“Pick one book, and it doesn't have to be technical, and read ten pages tonight. Leadership, communication, history, anything. The habit matters more than the title.”
Exchange Online Incident EX1331830: Multi-Continental Email Outage Impacted AU/APAC (Resolved)
Exchange Online incident EX1331830, which began June 2, 2026, blocked or significantly delayed email delivery across North America, Asia-Pacific, and Europe — one of the most geographically extensive Exchange Online failures of 2026. Microsoft traced the issue to connection limit overruns in Exchange's resource forest layer. The incident has since been resolved; MSPs should audit mail queues and chase any undelivered messages for affected tenants.
Read more →June 2026 Patch Tuesday Hits Windows Server 2022 Azure Edition: Reboot Required Due to BitLocker Fix
The June 2026 security update ships as a baseline (non-hotpatch) update for Windows Server 2022 Datacenter: Azure Edition because CVE-2026-45585 (YellowKey BitLocker bypass) requires a full reboot rather than a live hotpatch. MSPs managing Azure Edition VMs must plan maintenance windows accordingly — auto-update rings will trigger unexpected reboots if not controlled.
Read more →June 2026 Patch Tuesday: Record 208 CVEs — CVE-2026-41091 (Defender EoP) Actively Exploited in the Wild
Microsoft's June 2026 Patch Tuesday is the largest ever, addressing 208 CVEs (571 including third-party components). CVE-2026-41091, a Microsoft Defender Elevation of Privilege flaw (CVSS 7.8), is confirmed under active exploitation by multiple parties — though Defender auto-updates itself, so isolated or manually managed environments must push the latest version immediately. Three additional zero-days (BitLocker bypasses YellowKey/Bitskrieg and CTFMON EoP GreenPlasma) were publicly known before patches dropped; researcher Nightmare Eclipse has threatened a further 'bone shattering' drop on June 14.
Read more →CVE-2026-45657: CVSS 9.8 Windows Kernel RCE — Wormable, Patch Immediately
Disclosed on June 9, 2026, this critical use-after-free vulnerability in the Windows Kernel allows a remote, unauthenticated attacker to execute code at SYSTEM level via specially crafted TCP/IP traffic — with no user interaction required. It affects Windows 11 (23H2 through 26H1) and Windows Server 2022/2025. Microsoft rates exploitation as 'Less Likely' but security researchers are already reverse-engineering the patch; prioritise externally exposed servers first, then internal servers, then endpoints.
Read more →CVE-2026-47291: CVSS 9.8 HTTP.sys RCE — Workaround Available via Registry Before Patching
This critical integer-overflow RCE in the Windows HTTP Protocol Stack (http.sys) allows unauthenticated remote code execution with no user interaction. Microsoft rates it 'Exploitation More Likely.' Systems using the default MaxRequestBytes registry value are NOT affected — a PowerShell mitigation script is included in the bulletin for those needing protection while testing the patch.
Read more →Veeam Backup & Replication RCE: CVE-2026-44963 Lets Authenticated Domain Users Execute Remote Code
The Hacker News reports Veeam has patched CVE-2026-44963, an RCE vulnerability in Backup & Replication version 12 builds that allows authenticated domain users to attack backup servers remotely. Given that Veeam environments often hold privileged access to client backup data, this should be treated as a high-priority patch for MSPs managing backup infrastructure. Upgrade to the fixed build immediately.
Read more →Fortinet FortiOS: Missing Authentication Vulnerability Patched in FortiOS 7.6.x and FortiSwitchManager
Fortinet's PSIRT has published an advisory for a missing authentication for critical function vulnerability (CWE-306) affecting FortiOS 7.6.3 through 7.6.0, 7.4.8, and FortiSwitchManager. Exploitation could allow unauthenticated access to critical functions. MSPs managing Fortinet perimeter devices should review the FortiGuard advisory and upgrade to a fixed firmware version immediately.
Read more →ConnectWise Launches AI-Native 'Predictive IT' Platform — GA End of June 2026
ConnectWise announced its AI-native platform targeting MSPs on June 8, pitching 'Phase 2' copilot and workflow automation to reduce routine support work. The company's own modelling projects a 45% cut in ticket handling time, 30–40% reduction in ticket volume, and 5–12 margin points for a representative $3M ARR MSP. General availability is set for end of June; MSPs should evaluate integration points with existing RMM/PSA stacks.
Read more →Microsoft Signs Cyber MOU with Australian Federal Government — Cloud, AI, Critical Infrastructure Focus
Microsoft and the Australian federal government this week signed an MOU committing to strategic cooperation on secure cloud infrastructure, cybersecurity, AI, and critical infrastructure protection, signed by Cyber Minister Tony Burke and Microsoft's Lisa Monaco. The agreement establishes an ongoing framework for joint threat landscape monitoring and builds on Microsoft's April pledge of $25 billion in Australian infrastructure investment. Australian MSPs delivering Microsoft-stack services can expect continued government alignment with Microsoft sovereign cloud capabilities.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.