“Scan your entire client base for unpatched Windows servers vulnerable to CVE-2026-47291 HTTP.sys RCE and prioritize remediation for all internet-facing systems before end of business tomorrow.”
SQL Server 2016 Enters Paid Extended Security Updates Phase from 14 July 2026
SQL Server 2016 exits standard extended support on 14 July 2026 and moves into the pay-to-play Extended Security Updates (ESU) phase, meaning organisations will need to pay Microsoft for ongoing patches or migrate. MSPs should urgently identify any client environments still running SQL Server 2016 and either plan ESU procurement or accelerate migration to SQL Server 2022 or Azure SQL. No workaround — this is a lifecycle deadline.
Read more →CVE-2026-47291: Critical HTTP.sys RCE (CVSS 9.8) Patched — Unauthenticated Remote Code Execution on Windows Servers
A critical integer overflow in HTTP.sys (CVE-2026-47291) allows unauthenticated remote attackers to execute arbitrary code with no user interaction, rated CVSS 9.8 and flagged by Microsoft as 'Exploitation More Likely'. Systems using the default MaxRequestBytes registry value of 16,384 bytes are not affected; as a pre-patch workaround, administrators can restrict MaxRequestBytes to no higher than 65,534 bytes. Patch immediately via June 2026 cumulative updates; a PowerShell script for the registry workaround is included in Microsoft's bulletin.
Read more →Windows BitLocker Bypasses Patched: Three CVEs Including 'YellowKey' and 'Bitskrieg'
June Patch Tuesday addressed three separate BitLocker Security Feature Bypass vulnerabilities (CVE-2026-45585 'YellowKey', CVE-2026-50507 'Bitskrieg', CVE-2026-45658), all linked to the prolific 'Nightmare Eclipse' researcher who published full or near-complete proof-of-concept code. All three were publicly disclosed before patches shipped and are rated 'Exploitation More Likely'; physical device access is required for exploitation. Apply June cumulative updates immediately on all managed endpoints — no standalone workaround exists short of restricting physical access.
Read more →SonicWall SMA1000 Patched: SQL Injection CVE-2026-4112 Allows Privilege Escalation to Admin
SonicWall released patches for four vulnerabilities in its SMA1000 series secure remote access appliances, including a high-severity SQL injection flaw (CVE-2026-4112) that allows an attacker with read-only admin access to elevate to full primary admin rights. The remaining three bugs enable credential enumeration for SSL VPN users and TOTP authentication bypass. SonicWall reports no confirmed in-the-wild exploitation but urges immediate firmware updates across all SMA1000 appliances.
Read more →CRN Global AI Week: Real-World MSP Productivity Gains from AI Triage and Workflow Automation
CRN Australia's Global AI Week (June 15–19, 2026) showcased 12 real-world AI use cases from MSPs worldwide, highlighting measurable gains in service desk triage, onboarding automation, and shadow AI detection. Australian MSP Digital61 described building secure AI adoption frameworks for government clients covering data classification, access controls, and acceptable use policies. One US MSP reported a 233% increase in email open rates after using AI to rewrite campaigns for specific industry verticals.
Read more →ACSC Essential Eight Compliance Remains Critical Differentiator for Australian MSPs in 2026
As Australian regulatory frameworks tighten, industry sources highlight that MSPs failing to offer documented Essential Eight implementation risk losing clients in regulated sectors including healthcare, finance, and government. Frameworks covering incident response, third-party risk, and disaster recovery are described as non-optional, not extras. MSPs should ensure their service catalogue includes scoped, priced Essential Eight assessments and remediation pathways to meet client compliance obligations.
Read more →CRN Channel Awards Australia 2026: Shortlist Announced, MSP Categories Split by Headcount
CRN Australia has announced the shortlist for the 2026 Channel Awards, with MSP of the Year and Service Provider of the Year categories split into headcount-based sub-categories due to record application volumes. The awards honour MSPs, Solution Providers, and MSSPs, with a Lifetime Achievement Award to be announced on the night. This is a key benchmarking and visibility opportunity for Australian MSPs in FY2026.
Read more →CRN Women of the Channel Australia 2026 List Closes Today — Winners Published July 22
The CRN Australia Women of the Channel 2026 list closes for entries today, Friday June 26, 2026, with winners to be published on July 22, 2026. The list recognises women across MSPs, vendor partner programs, and sales leadership roles in the Australian IT channel. MSPs wishing to nominate team members should submit entries before end of business today.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.