Cve 2026 11672
The latest Cve 2026 11672 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Windows Security to Add Secure Boot Readiness Indicator for Certificate Migration in April 2026
Microsoft plans to integrate a Secure Boot readiness indicator into the Windows Security app beginning April 2026, as part of the ongoing 2023 certificate migration. The feature will display clear status messages—Ready, Update needed, or Not available—directly in the Device security pane, helping both consumers and IT admins verify that their systems have applied the required UEFI revocation updates. This move simplifies what has long been a complex validation process and aligns with Microsoft's strategy to make advanced security features more transparent and accessible.
RSA Key Exchange Flaw in GnuTLS Prompts Emergency Patch for Azure Linux 3.0
Microsoft released an out-of-band patch for CVE-2026-5260, a high-severity GnuTLS RSA key exchange vulnerability in Azure Linux 3.0 that could allow attackers to decrypt TLS traffic. Immediate updating, cipher configuration review, and certificate rotation are urged to prevent potential man-in-the-middle attacks.
Microsoft Exposes ‘Mastra’ Supply Chain Attack: Over 140 npm Packages Poisoned in Account Hijack
In June 2026, Microsoft Threat Intelligence revealed a major npm supply chain attack dubbed Mastra. A compromised maintainer account led to over 140 packages being laced with malware, threatening developers worldwide. The incident highlights the critical need for stringent account security and dependency verification in modern software development.
GnuTLS PKCS#12 Parsing Flaw (CVE-2026-42015) Exposes Windows Hybrid Systems to Remote Attacks
Microsoft has disclosed CVE-2026-42015, a critical off-by-one memory corruption vulnerability in the GnuTLS library's PKCS#12 parsing that affects Windows hybrid environments including WSL and containers. Patches are available via Windows Update and updated Linux packages, but administrators must update both Windows and all WSL/container instances to fully mitigate the risk of remote code execution.
Microsoft patches CVE-2026-42013 GnuTLS bug allowing TLS certificate validation bypass via oversized SAN fields
Microsoft has disclosed CVE-2026-42013, a vulnerability in the GnuTLS library that affects several Microsoft products. An oversized Subject Alternative Name in a TLS certificate can cause GnuTLS to fall back to less secure Common Name validation, enabling man-in-the-middle attacks. Microsoft has released patches for affected components, and administrators should apply updates immediately to prevent certificate spoofing.
Microsoft Sounds Alarm Over GnuTLS CVE-2026-42012: A TLS Bypass Hitting Windows Where It Hurts
Microsoft warns that CVE-2026-42012, a GnuTLS certificate validation bypass, affects Windows through hidden dependencies in WSL, developer tools, and cloud components. The flaw lets attackers spoof server identities, demanding urgent patching across multiple products. The incident underscores the critical need for robust dependency management in modern operating systems.
Go SSH Agent Flaw Bypasses Key Confirmation, Exposing Systems to Silent Key Abuse
CVE-2026-39833 exposes a critical flaw in Go’s SSH agent that silently ignored the confirm constraint, allowing attackers to use SSH keys without user approval. The bug affects golang.org/x/crypto/ssh/agent before version 0.52.0 and could lead to stealthy lateral movement in affected systems. Immediate update to v0.52.0 and key rotation are strongly advised.
Microsoft Alerts Developers: Rust Cargo Cache Poisoning Vulnerability (CVE-2026-5223) Exposes Build Pipelines
A medium-severity vulnerability in Rust's Cargo allows local attackers to poison the package cache via symlinks, potentially injecting malicious code into builds. Microsoft issued an advisory in June 2026, urging developers to update Cargo and secure build pipelines. The flaw highlights supply chain risks in shared and ephemeral development environments.
CVE-2026-40034: Critical RCE in gitoxide’s gix-submodule Enables One-Click Supply Chain Attacks
Security researchers have disclosed CVE-2026-40034, a command injection vulnerability in the gitoxide Rust library's submodule handling. The flaw allows remote code execution via a crafted .gitmodules file, posing a severe supply chain risk. Developers are urged to upgrade to the latest patched version immediately.
Cargo Vulnerability CVE-2026-5222 Prompts Supply Chain Security Review for Windows Developers
Microsoft has acknowledged a low-severity Cargo vulnerability (CVE-2026-5222) disclosed by the Rust Security Response Team that affects Rust toolchains 1.70 through 1.79. The bug, though requiring local access, raises supply chain concerns for Windows development pipelines increasingly dependent on Rust. Developers are urged to update to Rust 1.79.1 or later and audit project manifests.
Microsoft Cuts Monthly Windows Update Reboots with Unified Approach in New Insider Build
Microsoft's Experimental Preview Build 26300.8687 introduces a unified update system that cuts monthly Windows Update reboots from two to one. The build merges servicing stack and cumulative updates into a single installation, alongside subtle File Explorer and taskbar improvements. This early test aims to eliminate the long-standing dual-reboot annoyance, with a public rollout still likely a year or more away.
USB Shortcut Malware Uses Tor SOCKS Backdoor to Steal Cryptocurrency, Microsoft Warns
Microsoft revealed a Windows cryptocurrency clipper malware active since February 2026 that spreads through malicious shortcut files on USB drives and uses Tor SOCKS proxy for command-and-control. The malware monitors the clipboard for cryptocurrency wallet addresses and replaces them with attacker-owned ones to steal funds. Users are advised to disable AutoPlay and exercise caution with unverified USB drives.
UK Moves to Outlaw Ransomware Payments for Critical Infrastructure in Sweeping Cyber Overhaul
The UK government has proposed a ban on ransomware payments for public sector and critical infrastructure entities, along with mandatory reporting and a licensing scheme for private victims. The measures aim to starve the ransomware economy and improve cyber resilience, but have drawn mixed industry reactions. Legislation is expected in 2025 after the consultation closed in October 2024.