“Actually take your weekend. No quick checks, no logging in just to see. Trust the team, switch off, and come back sharper.”
SQL Server 2016 Enters Paid Extended Security Updates After July 14, 2026 — Action Required
SQL Server 2016 moves out of regular Extended Support into the pay-to-play Extended Security Updates (ESU) phase after July 14, 2026, meaning organisations without an ESU subscription will stop receiving security patches. MSPs should audit client SQL Server 2016 instances now and plan either ESU enrolment, upgrade to SQL Server 2019/2022, or migration to Azure SQL to avoid unpatched database servers from mid-July.
Read more →CVE-2026-45657: CVSS 9.8 Windows Kernel RCE — Potentially Wormable, Patch Now
Disclosed on June 9, CVE-2026-45657 is a use-after-free in the Windows Kernel TCP/IP stack allowing a remote, unauthenticated attacker to execute code at SYSTEM level with no user interaction — described by researchers as potentially wormable. Affects Windows 11 (23H2 through 26H1) and Windows Server 2022/2025; MSPs should prioritise externally exposed servers first, then internal servers, then endpoint rings without waiting for a full 30-day rollout cycle.
Read more →CVE-2026-47291: CVSS 9.8 HTTP.sys RCE — Unauthenticated, No User Interaction Required
CVE-2026-47291 is a critical HTTP.sys Remote Code Execution vulnerability rated CVSS 9.8, allowing unauthenticated remote attackers to execute code with no user interaction via a specially crafted packet. Systems using the default MaxRequestBytes registry value of 16,384 bytes (16 KB) are NOT affected — as an immediate pre-patch workaround, admins should confirm this registry value is set no higher than 65,534 bytes, then deploy the June Patch Tuesday update.
Read more →SonicWall SMA1000 Patched: SQL Injection CVE-2026-4112 Plus VPN Credential Enumeration Flaws
SonicWall has released patches for four vulnerabilities in the SMA1000 series, including high-severity SQL injection flaw CVE-2026-4112 which can escalate a read-only admin to primary admin rights, plus flaws allowing SSL VPN credential enumeration and TOTP authentication bypass. SonicWall reports no confirmed exploitation as of patch release but urges immediate updates given the sensitive nature of VPN gateway compromise; MSPs should update SMA1000 firmware promptly.
Read more →CVE-2026-44815: CVSS 9.8 Windows DHCP Client RCE — Rogue Server Attack Vector
CVE-2026-44815 is a critical stack-based buffer overflow in the Windows DHCP Client Service (CVSS 9.8) exploitable by a rogue DHCP server on the same network segment — no user interaction required. As a pre-patch mitigation, admins should audit and restrict applications calling the DhcpGetOriginalSubnetMask API; the June Patch Tuesday update includes the fix and should be deployed with urgency, particularly for environments with untrusted LAN segments.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.