惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
博客园_首页
N
News | PayPal Newsroom
有赞技术团队
有赞技术团队
The Hacker News
The Hacker News
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
The Cloudflare Blog
S
SegmentFault 最新的问题
Jina AI
Jina AI
人人都是产品经理
人人都是产品经理
P
Privacy & Cybersecurity Law Blog
AI
AI
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Schneier on Security
Schneier on Security
博客园 - 三生石上(FineUI控件)
月光博客
月光博客
量子位
Forbes - Security
Forbes - Security
爱范儿
爱范儿
云风的 BLOG
云风的 BLOG
SecWiki News
SecWiki News
Last Week in AI
Last Week in AI
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tor Project blog
Recorded Future
Recorded Future
A
About on SuperTechFans
J
Java Code Geeks
The Register - Security
The Register - Security
PCI Perspectives
PCI Perspectives
H
Hacker News: Front Page
V2EX - 技术
V2EX - 技术
S
Secure Thoughts
V
Vulnerabilities – Threatpost
Hacker News: Ask HN
Hacker News: Ask HN
MongoDB | Blog
MongoDB | Blog
N
Netflix TechBlog - Medium
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Scott Helme
Scott Helme
T
The Exploit Database - CXSecurity.com
Y
Y Combinator Blog
AWS News Blog
AWS News Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
IT之家
IT之家
T
The Blog of Author Tim Ferriss
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
L
LangChain Blog
F
Full Disclosure
Application and Cybersecurity Blog
Application and Cybersecurity Blog
The GitHub Blog
The GitHub Blog

Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises – Computerworld

Microsoft 365: A guide to the updates Windows 11 Insider Previews: What’s in the latest build? Windows 11: A guide to the updates Apple can't make chips fast enough, but that's only part of the story AI-led job cuts don’t always mean stronger ROI — Gartner Microsoft, Google push AI agent governance into enterprise IT mainstream Microsoft now has more than 20M paying Copilot users AI is more accurate than doctors in emergency diagnoses — study Start small, but start now: How to bring AI into your small business Apple is preparing to spend, but not necessarily on AI 10 quick productivity tips for Microsoft 365 mobile apps Relying on LLMs is nearly impossible when AI vendors keep changing things Apple breaks records, admits it can’t make Macs fast enough Spotlight report: Transforming software development with AI - Whitepaper Repository - 25 great uses for an old Android device AI chatbots need ‘deception mode’ Friendlier chatbots can be less reliable, study says Gartner sees untamed growth in agentic AI Apple reportedly abandons Vision Pro AI venture funding to shoot up this year as bubble looms Scaling up a tech startup in Europe is hard — 'EU Inc.' aims to help Apple will be behind on AI — until it isn’t EU lawmakers fail to agree on watered-down AI Act, talks pushed to May Android reminders, reinvented Who’s the better CEO, Apple’s Tim Cook or Microsoft’s Satya Nadella? AWS unveils trio of key AI strategy announcements SAS makes AI governance the centerpiece of its agent strategy Can Apple’s new CEO turn things around? Enterprises need to think beyond GPUs for agentic AI, analysts say Fleet hopes to be the MDM provider for the AI Era Why simplicity is the silent driver of hybrid workplace success Why security matters in the meeting room Can everyday IT decisions turn sustainability from intent into impact? Why the meeting room has become the true test of hybrid work Why smart meeting rooms are becoming strategic IT assets How collaboration technology defines the next phase of hybrid work Microsoft, OpenAI change contract terms–again OpenAI plans its own ‘iPhone killer’ Your AI strategy is all wrong Agent Mode is now available in Microsoft Word, Excel, and PowerPoint Adobe bets on AI agents to stay at the center of marketing workflows Microsoft to offer voluntary retirement buyouts to about 7% of the US workforce Google Keep cheat sheet: How to get started The AI workplace paradox: Higher productivity, higher anxiety Gartner: Global IT spending to grow by 13.5% this year Apple may be the only laptop vendor to grow in 2026 Tim Cook’s legacy: a successful CEO who stumbled over AI Google Chat becomes an agent interface for Workspace Gemini Enterprise update brings AI agents into collaborative workflows Meta to track employee keystrokes, screen activity to train AI agents The smartest ways to sync your Android and computer clipboards Microsoft trims cloud desktop pricing, even as it boosts AI costs Adobe builds an ‘agentic content supply chain’ for the AI era You can now test and compare AI models on LinkedIn With John Ternus as CEO, expect Apple’s platforms to proliferate Apple CEO Tim Cook stepping down, to be replaced by John Ternus Global RAM shortage appears set to continue through 2027 Is this where Apple Silicon will be in 5 years? AI-ready skills are not what you think World ID expands its ‘proof of human’ vision for the AI era Microsoft's Patch Tuesday updates: Keeping up with the latest fixes Microsoft’s Patch Tuesday release for April is a whopper Robot Zuckerberg shows how IT can free up CEOs’ time UK wants to build sovereign AI — with just 0.08% of OpenAI’s market cap 20 tricks for more efficient Android messaging AI is finally delivering productivity — for remote employees Google should share search data to break its monopoly, European Commission suggests How to think about Apple Business Microsoft Teams cheat sheet: How to get started Reporter’s notebook: In Nepal and Sri Lanka, AI boom brings hope How to create your own custom Android air gesture Can Microsoft really meet its carbon-negative goal by 2030? About the Best Places to Work in IT Microsoft to cut Windows 365 price for SMBs Blancco confirms Mac adoption is accelerating Apple devices’ satellite link is under new ownership IBM’s government DEI settlement could increase pressure to avoid tech hiring diversity Microsoft is developing Copilot features inspired by Openclaw Global RAM shortage prompts Microsoft to hike Surface prices Apple Business rolls out to 200+ countries today Windows 10: A guide to the updates Nvidia’s Stephen Jones on the toolkit powering GPUs: ‘A wild ride’ The French government eyes alternatives to Windows Apple preps for the face race How to build your own AI agents with Google Workspace Studio Adobe Summit 2026: How Adobe hopes to redesign marketing and creativity with AI DARPA wants to help AI agents to talk to one another Apple unveiled a new high-end market opportunity this week Microsoft adds hidden feature flags to Windows Insider builds Meta moves fast toward a world where AI builds the software PC sales rise in Q1 despite memory shortage — IDC Agentic AI – Ongoing coverage of its impact on the enterprise Google’s new AI app is a glimpse of the future This problem might not need a solution: customer-service bots that code for free Chrome, Vivaldi, and the challenge of changing browsers The new M5-based MacBook Air is built to last — and perform Apple worst, Asus best for laptop repairability US court refuses to stay Pentagon’s ‘supply-chain risk’ blacklisting of Anthropic The top priority for Adobe’s next CEO? Prepping for the ‘age of agents’ It's iPhone speculation time: flips, flaps — and Fold
For May, Patch Tuesday means 139 updates — but no zero-days
2026-05-16 · via Google adds end-to-end Gmail encryption to Android, iOS devices for enterprises – Computerworld

Microsoft this week released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office. 

The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for Jira and Confluence), four Word Preview Pane RCEs, the large TCP/IP vulnerability cluster, and the carry-over BitLocker recovery condition (still active on Windows 10 and Windows Server) warrants an accelerated deployment release schedule. The Readiness team suggests that testing start with internet-facing services, domain controllers, and Office endpoints. The May 2026 Assurance Security Dashboard breaks the cycle down by Microsoft product family for deployment risk assessment.

(More information about recent Patch Tuesday releases is available here.)

Known issues

Patch Tuesday arrived this month with a clean bill of health (at least with respect to reported and known issues) for Windows 11 24H2, 23H2, Windows 10 22H2, and Windows Server 2025. However, two items warrant attention.

Issues resolved

  • KB5089549 for Windows 11 25H2 and 24H2 resolves the April PCR7/BitLocker recovery condition and improves Boot Manager servicing so subsequent boot file updates do not trigger recovery.
  • Secure Boot certificate distribution adds a new C:\Windows\SecureBoot folder of automation scripts for IT teams rolling out the Windows UEFI CA 2023 key replacement under CVE-2023-24932, ahead of the 2011 certificate expirations happening between June and October 2026.
  • Simple Service Discovery Protocol (SSDP) notification reliability improves, so the service is less likely to become unresponsive under sustained load; this is relevant to networks running UPnP device discovery.

Major revisions and mitigations

Given this month’s Preview Pane issues, Microsoft offered mitigation advice:

Windows lifecycle and enforcement updates

We’ve mentioned the CA certificate issue before, but it’s worth flagging again as we approach the EOS and enforcement dates for:


Each month, the team at Readiness provides detailed, actionable testing guidance for Patch Tuesday releases. This guidance is based on assessing a large application portfolio and a comprehensive analysis of the patches and their potential impact on Windows platforms and application deployments.

This month’s Patch Tuesday flags two components as high-risk: the Ancillary Function Driver for WinSock, with an explicit Bluetooth focus, and the Telnet client. Microsoft also ships a pre-release security fix to the Common Log File System driver, and Secure Boot key rolling continues under CVE-2023-24932. TCP/IP is the most-patched component this cycle, with 11 separate updates. Lower-risk patches involve graphics, storage, virtualization, VPN, and Office MSI editions.

Ancillary Function Driver for WinSock 

The WinSock kernel driver (afd.sys) mediates every TCP and UDP socket on Windows, and the May update lands a regression-sensitive change to the Bluetooth interaction path. Failure here typically surfaces as audio dropouts, paired-device drops on sleep, slow reconnect on Wi-Fi handover, or a clean AFD-referenced bug check during sustained load. Watch the System event log for new errors from AFD, TCP/IP, or BTHUSB sources during your test window.

Success in testing these drivers looks silent: no stutters, no event-log churn, no handle leaks.

Your testing regime should include:

  • Browse the web over HTTP and HTTPS on both IPv4 and IPv6; download a multi-gigabyte file and verify it completes without stalls.
  • Establish a Remote Desktop session, idle 30+ minutes, then resume; place a Teams call with audio, video, and screen share.
  • Disable and re-enable the NIC, switch between Wi-Fi and Ethernet, and sleep/resume the machine; expect the network to return cleanly with no AFD-referenced bug check.
  • Toggle Bluetooth on and off from Settings and Action Center; pair and unpair headphones, mouse, keyboard, and phone, repeating through several cycles.
  • Play audio over a Bluetooth headset for 10+ minutes during a Teams call; expect zero dropouts and clean mic/speaker switching as devices toggle.
  • Transfer a file to and from a phone over Bluetooth; connect a Bluetooth keyboard and mouse, leave idle, and resume input.
  • Sleep and resume the machine with Bluetooth peripherals connected; verify they reconnect without manual intervention.

Telnet client

The Telnet client (telnet.exe) is an optional Windows feature, rarely enabled on modern endpoints. The high-risk flag matters wherever the feature is installed. Check first with Get-WindowsCapability -Online -Name “Telnet.Client~~~~0.0.1.0”. If installed, launch telnet.exe against a known good endpoint and confirm it opens, accepts input, and exits cleanly. If the feature is not in use, treat this update as an opportunity for attack-surface reduction and remove it.

Common Log File System security fix

Microsoft corrected two integer underflow vulnerabilities in the CLFS driver (clfs.sys) that could trigger a system crash or elevation of privilege. Regression risk is low, but CLFS underpins transaction logging across SQL Server, DTC, Failover Clustering, Hyper-V, Active Directory, and Event Log. Validate where these run. A bug check referencing clfs.sys after the update is the clearest red flag.

  • Reboot, run a representative workload for 24 to 48 hours, and check System and Application logs for new errors referencing CLFS, NTFS, DTC, or FailoverClustering.
  • On SQL Server, restart the service, run standard transactions, perform a backup and restore, and confirm Always On replication stays healthy.
  • Patch each cluster node, verify all nodes return as Up, and move a clustered role across nodes.
  • On a patched domain controller, run repadmin /replsummary and dcdiag /v; verify Group Policy still applies on clients.
  • Confirm VSS writers report Stable via vssadmin list writers, then run a full backup and a test restore.

Secure Boot and BitLocker

Secure Boot validation continues under the CVE-2023-24932 key rolling work. The risk is a recovery prompt or an unbootable device. Run only on dedicated test machines with the recovery key backed up.

  • Enable BitLocker on the OS drive, verify TPM protectors with manage-bde -protectors -get c:, then disable and confirm clean decryption.
  • With Secure Boot enabled, trigger recovery via reagentc /boottore 1, unlock with the recovery key, and verify normal next boot.
  • With both enabled, apply the Windows UEFI CA 2023 key update and confirm the system boots without a recovery prompt.
  • Hibernate with Secure Boot and BitLocker on (powercfg /hibernate on, shutdown -h), then resume and confirm no recovery screen.

Other Windows components

TCP/IP has the highest patch volume; the rest receive routine updates with no functional changes.

  • Networking: run sustained file transfers, VPN sessions, and stable throughput over IPv4 and IPv6 to cover tcpip.sys (six updates), the Native Wi-Fi driver, and the LLDP driver.
  • VPN and filtering: exercise IKEv2 tunnels through sleep/wake and verify Windows Firewall rules to cover IKEEXT.dll and BFE.
  • Graphics and shell: run sustained UI activity and GPU-accelerated workloads to cover the Desktop Window Manager, graphics memory manager, and the graphics kernel; watch for artifacts or flickering.
  • Virtualization: exercise VM start/save/resume/stop and external/internal/private virtual switches to cover Hyper-V vmswitch.sys.
  • Storage and sync: exercise cloud sync hydration, Storage Spaces pool operations, and RDP printer/clipboard redirection.

This month’s Office updates target MSI editions only: Excel 2016 (KB5002865), Word 2016 (KB5002858), Office 2016 shared libraries (KB5002866), and SharePoint Server 2016, 2019, Online Server, and Subscription Edition. Click-to-Run estates are unaffected.

  • Open complex Excel workbooks with formulas, macros, and external data connections; save and reopen to verify integrity.
  • Edit Word documents with embedded objects, tracked changes, and complex formatting.
  • Across patched SharePoint editions, validate document library operations, co-authoring, and workflow execution.
  • Confirm that Office add-ins and line-of-business integrations continue to operate.

The Readiness team recommends testing start with the high-risk items. The WinSock driver update warrants a Bluetooth-heavy regression pass across peripherals, audio, file transfer, and sleep/wake. The Telnet client flag is narrow but applies wherever the optional feature is enabled. The CLFS security fix is low regression risk, but its blast radius is wide: validate SQL Server, failover clusters, Hyper-V, Active Directory, and event logging where they exist. Secure Boot and BitLocker validation remains essential as CVE-2023-24932 key rolling continues. Microsoft Office is MSI-only this cycle.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings: 

  • Browsers (Microsoft Edge) 
  • Microsoft Windows (both desktop and server) 
  • Microsoft Office
  • Microsoft Exchange and SQL Server 
  • Microsoft Developer Tools (Visual Studio and .NET)
  • Adobe (if you get this far) 

Browsers

For this Patch Tuesday, Microsoft Edge released the stable version (148.0.3967.54) on May 7, according to the Edge security release notes. This update cycle covers six Edge-engineered CVEs plus 127 Chromium upstream CVEs flowing through:

  • CVE-2026-33111 — Copilot Chat (Microsoft Edge) — Information disclosure (CVSS 7.5, rated critical). This is the headline browser issue this month.
  • CVE-2026-41107 — Microsoft Edge (Chromium-based) — Information disclosure (CVSS 7.4). External control of file name and path.
  • CVE-2026-42838 — Microsoft Edge (Chromium-based) — Elevation of privilege (CVSS 5.4). Injection in a downstream component.
  • CVE-2026-7896 through CVE-2026-8022 — Chromium upstream — 127 CVEs covering use-after-free, out-of-bounds read and write, type confusion, and integer overflow across V8, Blink, Skia, WebRTC, ANGLE, and DevTools. The same fixes ship in the Chrome Stable channel; see the Chrome releases blog for the upstream notes.

Add these updates to your Patch Now deployment schedule for Edge-managed environments.

Microsoft Windows

Microsoft addressed 67 unique vulnerabilities across Windows, six rated critical and 61, important. Elevation of privilege dominates by volume (44 entries), followed by remote code execution (9), denial of service (7), information disclosure (4), and security feature bypass (3). The six critical entries span six distinct Windows features:

  • CVE-2026-41089 — Windows Netlogon — Remote code execution (CVSS 9.8). Unauthenticated stack-based buffer overflow targeting domain controllers; the highest-impact Windows CVE this cycle.
  • CVE-2026-41096 — Windows DNS Client — Remote code execution (CVSS 9.8). Unauthenticated heap-based overflow in name resolution.
  • CVE-2026-40402 — Windows Hyper-V — Elevation of privilege (CVSS 9.3). The only non-RCE critical this cycle; guest-to-host escalation on virtualization hosts.
  • CVE-2026-40403 — Windows Graphics Component — Remote code execution (CVSS 8.8). Rendering-path RCE.
  • CVE-2026-35421 — Windows GDI — Remote code execution (CVSS 7.8). Exploitation via a malicious Enhanced Metafile (EMF) image opened in Microsoft Paint or any EMF-rendering application.
  • CVE-2026-32161 — Windows Native WiFi Miniport Driver — Remote code execution (CVSS 7.5). Wireless networking attack surface.

Domain controllers and Hyper-V hosts are the deployment priority, given Netlogon’s unauthenticated profile and the guest-to-host escape. Add this Windows update to your Patch Now deployment schedule.

Microsoft Office

Microsoft released 27 Office CVEs — nine critical, 18 important. Remote code execution dominates with 15 entries; the rest split across information disclosure (4), elevation of privilege (4), spoofing (3), and tampering (1).

SharePoint Server is the main priority, given the network-RCE profile — even with the authenticated-Site-Owner precondition. Office 2019 MSI estates pick up six critical fixes between the four Word RCEs and the two generic Office RCEs. The Team Events Portal CVE is addressed cloud-side — no on-premises action. Apply this month’s Office security updates (KB5002865, KB5002858, KB5002866, and the SharePoint set in Issues Resolved above) per the standard ring schedule.

Microsoft Exchange and SQL Server

This month, Microsoft SQL Server receives a single patch and Microsoft Exchange Server gets none:

  • CVE-2026-40370 — SQL Server — Remote code execution (CVSS 8.8). External control of file name or path allows an authenticated attacker to execute code over a network. The fix is broadly distributed across SQL Server 2025, 2022, 2019, 2017, and 2016 SP3 via both GDR and CU channels.

SQL Server estates should deploy via GDR or CU per their standard patching cadence, prioritizing internet-exposed instances given the post-authentication blast radius implied by the CVSS 8.8. Add this update to your Patch Now deployment schedule for any internet-connected SQL Server.

Developer tools

Microsoft released 11 CVEs across its developer tooling, with one update rated critical (for Azure DevOps) and 10 rated important, covering the following areas:

Add these Microsoft updates to your standard developer update release schedule.

Adobe (and third-party updates)

I keep promising that this section should be retired (and it should), but Microsoft released a sizable third-party sweep through Azure Linux 3.0 and CBL Mariner 2.0 this month: 191 open-source CVEs spanning the Linux kernel, the Go runtime, Apache httpd, PHP, CoreDNS, valkey, Ruby, gnutls, Apache Thrift across its Node.js, Rust, and Java implementations, plus vim, postfix, expat, nmap, Prometheus, KEDA, and PgBouncer. This is a lot for anyone.

In addition to all this, Microsoft issued a patch (CVE-2026-41103) for its own SSO Plugin for Jira and Confluence. This vulnerability allows an attacker to forge a Microsoft Entra ID identity via a crafted SAML response; patching requires updating the plugin within Atlassian rather than on a Microsoft platform. In other words, the Microsoft attack surface now extends to other vendors’ application stacks, with patching responsibilities split across vendors. 

SUBSCRIBE TO OUR NEWSLETTER

From our editors straight to your inbox

Get started by entering your email address below.