Cve 2026 12897
The latest Cve 2026 12897 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Windows 10 Extended Security Updates Enrollment Window Expands to October 2027
Microsoft has extended the Windows 10 Extended Security Updates enrollment window through October 12, 2027, giving businesses and individuals more time to purchase security patches after the operating system’s 2025 end of support. The quiet policy change removes immediate upgrade pressure, allows late entry into the ESU program, and signals a revenue-driven strategy to capitalize on the slow Windows 11 transition.
Microsoft Extends Windows 10 Security Patches for Home Users to October 2027
Microsoft has extended its Windows 10 Extended Security Updates program for consumers to October 12, 2027, adding a second year of critical security patches for a $30 one-time fee. The extension gives home users more time to plan upgrades or keep existing PCs secure before final end-of-support. Enrollment details remain sparse, but the move acknowledges the large number of PCs unable to officially upgrade to Windows 11.
CISA Urges Healthcare Providers to Patch Critical File Write Flaw in pynetdicom Library
CISA's ICS Medical Advisory warns of an unauthenticated path traversal vulnerability in pynetdicom versions before 3.0.4, allowing arbitrary file writes on Windows and Linux systems. Healthcare organizations using DICOM imaging software should immediately upgrade to patched version 3.0.4 and implement network segmentation to prevent remote exploitation.
CISA Flags High-Severity OHIF Token Leak—Immediate Patch Required to Protect Patient Data
CISA issued a high-severity medical advisory for CVE-2026-12473, a token leak flaw in OHIF Viewer's DICOM framework that exposes authenticated OIDC bearer tokens. The vulnerability affects versions 3.12.0 and earlier, and could allow attackers to impersonate clinicians and access medical images. OHIF v3.12.2 fixes the issue, and organizations are urged to patch immediately and rotate tokens.
Azure Administration Skills in 2026: Security, Cost Control, and Identity Mastery Are Non-Negotiable
Azure administration skills are critical in 2026 as enterprises accelerate cloud migrations, face escalating security threats, and demand rigorous cost control. Mastery of Microsoft Entra ID, cost management, security frameworks, and automation is no longer optional—it’s essential for secure, cost-effective cloud operations and career resilience.
CISA Flags EVoke Systems Flaw: Unauthenticated OCPP WebSockets Expose Chargers to Spoofing Attacks
CISA's June 25, 2026 advisory reveals that EVoke Systems' Charging Station Management System accepts WebSocket connections without proper authentication, allowing attackers to spoof EV chargers. This flaw could enable billing fraud, charging disruptions, and grid instability. Operators are urged to implement mutual TLS, network segmentation, and monitoring while awaiting a vendor patch.
Schneider PowerLogic P7 Patch Forces Reboot, Exposes OT to Real-World Risks
Schneider Electric’s firmware update for PowerLogic P7 relays fixes three critical vulnerabilities but demands a reboot that could disrupt critical infrastructure operations. The patch highlights the clash between IT security timelines and OT uptime requirements, with Windows management consoles playing a pivotal role in the update process.
CISA Flags Horner Cscape Flaw Allowing Local Code Execution via Malicious CSP Files
CISA published an advisory on June 25, 2026, for CVE-2026-12897, a local code execution flaw in Horner Automation Cscape versions before 10.2 SP3. The vulnerability allows attackers to craft malicious CSP project files that, when opened, can execute arbitrary code on Windows workstations. Horner has released a patch, and organizations are urged to upgrade immediately to prevent exploitation in industrial control system environments.
CISA Reissues Urgent Alert on Yokogawa FAST/TOOLS Information Disclosure Flaw
CISA has reissued Yokogawa's advisory for CVE-2026-11833, a high-severity information disclosure vulnerability in FAST/TOOLS and Collaborative Information Server. The flaw could allow unauthenticated attackers to retrieve sensitive engineering data from process automation systems. Affected versions R9.01 through R10.04 and R1.01 through R1.04 require immediate patching or network isolation.
Medical Imaging Networks at Risk: CISA Warns of Unauthenticated Access via pynetdicom Flaw
CISA published a medical advisory on June 25, 2026, warning that pynetdicom versions 1.0.0 through 3.0.3 contain a path traversal flaw allowing unauthenticated access to medical imaging files. Healthcare organizations must immediately upgrade to pynetdicom 3.0.4 and implement network defenses to prevent data breaches and operational disruption.
CISA Warns of Command Injection and Malicious File Upload in H.VIEW HV-500S6 Cameras—What Windows Users Need to Know
CISA has issued an urgent advisory for the H.VIEW HV-500S6 IP camera due to command injection and malicious file upload flaws. Windows users running NVR software on the same network face a high risk of lateral movement if the camera is compromised. Immediate mitigation includes network segmentation, disabling cloud features, and hardening firewall rules.
CISA Flags OHIF Medical Viewer Token Leak—Patch Before Attackers Craft Malicious Links
CISA issued a critical medical advisory on June 25, 2026, for CVE-2026-12473, a token leak vulnerability in the OHIF Viewer DICOM framework. Attackers can steal clinician OIDC tokens via crafted links, gaining unauthorized access to medical imaging systems. All versions up to 3.12.0 are vulnerable; patched in 3.12.2. Immediate upgrade, token rotation, and network egress restrictions are strongly advised.
CISA Flags Unpatched DTM Soft Deserialization Flaw That Could Let Attackers Hijack Windows OT Systems
CISA warns that all versions of Delta Electronics' DTM Soft are vulnerable to a high-severity deserialization flaw (CVE-2026-12578) enabling local code execution on Windows OT endpoints. With no patch available, operators must apply strict access controls and network segmentation to protect industrial control systems until Delta releases a fix.