Wednesday, June 17, 2026

Microsoft Teams Hit by Azure AD Glitch on June 16 — Outage Confirmed by Downdetector

On June 16, 2026, Microsoft Teams experienced a service disruption linked to a hidden Azure Active Directory dependency failure, with Downdetector confirming a spike in user reports during the morning window. Microsoft had not officially acknowledged the incident via @MSFT365Status as of 9:15 AM, creating uncertainty for IT admins monitoring the admin centre. Workaround: subscribe to Azure status notifications at status.azure.com, which often precedes Teams advisories by several hours; also maintain a backup comms channel such as emergency email DLs.

CVE-2026-41089: Actively Exploited Netlogon RCE (CVSS 9.8) — Unpatched Orgs Under Active Attack

CVE-2026-41089, a stack-based buffer overflow in Netlogon rated CVSS 9.8, was patched in May 2026 but remains under active exploitation against any organisation that has not yet applied the May cumulative update. Organisations still running pre-May patch levels are facing live attacks right now. Workaround: Apply the May or June cumulative Windows update immediately; there is no supported non-patch mitigation.

WARNING: CVE-2026-45657 — Windows Kernel RCE (CVSS 9.8) Patched in June Patch Tuesday

CVE-2026-45657 is a confirmed critical Windows Kernel remote code execution vulnerability with a CVSS base score of 9.8, disclosed June 9, 2026, allowing remote unauthenticated attackers to execute code at SYSTEM level. While exploit code maturity is currently listed as unproven, the temporal score of 8.5 still reflects significant risk and patches should be prioritised immediately. Apply the June 2026 cumulative Windows update and reboot affected systems.

INFO: CVE-2026-50507 (YellowKey / bitskrieg) — BitLocker Bypass Zero-Day Finally Patched

Microsoft's June 2026 Patch Tuesday includes a fix for CVE-2026-50507, the 'YellowKey/bitskrieg' BitLocker security feature bypass that was publicly disclosed with proof-of-concept code before a patch was available. The vulnerability required physical access to a device, allowing exploitation via a USB drive or EFI partition to gain unrestricted access to BitLocker-protected drives via the Windows Recovery Environment. Apply the June cumulative update; devices with physical access controls are at lower risk pending patching.

INFO: HTTP/2 Bomb (CVE-2026-49975) Unpatched by Microsoft — IIS Servers at DoS Risk

A denial-of-service vulnerability dubbed 'HTTP/2 Bomb' (CVE-2026-49975) became public approximately a week before June 17 and Microsoft has not yet directly addressed it, leaving the default HTTP/2 configuration of IIS and multiple other web server platforms exposed. Microsoft warns that exploitation leads to uncontrolled resource consumption over a network and assesses exploitation as more likely. Workaround: disable HTTP/2 on exposed IIS instances or apply network-layer rate limiting until a patch is available.

Cisco ASA and Secure Firewall Management Centre RCE Vulnerabilities Disclosed

Cisco disclosed vulnerabilities in both ASA Software (SSH subsystem RCE as root by authenticated remote attackers) and Secure Firewall Management Centre (web UI RCE as root via insufficient HTTP input validation). Both flaws allow privilege escalation to full system control. Workaround: Restrict SSH and web management access to trusted IP ranges and apply Cisco's security patches immediately.

INFO: Check Point Expands MSP Platform with AI Security Capabilities and Workforce AI Security Module

On June 16, 2026, Check Point announced an expansion of its MSP platform including new AI Security capabilities, multi-tenant management, Management Control Plane access, and a new Workforce AI Security module. The update also adds expanded Professional Services Automation integrations, aimed at helping MSPs support enterprise customers adopting AI tools without adding stack complexity. This positions Check Point as a direct competitor to fragmented multi-tool MSP security stacks.