“Ask your team this question: 'What's one repetitive thing you do every day that you'd hand to AI tomorrow if you could?' The list will tell you exactly where to start.”
Microsoft May 2026 Security Advisory: Critical Updates for Azure AI Foundry, Azure Logic Apps, M365 Copilot & More
Canada's Cyber Centre (mirroring Microsoft's May 12, 2026 advisory) lists critical updates across Azure AI Foundry, Azure Cloud Shell, Azure Connected Machine Agent, Azure DevOps, Azure Logic Apps, Azure Machine Learning, M365 Copilot for Desktop, and Copilot Chat in Edge, among others. MSPs managing hybrid or Azure-based environments should cross-reference the full advisory against deployed services and prioritise patching of AI/Copilot components given their elevated access to organisational data.
Read more →Azure DevOps CVE-2026-42826 — CVSS 10.0 Info Disclosure Silently Patched by Microsoft
A critical (CVSS 10.0) information disclosure vulnerability in Azure DevOps, CVE-2026-42826, was patched by Microsoft directly in cloud infrastructure as part of May 2026 Patch Tuesday — no customer action required. The flaw allowed unauthenticated remote attackers to disclose sensitive information over the network. MSPs running self-hosted Azure DevOps Server should verify whether an on-premises patch is also required.
Read more →Microsoft SSO Plugin for Jira & Confluence EoP CVE-2026-41103 (CVSS 9.1) — Exploitation 'More Likely'
CVE-2026-41103, patched in May 2026 Patch Tuesday, is a critical elevation-of-privilege flaw in the Microsoft SSO Plugin for Atlassian Jira and Confluence caused by an incorrect authentication algorithm implementation. An unauthenticated attacker can forge credentials to bypass Entra ID and impersonate any user, gaining access to or modifying data in Jira/Confluence. MSPs supporting self-hosted Atlassian environments using this plugin should apply the updated plugin version immediately — Microsoft's exploitability assessment rates this as 'More Likely' within 30 days.
Read more →Microsoft Office RCE Bugs Exploitable via Preview Pane — 6 Word/Excel CVEs in May Patch Tuesday
Six remote code execution vulnerabilities in Microsoft Office products (including CVE-2026-40361 and CVE-2026-40364) can be triggered simply by previewing a malicious file in the Preview Pane — no user clicks required. Two of the six are assessed as 'Exploitation More Likely' within 30 days of release. MSPs should prioritise Microsoft Office updates across all managed endpoints this week, and consider blocking external file previews as a temporary control.
Read more →SonicWall SMA1000 Series: High-Severity SQL Injection CVE-2026-4112 and Three Additional Flaws Patched
SonicWall released patches for four vulnerabilities in SMA1000 series firewalls, led by CVE-2026-4112, a SQL injection bug that allows a read-only administrator to escalate to primary admin rights. Three additional flaws enable remote enumeration of SSL VPN user credentials and TOTP authentication bypass. SonicWall reports no confirmed exploitation, but urges immediate updates given the sensitive nature of the affected appliances; MSPs should update all SMA1000 deployments and consult psirt.sonicwall.com for version guidance.
Read more →Fortinet Releases Critical Patches for FortiSandbox and FortiAuthenticator in May 2026
Fortinet released security updates in May 2026 addressing two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator products. MSPs running these products in customer environments should consult the FortiGuard PSIRT advisories and apply patches without delay. No confirmed exploitation has been reported at time of writing, but Fortinet edge devices remain a high-value target for ransomware operators.
Read more →AI Governance Now a Core MSP Leadership Competency — MIT Data Shows 95% of Company-Wide AI Launches Failed in 2025
A May 2026 analysis from DeskDay highlights that MIT found 95% of company-wide AI launches in 2025 failed to deliver intended results, with S&P Global reporting 42% of businesses scrapped AI projects entirely (up from 17% in 2024). The primary failure reasons were poor data governance, unclear ownership, and no framework for measuring success. MSP leaders who can build and enforce AI governance frameworks — defining where AI can act autonomously and maintaining audit trails — are positioned as the trusted advisors clients need as AI deployments scale.
Read more →MSP Success Publishes 21-Tool AI Stack for MSPs — n8n Cuts Level-1 Tickets by 70% in Real Deployment
A May 2026 MSP Success roundup highlights practical AI tools, including n8n ($24/mo) where one MSP reported eliminating 70% of level-1 tickets through custom automations, and Hatz ($50–$199/mo) offering pre-built MSP-specific agent workflows. The guide frames AI tooling as a 'toolbox' requiring 10–15 tools rather than a single platform, with most costing ~$20/month each. MSPs should audit current L1 ticket categories before selecting automation tools to identify highest-ROI workflows.
Read more →CRN Australia Channel Chiefs: Top 2026 Challenges Include AI Monetisation Gap and Margin Pressure from Cloud Commoditisation
CRN Australia's inaugural Channel Chiefs report identifies the top challenges for Australian partners in 2026 as bridging the AI implementation gap (moving clients from pilots to production ROI), margin pressure from cloud commoditisation and automation, cybersecurity and regulatory compliance intensification, and acute skills shortages in engineering and data science. Channel chiefs also flag procurement shifting to hyperscaler marketplaces (AWS Marketplace) as a structural challenge to traditional MSP revenue models. MSPs are urged to differentiate through vertical specialisation and outcome-led service definitions.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.