Linux Kernel Vulnerabilities
The latest Linux Kernel Vulnerabilities coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft Ships KB5095615 Dynamic Update to Fortify WinRE Across Windows 11 24H2 and 25H2
Microsoft has published KB5095615, a Safe OS Dynamic Update for Windows 11 24H2 and the upcoming 25H2, that updates the Windows Recovery Environment with security hardening, driver refreshes, and Secure Boot enhancements. The update supersedes a previous WinRE package and reaches devices during feature updates or via offline servicing, underlining Microsoft's heightened focus on pre‑boot security. Admins should validate and deploy the update to ensure recovery tools stay aligned with the latest OS patches.
Microsoft Pushes KB5095186 to Windows 11 26H1 Recovery Environment Without a Reboot
Microsoft released KB5095186, a Safe OS Dynamic Update for Windows 11 version 26H1, on June 23, 2026. The update refreshes the Windows Recovery Environment without requiring a restart, providing a one-way, verified enhancement to the recovery partition that improves reliability and security during system failures.
Lazarus Group Targets Executives with Fake Zoom, Teams Invites—MacOS Malware Campaign Holds Lessons for Windows Users
North Korea’s Lazarus Group has launched a macOS-focused campaign using fake Zoom, Teams, and Google Meet invitations to trick crypto executives into pasting malicious Terminal commands. While the malware is macOS-specific, the social engineering technique poses a cross-platform risk, particularly for Windows users who could be targeted with similar PowerShell or Command Prompt lures.
Siemens Issues Patch for SINEC INS: Critical Command Injection and Three Other Flaws Fixed
Siemens has released V1.0 SP2 Update 6 for SINEC INS to patch four vulnerabilities, including a critical authenticated command injection flaw (CVE-2026-38421, CVSS 9.8). CISA republished the advisory on June 23, 2026, warning that exploitation could allow remote code execution and compromise industrial network management. The update also fixes path traversal, improper access control, and stored XSS issues.
Siemens OpenSSL CMS Vulnerability Triggers CISA Alert, Windows OT Assets Face High-Severity Threat
CISA has issued an advisory for CVE-2025-15467, a high-severity OpenSSL CMS parsing vulnerability impacting multiple Siemens industrial products. The flaw could allow remote code execution on Windows-based engineering stations and HMI systems within operational technology networks. Siemens and CISA recommend immediate patching, alongside network segmentation and enhanced monitoring to mitigate risks.
CISA Flags Critical Hubbell Aclara Flaw: Unauthenticated Web Access Can Reboot OT Devices
CISA issued an urgent advisory on June 23, 2026, for a critical missing authentication vulnerability (CVE-2026-1840) in Hubbell's Aclara Metrum Cellular Web Interface, allowing unauthenticated attackers to remotely restart OT devices. The flaw affects firmware versions below 2.1.0.105 and poses a severe risk to utility operations. Immediate patching or network segmentation is recommended.
ABB Freelance Security Lock Flaw Lets Attackers Hijack OT Consoles — Patch Now
ABB and CISA disclosed CVE-2025-7064, a high-severity flaw in the Freelance Security Lock that lets authenticated attackers escape the restricted OT console and take full control of the underlying Windows system. Affected versions range from Freelance 2013 to 2024. A patch is available in Freelance 2024 SP1, with mitigations recommended for legacy systems.
CISA Flags Critical Flaw in Siemens SIPROTEC 5 Relays: Authenticated File Upload via DIGSI 5
CISA republished a Siemens advisory on CVE-2025-40808, a high-severity authenticated file-upload vulnerability in many SIPROTEC 5 protection relays via the DIGSI 5 protocol. An attacker with valid credentials can upload arbitrary files, potentially leading to remote code execution and grid disruption. Siemens has released firmware updates, and CISA recommends immediate patching, network segmentation, and strong authentication.
Patch Now: B&R Fixes Linux Kernel Flaws That Threaten OT Networks and Windows Hosts
B&R Industrial Automation's June 2026 advisory warns that multiple Linux kernel flaws allow local privilege escalation in its Linux for B&R 12, X20E controllers, and APROL systems, with Windows hosts also affected due to co‑resident Linux runtimes. Exploiting these bugs could let attackers take full control of critical industrial processes. Immediate patching and cross‑platform coordination are essential.
Siemens Patches Critical WinCC Certificate Manager Vulnerability CVE-2026-24349 with V21 Update 2
Siemens has patched a critical certificate management vulnerability (CVE-2026-24349) in its SIMATIC WinCC Unified PC Runtime software, affecting versions V16 through V21. The flaw could allow remote code execution and certificate spoofing in industrial control systems. Administrators must apply the V21 Update 2 patch immediately and consider certificate rotation.
usbliter8 BootROM Exploit Leaves iPhone XS, XR, 11 Permanently Open to USB Attacks
A new BootROM vulnerability called usbliter8 affects all A12 and A13 iPhones, including the XS, XR, and 11 models. Because it's hardware-based, the flaw is unpatchable via software and allows an attacker with physical USB access to compromise the device. Windows users who connect their iPhones to PCs should understand the risks and take precautions.
Windows Secure Boot Certificate Expiry in 2026 Could Brick Unpatched PCs—Here’s What You Need to Do
Microsoft’s 2011-era Secure Boot certificates will expire on June 24, 2026, and devices that haven’t accepted the new UEFI CA 2023 certificate may suffer boot failures. Users must install specific Windows updates and check for OEM firmware updates to ensure continued functionality.
Microsoft’s 2011 Secure Boot Certs Expire June 2026 — Your Migration Plan Starts Now
The Microsoft Windows Production PCA 2011 and UEFI CA 2011 certificates expire on June 24 and June 28, 2026, respectively. Systems without the replacement 2023 certificates will fail Secure Boot, preventing Windows and Linux from loading. IT administrators must audit firmware, deploy updates, replace legacy shim bootloaders, and test well ahead of the deadlines to avoid a widespread outage.