Monday, June 1, 2026

Microsoft 365 Teams and Exchange Routing Outage — June 2026

A routing configuration error within Microsoft's infrastructure caused a multi-hour global outage affecting Teams, Exchange Online, SharePoint, and OneDrive, impacting thousands of organisations including in the Asia-Pacific region. Microsoft confirmed no malicious activity was involved and restored services via a routing fix, but the incident is the fifth significant Microsoft cloud disruption in six months. Workaround: MSPs should ensure clients have a secondary communication channel (e.g. phone trees, Signal groups) and offline copies of critical contact lists ready for future incidents.

Microsoft Defender Zero-Days CVE-2026-41091 & CVE-2026-45498 Actively Exploited — CISA KEV Deadline 3 June 2026

Microsoft confirmed active exploitation of two Defender vulnerabilities: CVE-2026-41091 (CVSS 7.8, privilege escalation to SYSTEM via improper link resolution) and CVE-2026-45498 (CVSS 4.0, denial-of-service). CISA added both to the Known Exploited Vulnerabilities catalog with a Federal remediation deadline of 3 June 2026; Huntress has also observed in-the-wild exploitation of both, alongside a related flaw CVE-2026-33825. Both are patched in Microsoft Defender Antimalware Platform versions 1.1.26040.8 and 4.18.26040.7 — updates deploy automatically via Windows Update if Defender definitions are enabled.

Adobe Acrobat CVE-2026-34621 Actively Exploited — Urgent Update for PDF-Heavy Environments

Adobe patched multiple vulnerabilities in Acrobat Reader in May 2026, with CVE-2026-34621 confirmed as actively exploited in the wild — particularly dangerous for organisations where PDF files are routinely opened from external or untrusted sources. MSPs should push Acrobat Reader updates via RMM without delay. Workaround where patching is not immediately possible: disable JavaScript execution in Acrobat's security preferences and restrict opening PDFs from external sources.

Critical Windows Secure Boot Certificate Expiry Deadline — 26 June 2026

Microsoft's May 2026 Patch Tuesday (118 CVEs, 16 critical) flagged a hard deadline of 26 June 2026 for Secure Boot certificate renewal across all supported Windows devices. Organisations must coordinate OEM firmware updates alongside Windows Update to ensure full certificate coverage before the deadline; failure to act will result in long-term security degradation. Begin deployment immediately, verify certificate status across the entire infrastructure, and complete OEM firmware updates before the end of June.

SonicWall SMA1000 Patched for SQL Injection (CVE-2026-4112) and VPN Credential Enumeration Bugs

SonicWall released patches for four vulnerabilities in SMA1000 series firewalls, including CVE-2026-4112, a high-severity SQL injection flaw that could allow an attacker with read-only admin credentials to escalate to full primary admin rights. Three additional issues could allow remote attackers to enumerate SSL VPN user credentials or bypass TOTP authentication. SonicWall reports no known active exploitation but urges immediate updates — no viable workaround other than patching.

Atera AI Autopilot Resolves Up to 40% of Routine Tickets Without Human Intervention

Atera's IT Autopilot autonomous AI agent is now resolving up to 40% of routine helpdesk tasks without human intervention, with its AI Copilot providing real-time context-aware suggestions for technicians. The unified RMM, PSA, and ticketing platform positions itself as a consolidation play for MSPs, though the full AI Copilot add-on costs an additional $95 per technician per month. MSPs considering adoption should factor the full per-technician cost ($244–314/tech/month) into pricing models before committing.

CompTIA 2026 MSP Benchmark: 68% of MSPs Have Adopted AI Automation — 27% Plan Full Integration Within 12 Months

CompTIA's 2026 MSP Benchmark Study found that 68% of MSPs have adopted at least one AI automation tool, with 27% planning full integration within the next 12 months. AI-powered PSA triage (HaloPSA Copilot, Atera AI, Syncro AI) has reduced average ticket resolution times by 35% across adopting MSPs. MSPs saving 10–15 hours per technician per month on admin tasks are using AI billing automation integrations such as QuickBooks and Zapier AI.

Australia & UK Deepen AI Risk Governance Ties — Regulatory Coordination Underway

CRN Australia reported in 2026 that Australia and the UK are deepening bilateral ties specifically to address AI risk, signalling upcoming regulatory alignment that may affect how Australian MSPs advise clients on AI governance and compliance obligations. Australian channel leaders are being urged to develop AI governance frameworks before deploying AI into client environments or internal operations. MSPs should proactively review the Australian Government's 2023–2030 Cyber Security Strategy and monitor ASD/ACSC guidance for any Essential 8 updates linked to AI system controls.

AUCloud Launches ACSC Essential 8-Aligned Managed Security Packages for Australian MSPs

AUCloud launched a suite of MSP-targeted managed security services designed to help customers meet ACSC Essential 8 compliance obligations, including a premium SOC tier with vulnerability scanning, phishing simulations, and Essential 8 Assessment & Report. The offerings are positioned against the Australian Government's 2023–2030 Cyber Security Strategy objective of raising security awareness across businesses and individuals. Australian MSPs should review whether their current service catalogue covers Essential 8 reporting, given increasing client demand and likely regulatory tightening.

Australian Channel Partners Face Procurement Shift to Hyperscaler Marketplaces in 2026

Australian Channel Chiefs confirmed that enterprise procurement is accelerating its move to hyperscaler marketplaces such as AWS Marketplace, with multi-product solution bundles and agentic AI-powered discovery replacing traditional direct purchasing. This shift threatens traditional reseller margin and requires partners to build services and architecture expertise rather than rely on transactional licensing revenue. MSPs should assess which vendor solutions are available via marketplace and explore co-sell agreements to remain in customer buying flows.