Wednesday, June 3, 2026

Microsoft Copilot & M365 Broad Outage — Power Incident Cascades Into AI Infrastructure (1 June 2026)

Microsoft Copilot suffered severe slowness and outages on 1 June 2026, tracing back to a thunderstorm-triggered power failure at an Azure datacenter that crippled GPU inference clusters. Azure Machine Learning, Azure AI Search, and the M365 suite all showed 'severe degradation', with GitHub Copilot also affected for some users. Workaround: Maintain fallback workflows for AI-dependent processes; check the M365 Admin Center for SLA credit eligibility if uptime dropped below 99.9%.

Microsoft Copilot Hit by 5-Hour Global Outage on 1 June 2026

Microsoft Copilot went down for approximately five hours beginning around 10:30 AM ET on 1 June 2026, disrupting users across Windows, Microsoft 365, Edge, and Visual Studio. Early indicators point to an authentication token validation service timing out, effectively locking users out of Copilot sessions globally. Workaround: switch to alternative AI tools (e.g., ChatGPT, Claude) for the duration of any outage; monitor the Microsoft 365 Admin Centre Service Health dashboard for real-time status.

Microsoft 365 Copilot App Load Timeouts — Global Users Locked Out for Several Hours (1 June 2026)

M365 Copilot users across North America and Europe experienced app load failures and request timeouts starting ~08:00 UTC on 1 June 2026, peaking before noon. Microsoft confirmed 'app load and timeout errors' via the Admin Center and X, with a full post-incident review expected by 3 June. Workaround: Advise users to perform critical AI-dependent tasks via manual processes and monitor the M365 Service Health dashboard for restoration updates.

Windows Netlogon RCE CVE-2026-41089 Now Actively Exploited — Domain Controllers at Risk

The Centre for Cybersecurity Belgium confirmed on 1 June 2026 that CVE-2026-41089 — a CVSS 9.8 stack-based buffer overflow in Windows Netlogon — is being actively exploited in the wild, enabling unauthenticated remote code execution on domain controllers. Microsoft patched the flaw in the May 2026 Patch Tuesday release and experts warn that half-patched Active Directory forests are indefensible. Workaround: patch all domain controllers in a single maintenance window; restrict Netlogon traffic at the network layer and monitor for unexpected Netlogon service crashes.

Cisco Catalyst SD-WAN Auth Bypass CVE-2026-20182 — CISA Issues Emergency Directive ED-26-03

CISA issued Emergency Directive ED-26-03 after CVE-2026-20182 was confirmed exploited in the wild — an authentication bypass in Cisco Catalyst SD-WAN Controller and Manager that allows an unauthenticated remote attacker to gain administrative privileges. Federal agencies face a mandatory remediation deadline and all organisations with Cisco SD-WAN deployments should treat this as urgent. Workaround: follow CISA's hunt and hardening guidance at cisa.gov/ed-26-03; restrict management-plane access to trusted IP ranges as an interim measure.

Palo Alto PAN-OS CVE-2026-0257 Authentication Bypass Added to CISA KEV

CISA has added CVE-2026-0257 to its Known Exploited Vulnerabilities catalog — a PAN-OS authentication bypass that allows attackers to bypass security restrictions and establish unauthorised VPN connections. All organisations running unpatched PAN-OS are at risk of covert network access via GlobalProtect VPN. Workaround: apply the Palo Alto patch detailed at security.paloaltonetworks.com/CVE-2026-0257; if immediate patching is not possible, restrict GlobalProtect external access and enable Threat Prevention signatures.

Fortinet FortiOS & FortiSwitchManager Missing Auth Flaw Disclosed — Update Available

Fortinet's PSIRT has disclosed a missing authentication for critical function vulnerability (CWE-306) affecting FortiOS 7.6.x and FortiSwitchManager, which could allow an unauthenticated attacker to perform privileged operations. A heap-based buffer overflow in FortiAnalyzer Cloud's FTPD daemon affecting versions 7.6.2–7.6.4 was also disclosed, with potential for remote code execution. Workaround: upgrade to the patched FortiOS/FortiSwitchManager version per Fortinet's upgrade path tool; restrict management access to trusted networks immediately.

SonicWall SMA1000 Series: SQL Injection & VPN Credential Enumeration Bugs Patched (CVE-2026-4112)

SonicWall released patches for four vulnerabilities in SMA1000 series firewalls, including CVE-2026-4112, a high-severity SQL injection flaw that can allow a read-only admin account to escalate to primary admin rights. Three additional bugs enable SSL VPN credential enumeration and TOTP bypass. Workaround: Update SMA1000 firmware immediately via the SonicWall PSIRT hub (psirt.sonicwall.com); no exploitation in the wild confirmed yet, but edge device flaws are typically weaponised quickly after disclosure.

Metrocom / GalaPower Goes Into Liquidation — AU Channel Business Failure

CRN Australia reported in late May/early June 2026 that Metrocom, owner of GalaPower, has entered liquidation — a notable channel business failure in the Australian IT market. Partners and clients of the affected entity should assess continuity risk for any services or supply agreements in place. MSPs with GalaPower relationships should seek alternative vendor or distribution arrangements urgently.

CRN Australia: May 2026 Channel Movements — Key Personnel & Vendor Shifts in AU IT

CRN Australia's May 2026 round-up tracks significant personnel movements across the Australian IT channel, including activity at Crayon (Ben Brown, Mason Brown), and the liquidation of Metrocom/GalaPower, signalling ongoing consolidation in the local MSP and reseller market. Extreme Networks is also being highlighted for leveraging channel partners in enterprise deal pursuit, creating potential new teaming opportunities for MSPs with networking capability. Australian MSPs should review the full round-up to identify competitive threats and partnership opportunities from vendor realignment.