“Next ticket that's already been worked, read the full history before you do anything. Assume the person before you was competent until the evidence says otherwise.”
Microsoft June 2026 Patch Tuesday: 200 Flaws Fixed Including 3 Zero-Days and BitLocker Bypass
Microsoft's June 2026 Patch Tuesday addresses 200 vulnerabilities including 33 Critical flaws (28 of which are RCE), and three publicly disclosed zero-days — CVE-2026-50507 (Windows BitLocker bypass, aka 'YellowKey'), CVE-2026-45586 (Windows CTFMON Elevation of Privilege to SYSTEM), and CVE-2026-49160 (HTTP.sys HTTP/2 Bomb DoS). None of the three zero-days are confirmed exploited in the wild yet, but Microsoft rates CVE-2026-50507 and CVE-2026-45586 as 'Exploitation More Likely'. MSPs should prioritise deploying June patches immediately, particularly for internet-facing Windows Server and RDS environments.
Read more →Microsoft Defender Zero-Day CVE-2026-41091 (RedSun) Patched in June Patch Tuesday
CVE-2026-41091, tracked as 'RedSun', is an elevation-of-privilege flaw in Microsoft Defender (CVSS 7.8) that was publicly disclosed in April 2026 and had a PoC published on May 13. Successful exploitation allows an unprivileged attacker to write to a privileged location and gain SYSTEM-level access. The June Patch Tuesday release contains the fix; Microsoft Defender dynamic protection updates were also pushed on May 19 as an interim control.
Read more →Linux Kernel CVE-2026-23111 Exploit Code Published — Active Targeting of Unpatched Servers
On June 8, 2026, Exodus Intelligence published a working exploit for CVE-2026-23111, a use-after-free flaw in the Linux nf_tables subsystem that grants unprivileged users full root access and enables container breakout. The upstream patch was available since February 2026 but many enterprise and cloud servers remain unpatched; within hours of publication, exploit code began circulating in underground forums. MSPs managing Linux servers or containerised workloads should verify kernel patch levels immediately — update to a patched kernel version from your distro (Red Hat, Debian, Ubuntu all issued patches in early February).
Read more →SAP June 2026 Patch Day: Four Critical CVEs Including CVSS 9.9 NetWeaver SAML Flaw
SAP's June 9 Security Patch Day delivered 15 security notes including CVE-2026-44748 (CVSS 9.9), an XML Signature Wrapping vulnerability in SAP NetWeaver AS ABAP SAML authentication that allows privilege escalation and acceptance of tampered identity tokens. A second critical flaw, CVE-2026-27671 (CVSS 9.8), is an unauthenticated memory corruption bug in the ABAP kernel exploitable via crafted RFC requests. MSPs supporting SAP environments should apply patches via the SAP Support Portal immediately.
Read more →Cisco Catalyst SD-WAN Manager Zero-Day CVE-2026-20245 Actively Exploited — No Patch Available
A privilege escalation zero-day (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager is being actively exploited in the wild with no patch currently available from Cisco. Attackers require netadmin-level credentials to exploit the flaw, elevating to full device control. MSPs with Cisco SD-WAN deployments should immediately review netadmin account exposure, enforce MFA, and monitor Cisco's PSIRT page for patch availability.
Read more →Fortinet PSIRT: Missing Authentication Flaw in FortiOS and FortiSwitchManager — Update Now
Fortinet's PSIRT has published an advisory for a missing authentication for critical function vulnerability (CWE-306) affecting FortiOS 7.6.x and FortiSwitchManager. Combined with a heap-based buffer overflow in FortiAnalyzer Cloud and FortiManager Cloud (versions 7.6.2–7.6.4), this represents a significant attack surface for MSPs managing Fortinet infrastructure. Affected versions should be upgraded per Fortinet's Upgrade Path Tool; restrict management plane access as an interim mitigation.
Read more →First Focus Acquires One HQ — Australian MSP Consolidation Continues
CRN Australia reports that First Focus has completed the acquisition of One HQ, continuing the trend of M&A consolidation in the Australian MSP market in 2026. The deal signals ongoing appetite for scale among mid-market Australian MSPs seeking to broaden geographic reach and service capability. MSPs considering M&A as a growth or exit strategy should monitor deal flow in the local market closely.
Read more →N-able Names Neil Morarji as APAC RVP — Vendor Leadership Signal for AU MSP Partners
N-able has appointed Neil Morarji as its new Regional Vice President for Asia Pacific, a leadership change with direct implications for Australian MSP partners using N-able's N-sight RMM and other platforms. The appointment signals N-able's continued investment in the APAC channel as MSP demand for AI-driven RMM and security tooling accelerates. Australian MSPs with N-able partnerships should engage their account teams to understand any strategic or go-to-market changes under the new leadership.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.