“Ask yourself honestly — if an attacker got into one client machine right now, how far could they move? If you don't know the answer, that's your project this week.”
Microsoft Fabric Global Outage — Network Front End Inaccessible Worldwide for 6–8 Hours
On 18 May 2026, Microsoft Fabric suffered a global outage where the network front end was completely inaccessible worldwide, caused by an unexpected traffic surge; the service backend itself largely stayed up. The outage lasted approximately six to eight hours, and customers were left without a post-incident root-cause report for over a week. Microsoft has since published a PIR accessible to high-privilege O365 accounts; MSPs should note that regional capacity spreading would not have helped given the global network endpoint failure.
Read more →Microsoft Store / M365 Disruption Reported by Users on 1 June 2026
User reports of Microsoft Store and Microsoft 365 access issues began surfacing around 3:57 AM ET on 1 June 2026, with a spike visible on DownDetector. Microsoft's official status trackers showed M365 apps as operational by mid-morning UTC, suggesting a transient or partial incident. MSPs should advise clients to clear browser cache or switch browsers if issues persist, and monitor the M365 Admin Health dashboard for any official acknowledgement.
Read more →Windows Netlogon RCE CVE-2026-41089 Now Actively Exploited — CVSS 9.8 Domain Controller Risk
The critical Windows Netlogon remote code execution vulnerability CVE-2026-41089 (CVSS 9.8) is now under active exploitation in the wild, significantly raising risk for unpatched environments. A remote, unauthenticated attacker can send a crafted network request to a domain controller to trigger a stack-based buffer overflow and execute arbitrary code. This was patched in the May 2026 Patch Tuesday; MSPs should prioritise applying the cumulative update to all domain controllers immediately.
Read more →SonicWall SMA1000 Series: High-Severity SQL Injection and VPN Credential Enumeration Flaws Patched
SonicWall has released patches for four vulnerabilities in the SMA1000 series firewalls, including CVE-2026-4112 (high-severity SQL injection) that could allow an attacker with read-only admin rights to escalate to primary administrator. Three additional issues allow remote credential enumeration of SSL VPN users and TOTP authentication bypass. No active exploitation confirmed yet, but SonicWall urges immediate firmware updates given the high-value attack surface of SSL VPN appliances.
Read more →State-Sponsored Actors Continue to Target Australian Critical Infrastructure — ACSC Threat Context
The ACSC has consistently flagged escalating state-sponsored cyber activity targeting Australian critical infrastructure sectors including telecommunications, energy, and transportation, with cybercrime reports rising sharply year-on-year. The Five Eyes alliance and Microsoft have jointly attributed threat activity to state-linked groups, with techniques applicable across Australian critical industries. AU MSPs servicing critical infrastructure or government clients should review ACSC advisories on cyber.gov.au and ensure incident response plans reference the ACSC's reporting and support pathways.
Read more →CRN Australia Women of the Channel Asia 2026 Event Open for Registration
CRN Australia has opened registrations for Women of the Channel Asia 2026, its flagship diversity and leadership event for IT channel professionals across the Asia-Pacific region. The event aims to connect women in the channel with industry leaders and celebrate achievements across the sector. Australian MSPs with staff interested in channel leadership and networking should register via the CRN Australia website.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.