Cve 2025 27492
The latest Cve 2025 27492 coverage — news, analysis, and updates from the WindowsNews.AI desk.
June 2026 Windows Security Update Blocks Desktop.ini Folder Icons via Trust
Microsoft’s June 9, 2026 security update for Windows 10, 11, and Server blocks loading of desktop.ini files that lack a trusted Mark of the Web zone identifier, reverting custom folder icons to defaults. The change is a security hardening measure against malicious icon handlers, but it disrupts personalization and corporate folder templates. Workarounds include manually unblocking files, using Group Policy to elevate network zones, or applying registry overrides.
Teams Automatic Work Location Updates vs June Patch Tuesday: Privacy, Governance, Security
Microsoft’s automatic work location feature via Places raises critical privacy and governance questions as it collides with June Patch Tuesday security updates. The article explores how Wi-Fi-based location detection works, the vulnerabilities patched in June, and the best practices for a secure, privacy-respecting rollout.
Microsoft Edge Stable Moves to 2-Week Releases: What IT, Users, and Devs Should Do
Microsoft will accelerate Edge Stable to a two-week major release cycle starting with version 152 in August 2026, while preserving the Extended Stable channel for enterprises. This change reduces security patch lag, demands automated testing from IT and developers, and signals a broader industry shift toward faster browser updates.
KB5094126 for Windows 11: Low Latency Profile Makes Start and Search Feel Faster
Microsoft's KB5094126 update for Windows 11, released on June 9, 2026, introduces a Low Latency Profile that speeds up the Start menu and Search. It applies to versions 24H2 and 25H2, bringing builds 26100.8655 and 26200.8655, alongside the usual security fixes. The performance tweak optimizes CPU and I/O priority for shell interactions, delivering a noticeable snappiness boost.
CISA Adds Ivanti Sentry CVE-2026-10520 to KEV: Root RCE Patch by June 14
The U.S. Cybersecurity and Infrastructure Security Agency has added a critical Ivanti Sentry OS command injection vulnerability, CVE-2026-10520, to its Known Exploited Vulnerabilities catalog, requiring federal agencies to patch by June 14, 2026. This flaw allows unauthenticated attackers to execute arbitrary code with root privileges, posing a severe risk.
June 9, 2026 Windows Updates: desktop.ini Trust Changes Break Folder Icons
Microsoft's June 9, 2026 Windows security updates changed how desktop.ini files with Mark of the Web are handled, breaking custom folder icons and localized names across Windows 10, 11, and Server. The article explores the impact, workarounds, and the trade-off between security and user customization.
June 2026 Patch Tuesday Fixes Windows Server 2025 BitLocker Recovery Boot Issue
Microsoft's June 9, 2026 Patch Tuesday update (KB5094125) fixes a Windows Server 2025 BitLocker issue where an April security update caused recovery prompts due to altered TPM PCR7 measurements during boot. The problem affected servers with specific Secure Boot and BitLocker policies, forcing admins to enter recovery keys repeatedly. The patch restores compatibility and is recommended for all Windows Server 2025 deployments.
Windows 11 KB5094126 (June 2026): Hidden Low Latency Profile Boost for Start & Search
Microsoft's June 2026 Patch Tuesday update KB5094126 for Windows 11 24H2 and 25H2 includes a hidden low latency profile that speeds up the Start menu and Search. The update raises build numbers to 26100.8655 and 26200.8655 while delivering critical security fixes. Early testing shows noticeable responsiveness gains without major battery impact.
CISA Flags Hard-Coded MQTT Secrets in Yarbo Robots, Enabling Fleet Takeover
CISA issued a critical advisory warning that Yarbo’s mobile apps contain hard-coded MQTT credentials and weak broker authorization, allowing remote attackers to control entire robot fleets. The flaws expose users to sabotage, surveillance, and network intrusion; mitigation requires immediate vendor patches and network segmentation until fixed.
CISA Brickcom Camera Flaws: Default Credentials Expose Live Video & Admin Control
CISA issued advisory ICSA-26-162-03 warning that Brickcom Cube, Dome, Bullet, and Box cameras running firmware 3.2.3.5.6 contain a critical default credential vulnerability (CVSS 9.8). Attackers can remotely access live video and admin controls. With no patch available, CISA urges immediate disconnection and credential changes.
OP-512: Why Attackers Target Internet-Facing IIS and Legacy .NET for Espionage
ReliaQuest disclosed a new China-linked threat group, OP-512, that compromises internet-facing IIS servers using a custom three-part web shell to evade detection and conduct espionage. The campaign exploits legacy .NET vulnerabilities and poor network segmentation, highlighting the need for aggressive patching, application allowlisting, and DMZ isolation.
Windows 11 June 2026 Update KB5094126: Low Latency Profile Boosts System Responsiveness
Microsoft's June 2026 Patch Tuesday update KB5094126 brings the Low Latency Profile to all Windows 11 24H2 and 25H2 users, enhancing system responsiveness for audio, video, and gaming workloads. The update includes critical security fixes and quality improvements, with some known issues like delayed profile activation.
Windows 11 (June 2026) IAKerb & LocalKDC: Kerberos Without NTLM Fallback
Microsoft has rolled out IAKerb and LocalKDC to Windows 11 Insider Canary builds, enabling Kerberos authentication even when a domain controller is unreachable. These extensions eliminate the need for NTLM fallback by tunneling Kerberos over HTTP and providing a local KDC, giving administrators a practical path to disable NTLM entirely.