Security News
Concise but actionable advisories on relevant Microsoft, Windows and Active Directory topics: concrete impact, risks and next steps without alarmism.
The June 2026 security updates address a critical remote code execution issue in Active Directory Domain Services. Windows Server 2022 and 2025 domain controllers are in scope; teams should verify patch level, completed reboots, and DC reachability.
CVE-2026-48579 affects information disclosure in Exchange Online. Microsoft rates the issue highly and has mitigated it in the service; tenant teams should still verify audit logs, permissions and unusual mailbox activity.
CVE-2026-42897 affects Outlook Web Access on on-premises Exchange servers and is being exploited. Verify that Exchange Emergency Mitigation Service rule M2.1.x is active and that OWA is not used through Internet Explorer mode.
CVE-2026-41091 and CVE-2026-45498 affect Microsoft Defender and are being exploited. Explicitly verify Malware Protection Engine and Antimalware Platform versions, especially on servers, VDI, DMZ and isolated Windows systems.
From June 2026 onward, older Secure Boot certificates start expiring. Without coordinated firmware/DBX updates you may see boot failures and BitLocker recovery events. Recommendation: inventory, pilot ring, verify recovery keys, define rollback.
May 2026 security updates address a critical remote code execution issue in Windows Netlogon. Priority: patch domain controllers and admin systems, restrict network paths to DCs, and tighten monitoring for auth/Netlogon anomalies.
Since the April 2026 Windows updates, RC4 is no longer treated as an implicit Kerberos default fallback when accounts have no explicit encryption type configuration. Inventory, AES readiness for service accounts, and a controlled cutover before the July phase now matter.
Microsoft describes a known issue where certain domain controllers in PAM environments can repeatedly restart after April updates because LSASS fails during startup. Out-of-band updates are available.
