All news with #patch release tag

🔴 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that a high-severity Apache ActiveMQ flaw, CVE-2026-34197, is being actively exploited in attacks. The bug, present for 13 years, allows authenticated attackers to execute arbitrary code via improper input validation and injection. Apache released patches on March 30 for ActiveMQ Classic 6.2.3 and 5.19.4, and CISA added the CVE to its KEV catalog, ordering federal agencies to patch by April 30.

⚠️ Administrators using Cisco Webex Services with SSO integrated via Control Hub must upload a new identity provider (IdP) SAML certificate to remediate a critical impersonation vulnerability (CVE-2026-20184). Cisco has patched the cloud-side service, but affected customers must perform the configuration change in Control Hub; there are no workarounds. Cisco also released critical fixes for ISE and ISE-PIC addressing remote code execution and path traversal flaws that require patching and credential hygiene.

🔒 Cisco released updates addressing four critical vulnerabilities, including a fixed improper certificate validation bug in Webex Services SSO integration (CVE-2026-20184) that could enable user impersonation via crafted tokens. While Cisco patched the service-side defect, customers using SSO must upload a new SAML certificate for their IdP into Control Hub to avoid service interruptions. The company also fixed three critical ISE flaws that require administrative credentials to exploit.

🛡️ Cisco has released updates to address four critical vulnerabilities across Webex Services and Identity Services Engine (ISE) that could permit arbitrary code execution and user impersonation. A cloud-side SSO certificate validation flaw (CVE-2026-20184, CVSS 9.8) can allow unauthenticated impersonation, while three ISE input validation issues (CVE-2026-20147, CVE-2026-20180, CVE-2026-20186; CVSS 9.9) enable remote command or code execution when an attacker has appropriate credentials. Cisco provides specific patch levels and migration guidance and advises customers to apply updates or upload a new IdP SAML certificate to Control Hub where applicable.

🔐 Microsoft confirmed that some Windows Server 2025 devices may boot into BitLocker recovery after installing the April 2026 security update KB5082063. The issue affects very specific enterprise configurations where a Group Policy or registry setting includes PCR7 in the TPM platform validation profile while System Information reports Secure Boot State PCR7 Binding as 'Not Possible' and the Windows UEFI CA 2023 certificate is present but the 2023-signed Boot Manager is not yet running. Microsoft says the recovery key entry is required only once and has published workarounds: remove the Group Policy before deployment or apply a Known Issue Rollback (KIR) to prevent triggering BitLocker recovery.

🛠️ Microsoft has fixed a known issue that caused systems running Windows Server 2019 and 2022 to unexpectedly upgrade to Windows Server 2025. The problem was first acknowledged in September 2024 after widespread reports from administrators, and Microsoft says it has re-enabled the in-place upgrade offer via the Settings app. Microsoft previously cited third-party update management configuration, while some vendors said the root cause was a procedural error on Microsoft's side.

🔒 Microsoft has added new protections in the April 2026 cumulative updates to help block malicious Remote Desktop (.rdp) files commonly used in phishing campaigns. After the update users see a one-time educational prompt and, on subsequent opens, a security dialog that lists local resource redirections with every option disabled by default. Unsigned files receive a 'Caution: Unknown remote connection' warning and unknown publisher label. Administrators can temporarily disable the dialog via a registry policy but Microsoft advises keeping the protections enabled.

🔒 Microsoft has released the Windows 10 KB5082200 extended security update to address the April 2026 Patch Tuesday fixes, including two zero-day vulnerabilities. After installation, Windows 10 is updated to build 19045.7184 and Windows 10 Enterprise LTSC 2021 to build 19044.7184. The update adds Remote Desktop (.rdp) phishing protections, introduces dynamic Secure Boot status indicators in Windows Security, and fixes BitLocker recovery issues on certain Intel Connected Standby devices. Devices enrolled in ESU or running Enterprise LTSC can install via Windows Update.

🛡️ Microsoft has released cumulative updates KB5083769 (25H2/24H2) and KB5082052 (23H2) for Windows 11 as part of the April 2026 Patch Tuesday. These mandatory updates deliver security fixes, bug repairs, and several feature refinements, including the ability to toggle Smart App Control without a clean install and richer Narrator image descriptions on Copilot-enabled systems. After installation, affected builds update to 26200.8246 / 26100.8246 (25H2/24H2) and 22631.6936 (23H2). Install through Settings > Windows Update or the Microsoft Update Catalog.

🔒 Adobe released an emergency security update to fix a zero-day tracked as CVE-2026-34621, which has been exploited since at least December to bypass Acrobat/Reader sandbox protections. The flaw lets malicious PDFs invoke privileged JavaScript APIs (for example util.readFileIntoStream() and RSS.addFeed()) to read local files and exfiltrate data with no user interaction beyond opening the file. Affected versions of Acrobat DC, Acrobat Reader DC and Acrobat 2024 have fixes available; Adobe urges users to update via Help > Check for Updates or by downloading the installer.

⚠️Researchers from Cyera disclosed a high-severity authorization bypass in Docker Engine (CVE-2026-34040) that allows attackers with Docker API access to evade third-party AuthZ plug-ins and execute privileged commands on hosts. The flaw, rated 8.8 on the CVSS scale, was fixed in Docker Engine 29.3.1 and Docker Desktop 4.66.1. As an interim mitigation, administrators can filter malicious requests by limiting API request size (for example, blocking requests over 512KB) until patches are deployed.

🔔 Amazon RDS for SQL Server now supports the latest Microsoft cumulative updates (CU) and General Distribution Release (GDR) packages for SQL Server 2016 SP3, 2017, 2019, and 2022. The GDRs remediate security issues tracked as CVE-2026-21262 and CVE-2026-26115. AWS recommends upgrading RDS instances via the Management Console, AWS SDK, or CLI to apply these fixes. See the Microsoft KBs and the Amazon RDS SQL Server User Guide for upgrade guidance.

🔧 Microsoft has deployed a server-side fix after a Bing update disrupted Windows 11 23H2 Start Menu search on a small number of devices. The issue, first noted around April 6 and reportedly seen by some users for months, produced blank but clickable search results. Microsoft rolled back the problematic server-side Bing update and says reports of failures are decreasing; the company advises ensuring the device is online and that Web Search has not been disabled by Group Policy.

🛡️ Amazon Aurora PostgreSQL-Compatible Edition now supports PostgreSQL 17.9, 16.13, 15.17, and 14.22, which include community bug fixes and Aurora-specific enhancements. We recommend upgrading to the latest minor versions to address known security vulnerabilities and improve stability. Use automatic minor version upgrades, scheduled maintenance windows, the AWS Organizations Upgrade Rollout Policy, and Aurora's zero-downtime patching to perform phased, low-impact upgrades at scale.

🛡️ Google has patched a fourth zero-day in Chrome this year, addressing CVE-2026-5281 in Dawn, the browser's WebGPU implementation, which allowed remote code execution via a crafted HTML page when the renderer process was compromised. The company confirmed an exploit exists in the wild and urges users to update to Chrome 146.0.7680.178 or newer. This fix follows earlier 2026 patches for CSS memory handling, the Skia graphics library, and the V8 JavaScript engine.

🔒 Apple has widened rollout of iOS 18.7.7 and iPadOS 18.7.7 to more devices, enabling users who remain on iOS 18 to receive critical fixes without upgrading to iOS 26. The broadened distribution, announced on April 1, addresses vulnerabilities exploited by the DarkSword exploit kit in web-based watering‑hole attacks. Devices with automatic updates will be patched automatically; others can update manually. Researchers warn the toolkit has been linked to multiple threat actors and to payloads such as GhostBlade, GhostKnife and GhostSaber, and that a public leak raises the risk of wider abuse.

🔒 Cisco has released patches for a critical Integrated Management Controller (IMC) authentication bypass (CVE-2026-20093) that allows unauthenticated, remote attackers to gain Admin privileges by sending a crafted HTTP password-change request. The flaw affects CIMC on UCS C-Series and E-Series servers and permits altering any account password, including Admin. Cisco's PSIRT reports no known in-the-wild exploitation or public proof-of-concept yet and stresses there are no workarounds, so customers should upgrade to fixed software immediately.

⚠️ Shadowserver reports over 14,000 Internet-exposed BIG-IP APM instances remain vulnerable to CVE-2025-53521 after the flaw was reclassified from DoS to remote code execution. F5 confirmed the reclassification and warned that attackers are exploiting unpatched systems with access policies on virtual servers. F5 and CISA have published IOCs and mitigation guidance, and F5 recommends rebuilding compromised devices from known-good sources.

🔒Apple expanded iOS 18.7.7 and iPadOS 18.7.7 availability on April 1, 2026, to protect a broader range of devices from the web-based exploit kit DarkSword. The release now covers many iPhone models from XR through the 16 series and multiple iPad mini, Air and Pro configurations, including devices capable of running iOS 26 but still on older releases. The backported fixes let users with Automatic Updates receive protections without upgrading to iOS 26; users without auto-update can choose the patched iOS 18 build or move to iOS 26. Apple also began issuing Lock Screen alerts to urge installations of the security patches.

🔒 Apple has expanded availability of iOS 18.7.7 to a broader set of iPhones and iPads to ensure devices remaining on iOS 18 receive protections against the actively exploited DarkSword exploit kit. The update delivers fixes for multiple vulnerabilities first mitigated in 2025 and addresses additional CVEs disclosed through 2026. Users with Automatic Updates enabled on eligible devices will receive these protections automatically. Researchers observed deployment of information-stealing and backdoor malware families including GhostBlade, GhostKnife, and GhostSaber in attacks exploiting these flaws.