Windows Security Updates
The latest Windows Security Updates coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft's July Patches Stop Unauthenticated AD FS Crashes — Patch Your Identity Servers Now
Microsoft dropped its July 2026 security updates on the 14th, and one fix in particular should grab the attention of any organization still running Active Directory Federation Services (AD FS)....
Microsoft's July 14 Patch Blocks a Network Attack That Can Crash AD FS Without Authentication
On July 14, 2026, Microsoft released a security update that fixes a critical weakness in Active Directory Federation Services (AD FS) — a stack-based buffer overflow that enables an unauthenticated...
Google Patches WebXR UI Spoofing in Chrome—Windows Users Urged to Update
Google on Monday shipped a fix for a medium-severity vulnerability in Chrome’s WebXR implementation, warning that a crafted webpage could spoof browser interface elements and trick Windows users...
GnuPG S/MIME Flaw CVE-2026-57062 Allows Attackers to Bypass Encryption Integrity with Short AES-GCM Tags
A parsing quirk in GnuPG's S/MIME implementation can silently downgrade the authentication strength of encrypted messages, the GnuPG maintainers warned on June 28, 2026. The vulnerability, tracked as...
Your Microsoft Store Office Install Has a Hard Deadline: Switch to Click-to-Run Before December 2026
Microsoft has resurfaced a critical deadline that puts a ticking clock on any PC running the Microsoft Store version of its Office apps. As of October 2025, those Store-installed Word, Excel, and...
Windows 10’s Stay of Execution: Microsoft Extends Consumer Security Patches to October 2027
Microsoft has quietly updated its consumer Extended Security Updates (ESU) policy for Windows 10, extending the deadline for critical security patches by an extra year and a half. Enrolled PCs will...
Microsoft Edge 149 Patches Critical Chromium WebAuth Use-After-Free (CVE-2026-12443) – How to Verify Your Version
Microsoft has pushed out an emergency fix for Microsoft Edge, addressing a serious memory corruption flaw tracked as CVE-2026-12443 that originates from the Chromium open-source Web Authentication...
Microsoft Confirms: June 2026 Security Updates Cause Recycle Bin to Display Internal $R Filenames
Microsoft has officially acknowledged a bizarre bug introduced by its June 9, 2026 security updates that causes the Windows Recycle Bin to leak internal file names. Instead of showing the friendly...
June 2026 Windows Update Breaks Custom Folder Icons: desktop.ini Ignored – Here's Why and How to Fix It
Custom folder icons painstakingly crafted with desktop.ini files have vanished without a trace for thousands of Windows users. The culprit: security updates released on or after June 9, 2026, that...
Windows Push Notifications Race Condition Lets Attackers Escalate to SYSTEM
Microsoft’s June 2026 Patch Tuesday brought a critical security fix for a local privilege escalation vulnerability in the Windows Push Notifications service. Tracked as CVE-2026-42991, the flaw...
Patch now: Critical WinINet EoP bug CVE-2026-45592 gives attackers SYSTEM access.
Microsoft's June 2026 Patch Tuesday, released on June 9, brings a critical fix for CVE-2026-45592, an elevation-of-privilege vulnerability in the Windows Internet (WinINet) API library. The flaw,...
CVE-2026-48578: Patch Tuesday Fix Closes Secure Boot Bypass for Bootkit Attacks
Microsoft dropped its June 2026 Patch Tuesday updates, and one vulnerability stands out: CVE-2026-48578. This Important-rated Secure Boot security feature bypass lets a highly privileged local...