“Inventory every on-premises Exchange Server in your entire estate today and begin immediate patching for CVE-2026-42897 — don't wait for change windows, treat it as emergency maintenance.”
Microsoft Exchange Server CVE-2026-42897 Spoofing Flaw on CISA KEV — Only Actively Exploited Issue in June Patch Cycle
CVE-2026-42897, a CVSS 8.1 Exchange Server spoofing vulnerability, is confirmed as actively exploited and listed on the CISA KEV catalog — making it the sole actively exploited issue in the June 2026 Patch Tuesday cycle. MSPs managing on-premises Exchange must patch this before any other June update. No vendor-supplied workaround; apply the June 2026 Exchange CU immediately.
Read more →Microsoft Edge CVE-2026-11645: Chromium Zero-Day with In-the-Wild Exploit Fixed in Edge 149
Microsoft released Edge Stable Channel 149.0.4022.62 containing a fix for CVE-2026-11645, a Chromium vulnerability confirmed by the Chromium team to have an active in-the-wild exploit. MSPs managing browser fleets should push the Edge update immediately via Intune or group policy. No workaround exists — patching to 149.0.4022.62 or later is the only remediation.
Read more →SonicWall SMA1000 SQL Injection CVE-2026-4112 and Three Additional Flaws Patched
SonicWall released patches for four vulnerabilities in SMA1000 series firewalls, led by CVE-2026-4112 — a high-severity SQL injection bug allowing read-only admins to escalate to primary admin rights. Three further issues enable SSL VPN credential enumeration and TOTP authentication bypass. SonicWall reports no evidence of in-the-wild exploitation but urges immediate updates; update SMA1000 firmware as soon as possible.
Read more →MSP AI Operationalisation Gap: 97% Plan More Automation, Only 4% Have Actually Deployed It
A July 2026 report from Rev.io found that while 97% of MSPs plan to increase AI automation, only 4% have operationalised it — meaning AI suggests actions but humans still execute them. The platforms pulling ahead are those where AI agents run manual processes autonomously, with technicians only reviewing exceptions. MSPs are advised to evaluate whether their current tools act or merely advise, and identify workflows ready for full handoff.
Read more →AI Helpdesk Automation Reality Check: Only 4% of MSPs Have Actually Operationalised AI
A July 2026 analysis found that while 97% of MSPs plan to use AI to automate more this year, only 4% have actually operationalised it — with most teams still manually acting on AI suggestions rather than letting agents run processes autonomously. The gap is attributed to AI tools sitting outside core RMM/PSA systems and lacking real-time endpoint context, causing hallucinated diagnoses and escalation failures. MSPs looking to bridge the gap are advised to unify endpoint health data across L1/L2/L3 before adding more AI tooling.
Read more →Inaugural CRN Channel Awards Australia 2026 Shortlist Announced — MSP and MSSP of the Year Categories Expanded
CRN Australia has announced the finalists for the inaugural CRN Channel Awards Australia 2026, co-presented with the GTIA ANZ Spotlight Awards, to be held on 17 September at the Hyatt Regency Sydney. Due to an overwhelming number of MSP and Service Provider applications, CRN has split MSP of the Year into headcount-based sub-categories for the first time. The 29-category programme covers managed services, cybersecurity, cloud, AI, and channel leadership.
Read more →Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.