Tag: Patch Tuesday

  • June 9 Patch Tuesday: Secure Boot Deadline Looms

    June 9 Patch Tuesday: Secure Boot Deadline Looms

    Key Takeaway

    – June 9 is the final Patch Tuesday before Secure Boot certificates expire on June 24; any unpatched device will lose future boot-security protections.
    – Devices that missed the May deployment now have a compressed 15-day window; treat June 9 as emergency triage, not a normal cycle.
    – Run the PowerShell command to check registry key `UEFICA2023Status`; “Failed” status requires immediate manual remediation.
    – Windows Server 2025 with BitLocker Group Policy needs extra caution and a test deployment due to unresolved recovery bug.
    – Completing the certificate transition before June 24 is urgent, but the October 2026 expiration of the Windows Production PCA 2011 remains the most critical long-term risk.

    Microsoft’s Upcoming Patch Tuesday Carries Unprecedented Boot Security Stakes

    Microsoft’s June 9 Patch Tuesday is a few days away, and it carries more weight than any routine monthly update. It is the final structured deployment window before the 2011-era Secure Boot certificates begin expiring on June 24, leaving any unpatched device in a degraded boot-security state from that date. The certificate expiration window runs June 24-27. The Microsoft Corporation KEK CA 2011 expires June 24, the Microsoft UEFI CA 2011 expires June 27, and the Microsoft Windows Production PCA 2011 follows in October. Devices that have not recieved the 2023 replacement certificates before June 24 will not stop working, but they will lose the ability to recieve future boot-level security protections, including updates to the Windows Boot Manager, Secure Boot revocation lists, and fixes for newly discovered boot-chain vulnerabilities.

    Rollout Timeline and Enterprise Pressure

    Microsoft has been rolling out the 2023 replacement certificates since February 2026 through cumulative updates, with the May 12 Patch Tuesday advancing that rollout further. Organisations that delayed the May deployment are now facing a compressed window. The gap between June 9 and the June 24 expiration date is 15 days. For enterprise teams managing large device fleets, that is not a comfortable runway. Security analysts have clearly flagged the pressure. The decision to defer May deployment to June has reduced the avalible window by more than 60 percent. Any organisation assuming June 9 restores a normal deployment timeline is wrong. June 9 is emergency triage for teams that missed May.

    Pre-Deployment Verification Commands

    Before June 9, IT administrators should run the following PowerShell command with administrator privileges to check certificate status on any device in question: Get-ItemProperty -Path “HKLM:SYSTEMCurrentControlSetControlSecureBootServicing” -Name UEFICA2023Status. The expected result for an OS-driven migration is “Completed.” Crucially, a “NotStarted” status is not an automatic failure; it often indicates that the device is already secure because the OEM has injected the 2023 certificates natively via a recent BIOS update. The real red flags to hunt for are a status of “Failed” or hex codes populated in the adjacent UEFICA2023Error key. Anything hitting those failure states after the June 9 deployment requires immediate, manual remediation.

    Server 2025 BitLocker Issues

    Devices running Windows Server 2025 with certain BitLocker Group Policy configurations require extra caution. The boot-to-BitLocker-recovery bug originated in the April 2026 update cycle. The May update resolved it for Windows 11, but the fix for Windows Server 2025 remains pending, and the behaviour is volatile in some configurations. Server 2025 enviroments should complete a test deployment before rolling June 9 updates fleet-wide. June 9 is also expected to address vulnerabilities discovered since the May 12 release, including any that have entered active exploitation in the weeks between cycles.

    Netlogon Flaw and Active Exploitation

    The Netlogon flaw CVE-2026-41089, flagged as actively exploited by the Centre for Cybersecurity Belgium on May 29, is already patched via the May update. Any devices that have not applied that fix should treat June 9 as a double-priority deployment. Completing the Secure Boot certificate transition before June 24 closes the most urgent window but is not the end of the process. The Microsoft Windows Production PCA 2011 certificate, which signs the Windows bootloader itself, expires in October 2026. That is the most structurally significant of the three expirations and the one that carries the greatest long-term boot integrity risk for devices that miss it. June 9 Patch Tuesday is scheduled to release at 10:00 AM PST.

    Sources
    Tags: , , , ,
  • Windows Netlogon CVE-2026-41089 Exploited: Urgent Patch Now

    Windows Netlogon CVE-2026-41089 Exploited: Urgent Patch Now

    Key Takeaway

    – Attackers are actively exploiting CVE-2026-41089, a critical Windows Netlogon vulnerability (CVSS 9.8) patched May 12 but initially assessed by Microsoft as “exploitation less likely.”
    – The exploit requires no credentials, user interaction, or prior access, giving attackers SYSTEM-level code execution on domain controllers—effectively full Active Directory domain compromise.
    – The Centre for Cybersecurity Belgium issued an exploitation warning on May 29, 17 days after the patch, meaning organizations on a 30-day patch cycle are currently exposed.
    – Apply the May 12 cumulative update immediately if not already deployed; isolate domain controllers from direct internet access and restrict Netlogon traffic to authenticated internal sources.
    – June 9 is the next Patch Tuesday and the final update window before the June 24-27 Secure Boot certificate expiration, adding urgency to completing the May rollout.

    Attackers are actively exploiting a critical Windows Netlogon vulnerability

    This is a thing that Microsoft patched three weeks ago and they said it was unlikely to be exploited, but now attackers are exploiting it. The Centre for Cybersecurity Belgium issued an exploitation warning on May 29, raising the risk profile for every unpatched Windows Server environment running as a domain controller. While Microsoft stated on June 1 that it is still validating those claims and has not yet updated its MSRC portal, security teams are urged not to wait.

    CVE-2026-41089 is a stack-based buffer overflow

    CVE-2026-41089 is a stack-based buffer overflow in the Netlogon service with a CVSS score of 9.8. An unauthenticated remote attacker sends a crafted network request to a Windows Server acting as a domain controller. If successful, the Netlogon service mishandles the request, allowing the attacker to execute arbitrary code with SYSTEM privileges. No credentials. No user interaction. No prior access needed.

    Microsoft patched CVE-2026-41089 on May 12

    Microsoft patched CVE-2026-41089 on May 12 as part of its May Patch Tuesday, which addressed 138 CVEs total. Despite the 9.8 severity rating, Redmond assessed the flaw as “exploitation less likely” at the time of release. That gap between official assessment and real-world threat reports is exactly what is catching enterprise security teams off guard.

    The CCB advisory came 17 days after the patch dropped

    The CCB advisory came 17 days after the patch dropped. That is well within the window that many enterprise patch cycles operate. Organisations that treat Patch Tuesday updates as a 30-day rollout schedule rather than an immediate priority are currently exposed.

    Domain controllers are the authentication backbone

    Domain controllers are the authentication backbone of Active Directory environments. Successful exploitation of CVE-2026-41089 gives an attacker SYSTEM-level code execution on the domain controller itself, which in practice means full control of the Active Directory domain, the ability to create privileged accounts, and lateral movement across every system that authenticates against that controller.

    Jack Bicer, director of vulnerability research at Action1

    Jack Bicer, director of vulnerability research at Action1, flagged the flaw at patch time: “This CVE requires immediate attention. Successful attacks may lead to widespread endpoint compromise, ransomware deployment, credential harvesting, and operational disruption across corporate networks.”

    • Apply the May 12 cumulative update immediately if it has not been deployed
    • The fix is included in the standard Windows Server update for all supported versions
    • Isolate domain controllers from direct internet exposure
    • Restrict Netlogon traffic to authenticated internal sources only
    • June 9 is the next Patch Tuesday and the final update window before the June 24-27 Secure Boot certificate expiration window, which adds further urgency to completing the May rollout before that date

     

    Sources
    Tags: , , , ,
  • Windows 11 May 2026 Patch Tuesday Updates Now Available

    Windows 11 May 2026 Patch Tuesday Updates Now Available

    Key Takeaway

    1. The May 2026 Patch Tuesday update for Windows 11 addresses critical security vulnerabilities, including the actively exploited CVE-2026-32202 zero-day, with mandatory deployment for all users.
    2. Xbox mode, a controller-centric gaming dashboard, is now available for all Windows 11 24H2 and 25H2 users, enhancing gaming accessibility.
    3. File Explorer has been improved for stability, faster performance, and expanded archive format support, along with new features like persistent view settings and a “Preview anyway” button.
    4. The update introduces haptic feedback for compatible stylus devices and an AI activity indicator in the Taskbar, along with FAT32 drive support for volumes up to 2TB.
    5. This update accelerates the Secure Boot certificate rollout ahead of the June 26, 2026, expiration, requiring IT administrators to confirm their devices have received the updated certificates to avoid security downgrade.

    Microsoft has just pushed out its May 2026 Patch Tuesday update for Windows 11, which is a big deal coz its got lots of stuff packed into it. The update with the code KB5083631 is now rolling out to every version of Windows 11, whether it’s 24H2 or 25H2, bringing systems up to OS Builds 26100.8328 and 26200.8328 respectively. This update was first available as a sneak peek on April 30 but is now mandatory for everyone. Normally, Microsoft kicks off deploying these updates around 1:00 PM Eastern Time.

    The Importance of the Security Patch

    On the security front, this patch is especially noteworthy coz it hits a very critical point. Today, May 12, is the deadline set by the Cybersecurity and Infrastructure Security Agency (CISA) for federal agencies to apply a fix for CVE-2026-32202, a zero-day vulnerability in Windows Shell that was actively exploited and got covered last month. That patch is included in April’s cumulative update KB5083769. If users haven’t installed April’s update yet, they’ll get it as part of the initial rollout today. Once the update starts rolling out, Microsoft is expected to release a detailed list of all the new security vulnerabilities it addresses from Microsoft’s Security Response Center and other sources.

    New Features and Improvements

    For gamers, there’s a cool new feature called Xbox Mode making its debut today, set for all Windows 11 24H2 and 25H2 users. It essentially gives a full-screen, controller-first gaming dashboard that can be accessed through Settings, then Gaming, then Xbox Mode, or via the effortless Windows + F11 shortcut. Previously, only users who had manually installed the April preview version could access this feature, but now it’s baked into the OS for everyone.

    File Explorer Gets Better

    File Explorer, the staple for managing files, gets a reliability boost, fixing some crashes that used to happen during login and when interacting with the taskbar. Now, preferences for viewing and sorting files like in Downloads and Documents stay saved even after closing and reopening folders. A handy “Preview anyway” button has been added for downloaded files, making things more convenient. Also, support for more archive formats like UU, CPIO, XAR, and NuGet packages is now built-in, so no more need for third-party tools to extract common file types. Another plus is that File Explorer now opens faster than before the update.

    Haptic Feedback and AI Features

    If you own a compatible stylus or pen device, you’ll notice haptic feedback now. Devices like Surface Slim Pen 2, ASUS Pen 3.0, and MSI Pen 2 will give you tactile responses when you perform basic actions such as snapping or resizing app windows, or aligning objects — all manageable through Settings, then Bluetooth and Devices. An AI-powered agent also starts showing up on the Taskbar, initially linked to Microsoft 365 Copilot Researcher. It displays live updates while generating reports and sends a notification once done. Additionally, FAT32 formatting now supports drives up to 2TB, removing the old 32GB limit, and the Drag Tray feature has been renamed to Drop Tray, with its settings moved for easier access in Settings, then System, then Multitasking.

    Important Security and Compatibility Notes

    This update comes at a crucial time coz it’s the last update window before the expiration of Secure Boot certificates, which were issued back in 2011 and used by most Windows devices built between 2012 and 2025. These certificates will expire on June 26, 2026. Devices that haven’t received the updated certificates will enter a degraded security state starting the day after that date. Microsoft has been gradually pushing out the updated certificates since February 2026, and this May update continues that process. IT admins are advised to check their fleets to make sure all devices are running with the latest certificates before June’s Patch Tuesday, otherwise they’ll face login issues or reduced security.

    Known Issue and Final Advice

    There’s one known problem reported: Windows Server 2025 machines with an particular BitLocker group policy may boot into BitLocker recovery mode after installing this update, asking for the recovery key right after restart. Enterprise admins should double-check their BitLocker policy settings prior to deploying these updates. Microsoft says there are no other known issues at the moment, but monitoring feedback is always recommended.

    Sources
    Tags: , , , ,
  • Microsoft April 2026 Patch Tuesday Fixes 167 Vulnerabilities and 2 Zero-Days

    Microsoft April 2026 Patch Tuesday Fixes 167 Vulnerabilities and 2 Zero-Days

    Key Takeaway

    1. The April 2026 Patch Tuesday update addresses over 160 vulnerabilities, including two zero-day flaws, with at least one actively exploited before patches were available.
    2. The update significantly enhances security for Windows 11, introducing protections for Remote Desktop and ongoing hardening measures.
    3. Differences in vulnerability counts reported by security vendors highlight variations in assessment methods, but all agree on the critical nature of the updates.
    4. The update includes reliability improvements and aims to reduce credential theft and phishing exploits related to remote connections.

    Microsoft’s April 2026 Security Patch Release

    Microsoft has rolled out its April 2026 Patch Tuesday update on April 14, 2026, addressing more than 160 security vulnerabilities. Among these, two zero-day flaws were included, with one being actively exploited before patches became available. This update is significant because it showcases Microsoft’s effort in promptly fixing critical security issues that threaten user safety across their supported Windows platforms.

    Details of the Update and Supported Systems

    The monthly update includes cumulative patches for certain supported Windows versions. Windows 11 versions 25H2 and 24H2 got the KB5083769 update, whereas Windows 11 version 23H2 received KB5082052. These updates are designed to install automatically unless the user has paused Windows Update, ensuring that most users receive the essential security fixes without manual intervention.

    Security Researchers’ Perspective and Vulnerability Counts

    Security experts have noted that this April’s release was heavier than usual, with a higher number of fixes affecting core parts of Windows system. Different security firms have reported slightly varying numbers—in total, Microsoft addressed 167 vulnerabilities, including one zero-day actively exploited and another publicly known beforehand. Other vendors like Qualys mention around 163 to 164 issues, with about eight rated as Critical, demonstrating the significant threat landscape these patches aim to mitigate.

    Implications of Zero-Day Vulnerabilities

    Zero-day flaws are particularly urgent because they may already be known by attackers before a fix is released. This can make systems vulnerable in the window between discovery and patch deployment, emphasizing the importance of timely updates to protect sensitive data and infrastructure.

    Additional Features in the Windows 11 Update KB5083769

    The main focus of Windows 11’s April update is KB5083769, which enhances system builds after installation. Alongside the security improvements, Microsoft also added reliability enhancements and security hardening features. Users will notice new protections for Remote Desktop connections, including alerts when opening unfamiliar .rdp configuration files, which is part of Microsoft’s measures to combat credential theft and phishing attacks using remote access tools.

    Supporting Updates for Other Windows Versions

    The update cycle also included security patches for older Windows versions. Windows 11 version 23H2 received KB5082052, and Windows 10 systems got their dedicated cumulative updates. These are considered mandatory by Microsoft, as they are critical for addressing recent vulnerabilities; most systems with automatic updates enabled will automatically get these patches without needing manual action.

    Sources and Further Reading

    • Microsoft Learn
    • Security Affairs
    • Qualys
    Sources
    Tags: , , ,
  • Microsoft March 2026 Patch Tuesday: Fixes for 2 Zero-Day Vulnerabilities

    Microsoft March 2026 Patch Tuesday: Fixes for 2 Zero-Day Vulnerabilities

    Key Takeaways

    1. Microsoft’s March 2026 Patch Tuesday addresses 79 vulnerabilities, including two zero-days and three critical issues.
    2. Updates KB5079473 and KB5078883 for Windows 11 improve security and reliability, while KB5078885 for Windows 10 also combines security fixes with quality improvements.
    3. Security vulnerabilities in Microsoft Office, particularly related to remote code execution, have been patched this month.
    4. The updates enhance features like Secure Boot certificate targeting and File Explorer reliability, with no known issues reported.
    5. Windows 10 users are especially impacted, as this update is crucial following the end of mainstream support on October 14, 2025.

    Microsoft’s Patch Tuesday on March 10, 2026, brings important fixes for a total of 79 vulnerabilities. This includes two zero-days that were made public and three Critical weaknesses. As per BleepingComputer’s summary, the zero-days include CVE-2026-21262 in SQL Server and CVE-2026-26127 in .NET. Additionally, this month’s update also resolves two remote-code-execution issues in Microsoft Office that can be activated through the preview pane.

    Windows Update Details

    On the Windows front, Microsoft has released KB5079473 for Windows 11 versions 25H2 and 24H2, updating those builds to OS Builds 26200.8037 and 26100.8037, respectively. For Windows 11 version 23H2, KB5078883 is now available, bringing it to OS Build 22631.6783. Windows 10’s versions 22H2 and 21H2 have also received KB5078885, which updates them to OS Builds 19045.7058 and 19044.7058.

    Microsoft states that KB5079473 for Windows 11 versions 25H2 and 24H2 contains the latest security fixes along with non-security updates from the previous month’s preview release. The support documentation mentions enhanced Secure Boot certificate targeting, improved reliability in File Explorer search across multiple drives or “This PC,” better handling of COM allowlisting policies in Windows Defender Application Control, and a clearer trust warning in Windows System Image Manager. The company also indicates that no issues have been reported with this update.

    Specifics for Windows 11 and 10

    For Windows 11 version 23H2, KB5078883 addresses security vulnerabilities and includes quality fixes from February. These enhancements feature broader targeting for new Secure Boot certificates, two new PowerShell options related to Secure Boot, improved File History reliability for certain character sets, enhanced GPU stability during shutdowns and heavy graphics tasks, and the same trusted-catalog warning dialog in Windows System Image Manager. According to Microsoft’s support page, they are not aware of any problems associated with KB5078883.

    Similarly, Windows 10’s KB5078885 combines March’s security fixes with some quality improvements. Microsoft emphasizes a trusted-source warning for catalog file selection in Windows System Image Manager, fixes for File History backups concerning specific Chinese and Private Use Area character names, better GPU stability, and broader targeting for devices that can automatically receive new Secure Boot certificates. Microsoft claims there are no known issues with this update as well.

    Focus on Vulnerabilities

    The main focus remains on the vulnerabilities rather than the feature updates. In addition to the two public zero-days, BleepingComputer reveals that Microsoft has also patched two flaws in Office that could be exploited through the preview pane, and an Excel issue that could be used to extract data via Copilot Agent mode. This makes March’s Patch Tuesday more significant than a typical cumulative update, even if Microsoft’s release notes are somewhat sparse in terms of user-facing changes.

    For Windows 10 users, this update comes after the end of mainstream support for Windows 10 on October 14, 2025. Microsoft has stated that PCs can continue to operate, but standard technical support, feature updates, and security updates will not be available outside of the Extended Security Updates path. This is why March’s Windows 10 security package is especially important for systems that are still being maintained under that post-EOS route.

    Source:
    Link

     

    Tags: , ,
  • Windows 11 Update KB5074109: Fixes Battery Drain & 114 Security Issues

    Windows 11 Update KB5074109: Fixes Battery Drain & 114 Security Issues

    Key Takeaways

    1. The January 2026 Patch Tuesday update addressed 114 security issues, including three zero-day vulnerabilities.
    2. Eight vulnerabilities are rated as Critical, with many others rated as Important, focusing on elevation-of-privilege and remote-code-execution vulnerabilities.
    3. Notable zero-day vulnerabilities include an information disclosure issue in Desktop Window Manager, Secure Boot certificate expirations, and removal of outdated Agere Soft Modem drivers.
    4. Windows 11 cumulative updates include KB5074109 and KB5073455, upgrading systems to specific builds while providing quality-of-life improvements.
    5. Microsoft reports no widespread issues post-update, with only a minor cosmetic glitch affecting the password visibility icon.

    A day after Microsoft’s January Patch Tuesday for 2026, things are looking clearer: the recent Windows updates address 114 security issues, which includes three zero-day vulnerabilities. So far, the update process appears to be going smoothly for most users of Windows 11.

    Security Fixes Overview

    The January 2026 Patch Tuesday release deals with 114 CVEs across various products like Windows, Office, SQL Server, Azure components, and more. Among these, eight vulnerabilities are rated as Critical, while many others are listed as Important. A significant portion of the issues involves elevation-of-privilege problems in essential Windows services and drivers, along with numerous remote-code-execution vulnerabilities found in Office and SharePoint.

    Notable Vulnerabilities

    This month, Microsoft has highlighted three zero-day vulnerabilities:

    1. An information disclosure issue in Desktop Window Manager (CVE-2026-20805) that can leak sensitive memory data, which could be combined with other bugs to enhance exploit reliability.

    2. A problem with Secure Boot certificates, where older UEFI certificates are set to expire in mid-2026; the January updates renew these certificates to ensure ongoing secure booting.

    3. Long-standing vulnerabilities in outdated Agere Soft Modem drivers (CVE-2023-31096 and related issues). Microsoft has tackled this by completely removing the affected drivers (agrsm64.sys, agrsm.sys, and others) from supported Windows builds. As a result, hardware still using these old modems will no longer function after the update.

    Update Details

    For Windows 11, the security updates from Patch Tuesday come in the form of cumulative updates: KB5074109 (for 24H2/25H2) and KB5073455 (for 23H2). After installation, systems will upgrade to Build 26200.7623 for 25H2, 26100.7623 for 24H2, and 226×1.6050 for 23H2.

    Apart from security fixes, KB5074109 brings along several quality-of-life improvements for both laptops and desktops.

    As of the day following the release, Microsoft reports no widespread issues associated with the January updates. The only known quirk so far is a cosmetic glitch that can conceal the “show password” eye icon next to password fields on certain systems, which makes it trickier to verify what you’ve entered, although it does not prevent logins.

    Given that one zero-day is already being exploited and Secure Boot certificates are on a countdown to expiry, the risks associated with skipping this patch cycle are likely higher than the risks of installing it—especially for devices that frequently connect to the internet.

    Source:
    Link

     

    Tags: , ,