“Immediately patch Microsoft Defender (CVE-2026-41091) on all systems with manual updates, then test and deploy Fortinet patches for CVE-2026-39808/39813 before rolling June Patch Tuesday.”
CVE-2026-41091 (RedSun): Microsoft Defender Zero-Day With Public PoC — Patch Now If Auto-Updates Disabled
CVE-2026-41091, dubbed 'RedSun,' is a Microsoft Defender Elevation of Privilege zero-day (CVSS 7.8) originally disclosed April 15, 2026, with a public proof-of-concept published May 13. It was confirmed under active exploitation at June Patch Tuesday and allows an unprivileged attacker to write a crafted file and gain SYSTEM privileges via Defender. Most environments are auto-protected via Defender's self-update mechanism, but MSPs managing isolated or air-gapped environments must manually deploy the June update.
Read more →Microsoft June 2026 Patch Tuesday: 209 Vulnerabilities Patched — 2026 CVE Total Surpasses 500
Microsoft's June 2026 security release patched 209 vulnerabilities across 24 product families including Windows, Office, SQL Server, Dynamics, and Hyper-V, pushing the 2026 total past 500 CVEs. IT admins are warned that compatibility issues may arise in environments with legacy line-of-business applications, given the breadth of security default changes. No single patch management strategy fits all — prioritise based on product exposure in each client environment.
Read more →June 2026 Patch Tuesday: 198 CVEs Patched — One Zero-Day Actively Exploited in the Wild
Microsoft's June 2026 Patch Tuesday addressed 198 CVEs across 24 product families, with CVE-2026-41091, an Elevation of Privilege flaw in Microsoft Defender (CVSS 7.8), confirmed as actively exploited in the wild. Multiple researchers were credited, suggesting exploitation is significant; however, most environments are protected automatically as Defender updates itself — isolated or manually-managed environments must update manually. Three additional CVEs were publicly known before patches were released.
Read more →CVE-2026-45657: CVSS 9.8 Windows Kernel RCE Patched in June Patch Tuesday
CVE-2026-45657 is a critical Windows Kernel remote code execution vulnerability (CVSS 9.8) disclosed June 9, 2026, allowing remote unauthenticated attackers to execute code at SYSTEM level. Microsoft has released an official patch via Patch Tuesday; exploit code maturity is currently listed as unproven, but the severity warrants immediate patching before proof-of-concept code emerges. Admins should apply the June cumulative update and reboot affected systems without delay.
Read more →Seven Critical RCEs Patched in Windows Remote Desktop Client — June 2026
Seven critical remote code execution vulnerabilities affecting the Windows Remote Desktop Client were patched in June 2026, with CVSS scores ranging from 7.5 to 8.8. Successful exploitation requires a victim to connect to an attacker-controlled RDP server, triggering a heap-based buffer overflow. MSPs should ensure June patches are deployed across all managed endpoints, particularly for users connecting to external RDP environments.
Read more →Fortinet FortiSandbox Vulnerabilities CVE-2026-39808 & CVE-2026-39813 Now Actively Exploited
Researchers confirmed active exploitation of two Fortinet FortiSandbox vulnerabilities — CVE-2026-39808 (OS command injection) and CVE-2026-39813 (path traversal) — first observed June 9 and June 15 respectively, with 49 exploitation events from 11 distinct IPs recorded over six days. Attackers are also targeting a third FortiSandbox flaw, CVE-2026-25089, patched June 9. Fortinet patched CVE-2026-39808 and CVE-2026-39813 in April — organisations should verify patch status immediately and isolate exposed FortiSandbox instances.
Read more →ASD's ACSC Annual Cyber Threat Report 2024–25 Released — 84,700 Cybercrime Reports, One Every 6 Minutes
The Australian Signals Directorate's ACSC released its Annual Cyber Threat Report for FY2024–25, recording over 84,700 cybercrime reports — averaging one every six minutes — and responding to over 1,200 cyber security incidents, an 11% year-on-year increase. The ACSC also issued more than 1,700 notifications of potentially malicious cyber activity, an 83% surge from the prior year. Australian MSPs should review the report and brief clients on the elevated threat landscape, particularly around identity fraud and ransomware.
Read more →ACSC: State-Sponsored Actors Remain a Serious and Growing Threat to Australian Critical Infrastructure
The ACSC's FY2024–25 threat report explicitly calls out state-sponsored cyber actors as a serious and growing threat to Australian national resilience, with critical infrastructure sectors identified as primary targets. The report notes that most incidents trace back to misconfigurations, poor identity hygiene, and improper deployments rather than sophisticated exploits. Australian MSPs serving clients in healthcare, utilities, or logistics should ensure Essential Eight controls are current and identity hygiene policies are enforced.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.