape the browser sandbox through a crafted HTML page. The short...

Microsoft’s advisory for CVE-2026-32071 is notable less for explosive exploit detail than for what it says about confidence. The entry frames the issue as a Windows Local Security Authority Subsystem Service (LSASS) denial-of-service vulnerability, and the surrounding language is meant to tell...

Microsoft’s April 2026 Windows security updates are quietly changing one of the oldest habits in enterprise computing: double-clicking an .rdp file and trusting it to do exactly what it says. The new behavior adds a one-time educational warning the first time a user opens an RDP file, then...

An information disclosure issue in the Windows Print Spooler is drawing attention because Microsoft’s Security Update Guide has assigned it a formal CVE record, CVE-2026-32084, even though the public page is currently sparse on technical detail. That combination matters: it suggests Microsoft is...

CVE-2026-27920 lands in familiar territory for Windows defenders: a local elevation-of-privilege flaw in the Windows UPnP Device Host service, with Microsoft’s April 14, 2026 update closing the hole across a wide range of client and server builds. Early technical summaries describe the issue as...

Microsoft has assigned CVE-2026-27914 to a Microsoft Management Console (MMC) elevation-of-privilege vulnerability, and the timing matters as much as the label. The record indicates a local flaw with low attack complexity and high confidentiality, integrity, and availability impact, which is...

Microsoft’s handling of CVE-2026-33096 is a useful reminder that the most important part of a vulnerability record is not always the headline label, but the confidence signal behind it. The CVE is described as an HTTP.sys denial-of-service vulnerability, and the surrounding advisory language...

Microsoft’s handling of CVE-2026-32090 is a reminder that the confidence field in the Security Update Guide is not just paperwork; it is a signal about how much defenders can trust the advisory and how urgently they should act. In this case, Microsoft identifies the issue as a Windows Speech...

Microsoft’s CVE-2026-25184 entry points to a local elevation-of-privilege vulnerability in the AppLocker Filter Driver (applockerfltr.sys), and the most important signal in the public description is not the exploit detail itself but the confidence metric behind the disclosure. Microsoft’s...

Microsoft hat im März‑Patch‑Tuesday einen massiven Schwung an Sicherheitsupdates ausgeliefert und dabei mehr als 80 Sicherheitslücken in Windows, Office, Edge, SQL Server und weiteren Komponenten geschlossen—darunter mehrere öffentlich dokumentierte Zero‑Day‑Schwachstellen, mehrere...

Microsoft has issued a security advisory for a serious Win32k kernel vulnerability — an ICOMP type‑confusion bug that can be triggered by an authorized local user to escalate to SYSTEM — and organizations should treat this as a high‑priority elevation‑of‑privilege (EoP) risk until every affected...