Vulnerability Management and more

June Microsoft Patch Tuesday. Last week I was on vacation in Veliky Novgorod , so I'm publishing this overview only now. A total of 202 vulnerabilities were addressed, approximately twice as many as in May . There are currently no vulnerabilities marked as exploited in the wild. However, there are two vulnerabilities with publicly available exploits: 🔸 RCE - HTTP.sys (CVE-2026-47291). This critic…

June "In the Trend of VM" (#28): Linux kernel, Microsoft Defender, and Palo Alto Networks device vulnerabilities. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. In the previous May edition, we covered four vulnerabilities . This time, there are also four vulnerabilities associated with five CVE identifiers. 🗞 Post on Habr (rus) 🗒 Digest…

About Elevation of Privilege - Microsoft Defender "RedSun" (CVE-2026-41091) vulnerability. Microsoft Defender is a built-in security solution developed by Microsoft to protect the Windows operating system and user data from viruses, malware, and other cyber threats in real time. An improper link resolution vulnerability prior to file access ("link following", CWE-59 ) in Microsoft Defender, speci…

About Elevation of Privilege vulnerability - Linux Kernel "Dirty Frag" (CVE-2026-43284, CVE-2026-43500) vulnerability. According to information from researcher Hyunwoo Kim (@v4bel), Dirty Frag is a vulnerability (a class of vulnerabilities) that allows a local…

About Remote Code Execution - PAN-OS (CVE-2026-0300) vulnerability. PAN-OS is an operating system for Palo Alto Networks firewalls and security platforms. User-ID ™ Authentication Portal (also known as Captive Portal) is a non-default PAN-OS feature used to map IP addresses to usernames. By exploiting a buffer overflow vulnerability ( CWE-787 ), an unauthenticated remote attacker can send special…

May Linux Patch Wednesday. A total of 1,638 vulnerabilities (474 in the Linux kernel). For comparison, in April there were 1,035 vulnerabilities (a record!). And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But we will see what happens next. At some point it should stabilize. Although the number of critical v…

About Elevation of Privilege - Linux Kernel "Fragnesia" (CVE-2026-46300) vulnerability. The vulnerability was discovered by researcher William Bowling together with the V12 team. Fragnesia belongs to the class of Dirty Frag vulnerabilities. It is an error in the ESP/XFRM subsystem, distinct from Dirty Frag, which was addressed with a separate patch. It allows achieving arbitrary byte writes into…

May "In the Trend of VM" (#27): high-profile vulnerabilities in Linux, ActiveMQ, SharePoint, and Adobe Acrobat Reader. While the previous April edition featured only one vulnerability , this one includes four, covering different technologies and attack scenarios. 🗞 Post on Habr (rus) 🗒 Digest on the PT website (rus) 🔻 EoP - Linux Kernel "Copy Fail" ( CVE-2026-31431 ). The vulnerability allows an…

About Remote Code Execution - Adobe Reader (CVE-2026-34621) vulnerability. Adobe Acrobat Reader (from 2003 to 2015, "Adobe Reader") is a free PDF viewer developed by Adobe. Versions are available for Windows, macOS, Android, and iOS. The remote code execution vulnerability in Adobe Acrobat for Windows and macOS is caused by improper handling of object prototype attributes ( CWE-1321 - "Prototype…

May Microsoft Patch Tuesday. A total of 119 vulnerabilities, approximately 1.5 times fewer than in April . There are currently no vulnerabilities marked as actively exploited in the wild. However, there is one vulnerability with a public exploit: 🔸 EoP - Windows Kernel (CVE-2026-40369). A detailed write-up and exploit for this vulnerability were published on May 14, two days after the May MSPT. T…

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities by Positive Technologies. Once again, single-vendor, Microsoft-focused, and unusually compact. While the previous March edition had four trending vulnerabilities , this April edition has only one. In the upcoming May edition, we expect at least three tre…

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability . Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This vulnerability is from the April Linux Patch Wednesday . Details about this vulnerability were published on A…