All news with #patch release tag

🔒 Schneider Electric has identified a CWE-312 vulnerability in EcoStruxure Machine Expert HVAC, a programming tool for Modicon M171-M172 controllers, that can expose sensitive information including protected source code. Version 1.10.0 includes a vendor-provided fix and users are urged to update. The advisory also reiterates standard ICS security best practices to isolate control networks and limit exposure.

🔧 Microsoft is launching the Driver Quality Initiative to raise the bar for Windows 11 drivers, emphasizing security, stability, and performance across media, display, camera, audio, connectivity, and peripherals. The initiative centers on four pillars: moving drivers from kernel to user mode or Microsoft class drivers; stricter partner verification and automated checks; improved Windows Update catalog hygiene; and expanded telemetry on stability, performance, battery and thermal impact. Microsoft says it will work closely with OEMs and silicon partners including AMD and Intel, and the changes will be phased in across 2026 as WinHEC resumes. The company frames this as a partnership to restore trust in Windows quality after recent criticism.

⚠️ A cross-site scripting vulnerability (CWE-79, CVSS v3 5.3) affects multiple Kieback & Peter DDC Building Controllers and can enable execution of arbitrary JavaScript in a victim's browser, potentially allowing attacker control of web sessions. Affected models include end-of-maintenance units (DDC4002, DDC4100, DDC4200, DDC4200-L, DDC4400) and e-series controllers (DDC520, DDC4002e, DDC4200e, DDC4400e, DDC4020e, DDC4040e). The vendor advises isolating legacy devices, restricting and disabling web access where possible, and updating e-series firmware to the specified versions (e.g., DDC520 -> 1.24.2; DDC4002e/DDC4200e/DDC4400e/DDC4020e/DDC4040e -> 1.23.5) while implementing defense-in-depth controls.

🔒 ABB published updates addressing a path traversal vulnerability (CWE-22, CVSS v3 7.1) affecting CoreSense HM and CoreSense M10. The flaw allowed unauthenticated local users to access restricted directories and could lead to full system compromise and sensitive data exposure. ABB fixed the issue in CoreSense HM v2.3.4 and CoreSense M10 v1.4.1.31 and recommends applying the update promptly. CISA republished the vendor advisory and advises network isolation, strict input validation, and restricting local host access to authorized users.

📷 An undocumented configuration export port on certain ZKTeco CCTV camera models permits unauthenticated access to sensitive device information. The exposed data can include running services and camera account credentials, creating a risk of information disclosure and unauthorized access. ZKTeco released a firmware update V5.0.1.2.20260421 to remediate the issue and urges immediate upgrading. CISA recommends minimizing network exposure, using firewalls and segmentation, and restricting Internet access to control devices.

⚠️ The Drupal Security Team announced a planned core security release for all supported branches on May 20, 2026, from 5–9 p.m. UTC. Administrators are urged to reserve that window because exploits may emerge within hours or days, and to update to the latest patch for their branch in advance. Patches are expected for 11.3.x, 11.2.x, 10.6.x and 10.5.x, with mitigation guidance and instructions for end-of-life releases included.

🔒 Ivanti, Fortinet, SAP, VMware, n8n and dozens of other vendors have released security updates addressing multiple high- and critical-severity flaws that enable authentication bypass, information disclosure, local privilege escalation, and remote code execution. Highlights include a critical Ivanti Xtraction file-name control flaw (CVE-2026-8043), Fortinet authentication and sandbox execution bugs, SAP SQL injection and missing-auth issues, and a TOCTOU local privilege escalation in VMware Fusion. Administrators should prioritize applying the vendor-recommended patches immediately.

⚠️ Microsoft confirmed that the May 2026 Windows 11 cumulative update KB5089549 can fail to install and roll back on systems with limited free space on the EFI System Partition (ESP). Installation may proceed to about 35–36% before aborting with 0x800f0922 errors and the rollback message. Logs show SpaceCheck: Insufficient free space and servicing boot file errors. Microsoft advises using Known Issue Rollback or applying a Group Policy in managed environments to mitigate.

🔒 Amazon RDS for PostgreSQL now offers Extended Support minor versions 11.22-rds.20260224, 12.22-rds.20260224, and 13.23-rds.20260224. We recommend upgrading to these releases to address known security vulnerabilities and bug fixes present in prior PostgreSQL versions. Use automatic minor version upgrades during scheduled maintenance windows and the AWS Organizations Upgrade Rollout Policy to stage upgrades across accounts. Consider Blue/Green deployments with physical replication to minimize downtime when applying minor version updates.

🔒 Fragnesia (CVE-2026-46300) is a local Linux kernel privilege escalation that exploits the XFRM ESP-in-TCP subsystem to obtain a memory write primitive, enabling in-memory modification of security-sensitive files while bypassing standard filesystem permissions. A public PoC exists, but remote exploitation is not possible; an attacker needs local access and control of socket operations. Vendors including Red Hat and Ubuntu are issuing patches and workarounds, and administrators should update kernels, consider disabling esp4/esp6 or avoiding kernels built with CONFIG_INET_ESPINTCP, and increase monitoring until systems are patched.

🔒 Cisco has released fixes for a maximum-severity authentication bypass in Cisco Catalyst SD-WAN Controller (CVE-2026-20182) that it says has been exploited in limited attacks. The flaw allows a remote unauthenticated attacker to become an authenticated peer and obtain administrative privileges by abusing the peering authentication mechanism. Affected deployments include On-Prem, Cisco SD-WAN Cloud-Pro, Cisco SD-WAN Cloud (Cisco Managed), and Cisco SD-WAN for Government (FedRAMP); Cisco urges immediate patching and recommends auditing /var/log/auth.log for suspicious peering or publickey entries.

📢 Amazon RDS for PostgreSQL now supports minor versions 18.4, 17.10, 16.14, 15.18, and 14.23. We recommend upgrading to these latest minor versions to remediate known security vulnerabilities and benefit from community bug fixes and improvements. This release also adds postgis_topology support in PostGIS 3.6.3 for PostgreSQL 18 to model and query topological relationships. Use automatic minor upgrades, AWS Organizations Upgrade Rollout Policy, or RDS Blue/Green deployments to orchestrate large-scale, low-downtime upgrades.

🔒 Fortinet released Patch Tuesday updates addressing two critical remote code execution vulnerabilities: FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both rated 9.1. The flaws permit unauthenticated attackers to execute arbitrary commands; Fortinet advises upgrading FortiAuthenticator to 6.5.7/6.6.9/8.0.3 and FortiSandbox to 4.4.9 or 5.0.2. Both issues were found internally and have not yet been observed exploited in the wild, but Fortinet RCEs have been weaponized previously. Administrators should prioritize immediate patching and monitor credentials and logs.

⚠️ A critical user-after-free flaw in Exim (CVE-2026-45185) affects GnuTLS builds prior to 4.99.3 and can be triggered during TLS shutdown while processing BDAT chunked SMTP. The vulnerability allows an unauthenticated remote attacker to achieve arbitrary code execution and access mail data. OpenSSL-based builds are not affected. Administrators should apply Exim v4.99.3 updates immediately via their package managers.

🔧 Microsoft released a cumulative update addressing a BitLocker recovery issue that caused some systems to prompt for recovery keys after installing the April 2026 security updates. The KB5089549 patch fixes the problem on Windows 11 25H2 by correcting boot-file update behavior tied to certain TPM validation and invalid PCR7 settings. Administrators are advised to remove the Configure TPM platform validation profile for native UEFI firmware configurations Group Policy before broad deployment and to confirm BitLocker bindings use the PCR7 profile.

🔒 Microsoft released patches for 138 vulnerabilities across its product portfolio, including 30 Critical and 104 Important flaws, with none currently listed as publicly known or under active attack. The update spans privilege escalation, remote code execution, information disclosure, and spoofing issues, and includes a recently patched AMD CPU isolation flaw (CVE-2025-54518). Notable high-risk fixes include CVE-2026-41096 (Windows DNS heap overflow) and several Critical issues in Azure, Dynamics 365, Hyper-V, and Office. Administrators are urged to prioritize updates, rotate Secure Boot certificates before the June 26, 2026 deadline, and follow mitigation guidance such as reducing internet exposure and enforcing MFA.

🛡️Microsoft released the KB5087544 extended security update for Windows 10 to address the May 2026 Patch Tuesday fixes and correct rendering issues with the new Remote Desktop warnings. Enterprise LTSC and systems enrolled in the ESU program can obtain the update via Settings → Windows Update and checking for updates. After installation Windows 10 moves to build 19045.7291 and LTSC 2021 to 19044.7291. The update also includes 120 security fixes, Secure Boot improvements, a DST update for Egypt, and a known BitLocker prompt issue with a recommended temporary workaround.

🔒 Fortinet issued security updates to address two critical remote code execution flaws affecting FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). The FortiAuthenticator issue was fixed in versions 6.5.7, 6.6.9 and 8.0.3, while FortiSandbox and its cloud/PaaS WEB UI received patches for a missing authorization weakness. Fortinet noted the cloud IDaaS service is not impacted and there are no reports of active exploitation.

🔒 Microsoft released Windows 11 cumulative updates KB5089549 (25H2/24H2) and KB5087420 (23H2) as the May 2026 Patch Tuesday rollout. The mandatory updates address 120 security vulnerabilities, deliver bug fixes, and introduce features such as desktop Xbox mode, expanded File Explorer archive support, haptic input signals, and Drop Tray. They also improve Windows Hello, taskbar reliability, printing, and add an optional registry control to harden batch-file processing. Install via Settings > Windows Update or the Microsoft Update Catalog.

🔒 Exim has issued emergency updates to fix CVE-2026-45185, dubbed Dead.Letter, a critical use-after-free in BDAT message body parsing that manifests when TLS is handled via GnuTLS. The flaw is triggered when a client sends a TLS close_notify during an active BDAT transfer and then follows up with a final cleartext byte on the same TCP connection, which can corrupt heap metadata and enable code execution. It affects Exim 4.97 through 4.99.2 built with USE_GNUTLS=yes and is fixed in 4.99.3; there are no mitigations, so administrators should apply the update immediately.