“Prioritize Defender EoP patching across your entire Windows fleet today—it's kernel-level and actively exploited; parallel-track Chrome updates and SonicWall assessment.”
Microsoft Defender EoP CVE-2026-41091 Actively Exploited in the Wild — Patch or Update Now
CVE-2026-41091 is a Microsoft Defender elevation-of-privilege vulnerability confirmed as actively exploited, patched in the June 2026 Patch Tuesday cycle. An unprivileged attacker can exploit it by writing a specially crafted file to a privileged location, causing Defender to write it back with SYSTEM privileges. For most managed endpoints Defender updates automatically, but MSPs should verify auto-update is functioning and manually update any isolated or managed AV environments immediately.
Read more →Chrome V8 Zero-Day CVE-2026-11645 Exploited in the Wild — Update to 149.0.7827.103
Google has confirmed active exploitation of CVE-2026-11645, an out-of-bounds memory access vulnerability (CVSS 8.8) in the Chrome V8 JavaScript engine that allows remote attackers to execute arbitrary code inside a sandbox via a crafted HTML page. This is the fifth actively exploited Chrome zero-day in 2026. MSPs should push Chrome to version 149.0.7827.102/.103 (Windows/macOS) immediately, and also update Chromium-based browsers including Microsoft Edge, Brave, and Opera.
Read more →SonicWall SMA1000 Series: Four New Vulnerabilities Patched Including High-Severity SQL Injection
SonicWall released patches for four vulnerabilities in its SMA1000 series firewalls, including CVE-2026-4112, a high-severity SQL injection flaw that could allow a read-only admin to escalate to primary admin rights. Three additional flaws could enable SSL VPN credential enumeration or TOTP authentication bypass. SonicWall reports no evidence of in-the-wild exploitation but urges immediate appliance updates given the sensitive access paths involved.
Read more →Efex Drops $30M to Acquire Australian MSP OnPlatinum — AU Channel M&A Continues
Efex has announced a $30 million acquisition of Australian MSP OnPlatinum, continuing the wave of consolidation activity reshaping the local managed services market in 2026. The deal signals ongoing private equity and strategic interest in scaling MSP businesses through acquisition in the ANZ region. Australian MSPs should be aware of shifting competitive dynamics as larger, better-capitalised players expand their service footprints.
Read more →CRN Channel Awards Australia 2026 Shortlist Announced — MSP, SP, and MSSP Categories Expanded
CRN Australia has announced the finalists for the CRN Channel Awards Australia 2026, with MSP of the Year and Service Provider of the Year categories split into headcount tiers due to record application volumes. The awards, held in conjunction with the GTIA ANZ Spotlight Awards, are scheduled for 17 September 2026 at Hyatt Regency Sydney. Australian MSPs should consider submitting for remaining open categories as recognition increasingly supports client trust and contract renewals.
Read more →Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.