“Inventory every SonicWall SMA1000 you manage today and verify whether it's patched for CVE-2026-4112 — assume it's not until proven otherwise.”
Microsoft 365 Lighthouse Access Issues Reported by Partner Tenants
Multiple partner-submitted reports indicate Microsoft 365 Lighthouse is hanging on its loading screen or returning permission errors stating users 'must be an indirect reseller or direct bill partner.' These errors are appearing despite correct CSP tier credentials, suggesting a backend role-validation or provisioning issue. No official Microsoft advisory has been published; affected MSPs should re-check partner centre indirect reseller status and raise a support ticket with Microsoft.
Read more →SonicWall SMA1000 Patched: SQL Injection CVE-2026-4112 Allows Admin Privilege Escalation
SonicWall released patches for four vulnerabilities in SMA1000 series firewalls, including high-severity SQL injection CVE-2026-4112 which can allow attackers with read-only admin privileges to gain full primary admin rights. Three additional flaws allow remote enumeration of SSL VPN user credentials or bypass of TOTP authentication. SonicWall reports no known in-the-wild exploitation but urges immediate update of all SMA1000 appliances.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.