“This weekend, write down one project or skill you've been putting off. Then schedule 30 minutes for it next week. Not five hours — 30 minutes. That's the threshold for 'started.'”
April 2026 Patch Tuesday Caused Domain Controller Reboot Loop — Out-of-Band Fix Was Required
Microsoft's April 2026 Patch Tuesday updates triggered a domain controller reboot loop on multi-domain forests running Privileged Access Management (PAM), forcing Microsoft to ship emergency out-of-band cumulative updates on 19 April for all supported Windows Server SKUs. MSPs who deferred the April updates should apply the out-of-band fixes before deploying May patches to avoid compounding issues. Verify KB articles for each Windows Server SKU via the Windows Update Catalog before scheduling maintenance windows.
Read more →Ivanti EPMM Zero-Day Exploited in the Wild — CISA KEV Updated May 2026
CISA added Ivanti Endpoint Manager Mobile (EPMM) CVE-2026-6973, a high-severity RCE, to its Known Exploited Vulnerabilities catalog after confirmed exploitation in zero-day attacks in May 2026. Ivanti released patches in its May Security Advisory. MSPs managing mobile device platforms via EPMM should apply the patch immediately and review logs for signs of compromise.
Read more →May 2026 Patch Tuesday: 120–138 CVEs Patched, Zero Zero-Days — But Several Near-CVSS-10 Bugs Demand Urgent Action
Microsoft's May 2026 Patch Tuesday is the first since June 2024 with no actively exploited or publicly disclosed zero-days, but includes 16–30 Critical-severity CVEs. Standouts include CVE-2026-41089 (CVSS 9.8, Windows Netlogon pre-auth RCE on domain controllers), CVE-2026-41096 (CVSS 9.8, Windows DNS Client heap overflow — affects every Windows host), and CVE-2026-42826 (CVSS 10.0, Azure DevOps info disclosure — already cloud-remediated by Microsoft). Apply patches immediately, prioritising domain controllers; block unauthenticated DC network access as a temporary workaround for CVE-2026-41089.
Read more →SonicWall SMA1000 SQL Injection and VPN Credential Exposure Flaws Patched (CVE-2026-4112 and Others)
SonicWall patched four vulnerabilities in its SMA1000 series firewalls, including CVE-2026-4112, a high-severity SQL injection bug that could allow an attacker with read-only admin privileges to escalate to full primary admin rights. Three additional flaws could allow remote attackers to enumerate SSL VPN user credentials or bypass TOTP authentication. SonicWall reports no evidence of in-the-wild exploitation but urges immediate update of SMA1000 appliances; disable SSLVPN on unpatched units if patching is not immediately possible.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.