// #patch-management

Jun 11, 2026 #patch-management +8

Enterprise Guide: Prioritising the June 2026 Patch Tuesday Across 198 CVEs

Security teams face 198 CVEs from Microsoft's June 2026 Patch Tuesday plus concurrent advisories from SAP, Ivanti, Palo Alto, and CISA. This guide provides a decision framework for prioritising remediation across different infrastructure tiers — from internet-facing servers to workstations — with specific guidance for each of the highest-risk vulnerabilities.

Jun 11, 2026 #windows-server +8

Windows Server Fleet Patching After June Patch Tuesday: Managing Velocity and Risk in Large Environments

After the largest Microsoft Patch Tuesday of 2026, enterprise teams face the challenge of patching Windows Server fleets at emergency speed while avoiding the outages that come with untested updates. This article addresses patch deployment sequencing, testing compression strategies, and rollback planning for the June 2026 emergency patch cycle.

CISA KEV June 2026 Tracker: Vulnerability Additions, BOD 22-01 Deadlines, and Remediation Priorities

The CISA Known Exploited Vulnerabilities catalogue added three entries in the first week of June 2026, including the Oracle WebLogic deserialization vulnerability (CVE-2024-21182) and the Mirasvit Magento RCE (CVE-2026-45247). This tracker consolidates the June additions with their remediation deadlines and documents the patch availability status for each.

Jun 5, 2026 #cisa-kev +6

Jun 5, 2026 #verizon-dbir +6

Verizon DBIR 2026: Vulnerability Exploitation Surpasses Phishing as Top Initial Access Vector — Enterprise Implications

Verizon's 2026 Data Breach Investigations Report, published mid-May, documents a structural shift in breach methodology: vulnerability exploitation has overtaken phishing as the most common initial access pathway in analysed breaches. The shift reflects a maturing attacker ecosystem that increasingly uses automated exploit delivery rather than requiring human interaction. Enterprise security programmes built around phishing awareness need recalibration.

Linux Kernel Patch Management as Asset Security: Why CVE-2026-46243 Exposes the Kernel Update Gap

The CVE-2026-46243 disclosure — a 19-year-old kernel flaw with a public root exploit and distribution patches already available — is a useful lens for examining how enterprises manage Linux kernel versions as security-relevant assets. Many organisations have robust patch management for applications but inconsistent processes for kernel updates, particularly on specialised infrastructure like database hosts and container nodes.

Jun 3, 2026 #linux +6

Android Enterprise Patch Management: Closing the Gap Between Google's Bulletin and Fleet-Wide Coverage

The June 2026 Android Security Bulletin — which includes an actively exploited zero-day — highlights a structural challenge for enterprise Android fleet management: Google publishes a patch, but enterprise coverage depends on OEM update timelines, carrier approval processes, and EMM deployment policies that can extend the effective exposure window by weeks. This guide covers a practical approach to managing the gap.

Jun 2, 2026 #android +8

May 30, 2026 #cisa-kev +5

CISA KEV May 2026: Complete List of Known Exploited Vulnerabilities Added This Month and Enterprise Response Guidance

CISA's Known Exploited Vulnerabilities catalogue received multiple additions in May 2026, including developer toolchain supply-chain compromises, network appliance vulnerabilities, and Microsoft Windows flaws. This guide consolidates the May 2026 KEV additions with enterprise response guidance for each category.

May 30, 2026 #patch-management +6

May 2026 Vulnerability Retrospective: Patch Prioritisation Guide for Enterprise Security Teams

May 2026 produced an unusually dense cluster of high-severity vulnerabilities: Netlogon CVSS 9.8, Ubiquiti CVSS 10.0 × 3, AMD Zen 2 CVSS 8.8, golang/crypto CVSS 10.0, Linux ptrace four-exploit-chain. This retrospective ranks them by risk for organisations still working through the patching backlog.

Apple's Retroactive CVE Disclosure Practice Creates Systematic Gaps in Enterprise Patch Management

Apple's habit of retroactively adding CVE details to previously published security advisories creates operational complexity for enterprise vulnerability management programmes: vulnerabilities appear as 'new' in CVE feeds after they have already been patched in deployed OS versions, generating false-positive remediation workflows and obscuring the true patch state of Apple endpoints.

May 26, 2026 #apple +6

May 18, 2026 #vulnerability-management +5

Apple Retroactively Publishes CVE Details for macOS, iOS, and visionOS — Including Root Escalation and Siri Privacy Bypass

Apple updated multiple security pages on 26 May to add CVE identifiers and technical details for vulnerabilities that were patched weeks or months earlier with minimal public disclosure. The retroactively disclosed issues include a CoreServices root escalation via malicious app, a Siri Private Browsing bypass, and a call history fingerprinting flaw — none were disclosed as separate security updates at the time of patching.

May 26, 2026 #apple +7

🏛️ Architecture

The Pwn2Own 90-Day Clock: How Defenders Should Use the Patch Window Before Public Disclosure

Pwn2Own's 90-day coordinated disclosure rule gives vendors time to patch before technical details are made public. For enterprise defenders, the same 90 days is a known timeline during which the confirmed existence of specific zero-days — but not their technical details — is public. Understanding how to use that window is an underexplored aspect of enterprise vulnerability management.

Red Hat Enterprise Linux LPE at Pwn2Own: What the Results Mean for Enterprise Linux Patch Strategy

Red Hat Enterprise Linux was successfully exploited twice at Pwn2Own Berlin 2026 via local privilege escalation vulnerabilities. For enterprise security teams running RHEL, and the broader family of RHEL-derived distributions including CentOS Stream, Rocky Linux, and AlmaLinux, the results inform how Linux patching SLAs should be evaluated against the demonstrated threat model.

May 18, 2026 #rhel +7

Apr 29, 2026 #cisa-kev +6

CISA KEV Additions: Windows Shell Spoofing CVE-2026-32202 and Cisco SD-WAN Sensitive File Exposure CVE-2026-20133

CISA's late-April Known Exploited Vulnerabilities additions include a Windows Shell protection mechanism failure under active exploitation and a Cisco Catalyst SD-WAN Manager flaw allowing unauthenticated access to sensitive OS files. Federal agencies face a May 12 remediation deadline for CVE-2026-32202; enterprise organisations should treat both additions as confirmation of active threat actor interest and patch accordingly.

NIST Halts NVD Enrichment for Lowest-Priority CVEs as Submission Volume Surges 263% — Vulnerability Management Impact

NIST has announced it will no longer provide full CVSS scoring, CPE matching, and CWE classification for the lowest-priority tier of CVE submissions in the NVD. The change, driven by a 263% surge in annual CVE volumes since 2024, means thousands of CVE records will remain in an unenriched 'DEFERRED' state — with no CVSS score, no affected product mapping, and no severity rating. Enterprise vulnerability management programmes that rely on NVD as their authoritative source must adapt their workflows immediately.

Apr 27, 2026 #nvd +5

Apr 26, 2026 #microsoft +5

Microsoft Issues Emergency Patch KB5091157 After April Updates Crash Domain Controllers

Microsoft's April 2026 Patch Tuesday updates triggered LSASS crash-reboot loops on non-Global Catalogue domain controllers in PAM-enabled deployments and forced some Windows Server 2025 systems into BitLocker recovery mode. Emergency out-of-band updates were released April 19 for all affected Server versions. Immediate installation is required — affected DCs cause complete authentication outages across their domains.

Apr 24, 2026 #cisa-kev +6

CISA Adds Quest KACE (CVSS 10.0), Kentico Xperience, and Zimbra ZCS to Known Exploited Vulnerabilities — Federal Deadline May 4

CISA's April 2026 KEV additions include a CVSS 10.0 unauthenticated SQL injection in Quest KACE Systems Management Appliance, active exploitation of Kentico Xperience CMS, and Zimbra Collaboration Suite vulnerabilities. Federal agencies have a May 4 remediation deadline; enterprise organisations should treat confirmed KEV additions as indicators of active attacker tooling and prioritise these systems immediately.

SAP BPC SQL Injection (CVE-2026-27681, CVSS 9.9) Gives Low-Privilege Users Full Access to Financial ERP Data

A near-perfect CVSS 9.9 SQL injection vulnerability in SAP Business Planning and Consolidation and BW/4HANA allows any authenticated user with standard access to read, modify, and delete financial consolidation data. SAP patched the flaw in its April 2026 Security Patch Day; organisations should treat unpatched SAP financial systems as having their financial data integrity at risk from any internal user with SAP credentials.

Apr 24, 2026 #sap +5

Apr 13, 2026 #cisa-kev +9

CISA Adds Seven CVEs to KEV Including Decade-Old Microsoft Bugs Exploited by Storm-1175

CISA has added seven vulnerabilities to the Known Exploited Vulnerabilities catalogue, including four Microsoft flaws spanning from 2012 to 2025 being actively leveraged by the Storm-1175 ransomware group. The additions highlight a persistent patching blind spot: vulnerabilities patched years ago that never made it into legacy system maintenance cycles, now routinely weaponised for initial access and privilege escalation.