All news with #patch release tag

🛠️ Microsoft released an out-of-band update, KB5086672, to replace the broken March preview KB5079391 and address installation failures that produced Error 0x80073712 on Windows 11 24H2 and 25H2 systems. The cumulative OOB update supersedes prior March protections and improvements and may be offered automatically to devices with "Get the latest updates" enabled. If that setting is off, install via Settings > Windows Update > Download & install.

🛡️ Microsoft released the KB5079391 preview cumulative update for Windows 11 24H2 and 25H2, delivering 29 non-security changes and optional fixes. The update lets administrators and users toggle Smart App Control on or off without reinstalling the OS via Settings > Windows Security > App & Browser Control. It also introduces display reliability enhancements, including support for monitors reporting refresh rates above 1000 Hz, native USB4 monitor connections, and improved HDR behavior. Installers can apply the preview via Windows Update or the Microsoft Update Catalog; installation is optional unless automatic preview updates are enabled.

🔒 TP-Link released firmware updates for its Archer NX200, NX210, NX500, and NX600 routers to fix multiple vulnerabilities, including a critical authentication bypass that can permit unauthenticated firmware uploads via certain HTTP CGI endpoints. The vendor additionally removed a hardcoded cryptographic key and patched two command injection flaws that require administrative access. TP-Link warned customers to install the latest firmware immediately to block potential attacks. Failure to update may leave devices susceptible to takeover or configuration manipulation.

🔒 CISA has directed all federal civilian agencies to urgently patch a critical remote code execution vulnerability in Cisco Secure Firewall Management Center (FMC) — tracked as CVE-2026-20131 with a CVSS score of 10. Cisco released a fix on 4 March after reports that the Interlock ransomware group had been exploiting the flaw as a zero day. Agencies were given just three days after KEV listing to patch or discontinue use due to active ransomware campaigns.

🔒 CISA ordered U.S. federal agencies to patch three iOS vulnerabilities exploited by the DarkSword exploit kit, imposing a two-week deadline under BOD 22-01. Apple has released fixes and the flaws now only affect iPhones running iOS 18.4 through 18.7. Researchers linked DarkSword to multiple threat groups and to data-stealing malware families including GhostBlade, GhostKnife, and GhostSaber.

🔧 Microsoft released an out-of-band update, KB5085516, to fix a sign-in failure that prevented Microsoft account authentication in multiple apps after the March cumulative update KB5079473. Affected apps included Microsoft Edge, Teams, OneDrive, Microsoft 365 Copilot and Office apps, which reported the device was not connected to the Internet. The optional fix is available for Windows 11 25H2 and 24H2 via Windows Update or the Microsoft Update Catalog, and Microsoft recommends installing the latest updates.

🔒 Oracle has released fixes for a critical pre-authentication remote code execution flaw, CVE-2026-21992, affecting Oracle Identity Manager and Oracle Web Services Manager. The issue carries a CVSS score of 9.8 and is described by NVD as "easily exploitable" over HTTP by unauthenticated attackers. Oracle says the flaw can enable full takeover of vulnerable instances and urges customers to apply updates immediately.

⚠️ CISA has added five actively exploited vulnerabilities affecting Apple, Craft CMS, and Laravel Livewire to its Known Exploited Vulnerabilities (KEV) catalog and ordered federal agencies to patch them by April 3, 2026. The flaws include high‑severity memory corruption bugs in Apple WebKit and kernel components and critical code injection issues in Craft and Laravel that were fixed in 2025. Security researchers have observed exploitation linked to the DarkSword iOS exploit kit and campaigns attributed to MuddyWater.

🛠️ Microsoft says the March Windows 11 cumulative update KB5079473 causes Microsoft account sign-in failures across multiple apps, including Teams, OneDrive, Edge, Excel, Word and Microsoft 365 Copilot. Affected apps display an erroneous message indicating the device is offline even when connected. Microsoft recommends restarting affected devices while they remain online as a temporary workaround while it works on a fix. Business sign-ins using Entra ID are not impacted.

⚠️ Schneider Electric disclosed a CWE-404 Improper Resource Shutdown or Release vulnerability (CVE-2025-13901) affecting Modicon M241, M251, and M262 controllers that can cause a partial denial-of-service of the Machine Expert protocol when an unauthenticated actor sends a crafted payload. The issue is rated CVSS v3.1 5.3 (Medium). Vendor firmware updates (M241/M251: 5.4.13.12; M262: 5.4.10.12) are available. Until updates are applied, isolate controllers, restrict network access, and use encrypted remote connections.

⚠️Schneider Electric has disclosed a vulnerability in EcoStruxure Automation Expert (CVE-2026-2273), a CWE-94 code injection flaw that can execute arbitrary commands on an engineering workstation when an authenticated user opens a malicious project file. The issue affects versions prior to v25.0.1 and carries a CVSS v3.1 base score of 8.2 (High). Schneider fixed the vulnerability in v25.0.1; administrators should apply the vendor update promptly or implement recommended mitigations — including restrictive file permissions, storing project files in user home directories, and verifying file authenticity — to reduce the risk of workstation and broader system compromise.

⚠️ Schneider Electric disclosed a deserialization-of-untrusted-data vulnerability affecting EcoStruxure Power Monitoring Expert (PME) and the Advanced Reporting and Dashboards module for EcoStruxure Power Operation (EPO). A locally authenticated attacker can supply crafted data to trigger unsafe deserialization and achieve arbitrary code execution with administrative privileges. Schneider has released hotfixes and recommends upgrading to PME 2024 R3; contact Customer Care to obtain fixes. Hotfixes for supported branches report no reboot required.

⚠️ A high-severity vulnerability tracked as CVE-2026-3888 affects default Ubuntu Desktop installations starting with 24.04, allowing an unprivileged local attacker to escalate to root by abusing the interaction between snap-confine and systemd-tmpfiles. The exploit relies on a timing window (roughly 10–30 days) in which systemd-tmpfiles removes stale /tmp entries, enabling an attacker to recreate sandbox directories with malicious payloads that are later bind-mounted as root. Ubuntu and upstream snapd have released patches; administrators should upgrade snapd and follow vendor guidance to mitigate exposure.

🔒 Apple has issued Background Security Improvements to address CVE-2026-20643, a cross-origin flaw in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content. Apple fixed the issue by improving input validation and shipped patches in iOS 26.3.1 (a), iPadOS 26.3.1 (a), macOS 26.3.1 (a), and macOS 26.3.2 (a). Researcher Thomas Espach is credited with the report. Users should keep Automatically Install enabled in Settings > Privacy and Security to receive these lightweight fixes promptly.

🔒 Apple has pushed its first Background Security Improvements release to patch a WebKit vulnerability tracked as CVE-2026-20643 on iPhone, iPad, and Mac without requiring a full OS upgrade. The flaw is a cross-origin issue in the Navigation API that could allow malicious web content to bypass the browser's Same Origin Policy, and Apple says it fixed the bug with improved input validation. Credited to researcher Thomas Espach, the update is available on iOS 26.3.1, iPadOS 26.3.1, and macOS 26.3.1/26.3.2; Apple warns that uninstalling Background Security Improvements removes all prior background patches and reverts the device to the baseline OS.

🔧 Microsoft and Samsung published recovery guidance to resolve C:\ drive access failures and permission issues impacting some Samsung laptops running Windows 11 (24H2 and 25H2). A joint investigation traced the root cause to the Samsung Galaxy Connect app (also distributed as Samsung Continuity Service), which altered drive permissions. Microsoft briefly removed the app from the Microsoft Store while Samsung released an updated version. The recovery requires signing in as Administrator, uninstalling the app, and running a 29‑step repair routine that restores default Windows permissions via a provided .bat file; the process can take up to 15 minutes and should return C:\ ownership to TrustedInstaller.

🔧 Microsoft released an out-of-band hotpatch (KB5084897) to address a Bluetooth device visibility problem impacting hotpatch-enabled Windows 11 Enterprise systems. Connected Bluetooth peripherals may not appear in Settings or Quick Settings, and users might be unable to add new devices because available devices are not listed. The update targets Windows 11 25H2 and 24H2, installs automatically on eligible Enterprise clients, and requires no restart.

⚠️ CISA has added a medium-severity information-disclosure bug, CVE-2025-47813, affecting Wing FTP to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaw can leak the application's installation path when a long value is supplied in the UID session cookie and impacts versions up to 7.4.3. Vendor fixes were released in May with Wing FTP 7.4.4, which also addresses a separate critical RCE (CVE-2025-47812). Federal agencies are advised to apply updates by March 30, 2026.

⚠️ CISA warned federal agencies to secure Wing FTP Server instances after adding CVE-2025-47813 to its catalog of actively exploited vulnerabilities. The flaw allows low-privileged actors to trigger error messages that expose the full local installation path and can be chained with an already-exploited RCE (CVE-2025-47812). The vendor released fixes in Wing FTP Server v7.4.4 in May 2025; organizations should apply updates or vendor mitigations immediately.

🔧 Microsoft released an out-of-band hotpatch (KB5084597) for Windows 11 to address remote code execution flaws in the Routing and Remote Access Service (RRAS) management tool. The update patches CVE-2026-25172, CVE-2026-25173, and CVE-2026-26111 and aligns with fixes shipped in the March 2026 Patch Tuesday release. The hotpatch performs in-memory patching so eligible Enterprise devices enrolled in the hotpatch program via Windows Autopatch receive cumulative fixes without a restart. It applies to Windows 11 25H2, 24H2, and Enterprise LTSC 2024 systems used for remote server management.