“On your next ticket, before you act on what the user told you, get one piece of direct evidence. A screenshot, a screen share, the actual error. Verify before you troubleshoot.”
Microsoft Exchange Server CVE-2026-42897 Actively Exploited — Emergency Mitigation Service Auto-Applied
Microsoft has confirmed active exploitation of CVE-2026-42897, a critical (CVSS 8.1) cross-site scripting spoofing vulnerability in Exchange Server's Outlook Web Access. No patch is available yet — a fix is expected in June Patch Tuesday (June 10). Workaround: Microsoft's Exchange Emergency Mitigation Service (EEMS) provides automatic mitigation by default — verify it is enabled on all Exchange servers immediately.
Read more →Azure Service Degradation Reported by Users on June 5, 2026
Users reported Microsoft Azure service issues on June 5, 2026, with a surge in Downdetector reports beginning around 3:35 PM Eastern Time. MSPs should monitor the Azure Service Health dashboard and Microsoft 365 Admin Center for ongoing status updates. Workaround: check connectivity.office.com/status and configure out-of-band alerting via SMS or third-party monitoring tools.
Read more →Microsoft SharePoint RCE Flaw CVE-2026-45659 Patched Across Server Versions
Microsoft has patched a remote code execution vulnerability tracked as CVE-2026-45659 affecting multiple SharePoint Server versions. The patch was included in the June 2026 security update cycle. MSPs managing on-premises SharePoint deployments should apply the cumulative update immediately.
Read more →Android CVE-2025-48595 Added to CISA KEV — Limited Targeted Exploitation Confirmed
Google's June 2026 Android Security Bulletin flags CVE-2025-48595, a high-severity Android Framework elevation-of-privilege flaw, as already used in limited targeted attacks. The vulnerability affects Android 14, 15, 16, and 16 QPR2. Workaround: install the June 2026 Android security patch (patch level 2026-06-01 or 2026-06-05) as soon as the device manufacturer provides it, and remove any sideloaded APKs or unknown device administrators.
Read more →Cisco Catalyst SD-WAN Manager CVE-2026-20245 Zero-Day Exploited — No Patch at Disclosure
Cisco disclosed CVE-2026-20245 on June 5, 2026, a command injection vulnerability in the Catalyst SD-WAN Manager CLI, with Cisco PSIRT confirming exploitation in June 2026 as reported by Mandiant. Successful exploitation allows root-level command execution and was observed pushing malicious configuration changes to downstream edge devices. Workaround: no patch or workaround was available at disclosure — Cisco advises collecting admin-tech data before any upgrade, hardening management-plane access, and engaging TAC for recovery if compromise is suspected.
Read more →Fortinet FortiOS Missing Authentication Vulnerability Patched — FortiOS 7.6.x and 7.4.x Affected
Fortinet's PSIRT has published an advisory for a missing authentication for critical function vulnerability (CWE-306) in FortiOS and FortiSwitchManager, affecting FortiOS 7.6.3 and earlier and 7.4.8 and earlier. The flaw could allow unauthenticated access to critical management functions. MSPs should consult the Fortinet Upgrade Path Tool and apply the latest supported firmware; restrict management-plane access to trusted IPs as an interim workaround.
Read more →SonicWall SMA1000 Series — High-Severity SQL Injection CVE-2026-4112 Patched, Three Additional VPN Flaws Fixed
SonicWall has released patches for four vulnerabilities in the SMA1000 series, headlined by CVE-2026-4112, a high-severity SQL injection flaw that allows a read-only admin to escalate to full administrator. Three additional bugs can expose SSL VPN user credentials or bypass TOTP authentication. SonicWall reports no evidence of in-the-wild exploitation but urges immediate patching; upgrade to the fixed firmware version via psirt.sonicwall.com.
Read more →Barracuda Global MSP Day 2026 — Free Virtual Event on Responsible AI, June 10
Barracuda is hosting Global MSP Day 2026, a free virtual event on June 10, 2026, with sessions across Americas, Europe, and Asia Pacific covering responsible AI adoption, cybersecurity risk communication, and platform consolidation. The event targets MSP owners, vCIOs, and security leaders looking for practical guidance on embedding AI into service delivery without losing accountability. Register at barracuda.com.
Read more →Dicker Data Joins Microsoft Frontier Distributor Program — AU Channel Impact
Dicker Data has joined an elite group of Microsoft Frontier distributors, positioning the Australian distributor to offer partners earlier access to Microsoft's latest AI and cloud innovations. This move is expected to benefit Australian MSPs seeking faster access to Copilot, Azure AI, and other frontier Microsoft products through their existing Dicker Data relationship. Partners should contact their Dicker Data account manager to understand updated program benefits.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.