Cve 2026 55144
The latest Cve 2026 55144 coverage — news, analysis, and updates from the WindowsNews.AI desk.
Microsoft’s July Patch Tuesday Fixes File Explorer Flaw That Could Expose Private Data on Shared PCs
Microsoft’s July 2026 security updates fix CVE-2026-40422, a File Explorer bug that could leak data to a local attacker. The patch is important but not urgent for most home users, though shared PCs and managed fleets should act quickly.
CVE-2026-41087: File Explorer update plugs data leak—what Windows users should do
Microsoft's July 2026 security update fixes CVE-2026-41087, a File Explorer vulnerability that lets any locally authenticated user read sensitive data with no user interaction. The moderately rated flaw affects nearly all supported Windows versions, but a simple cumulative update seals the leak. Shared workstations, Remote Desktop hosts, and servers are at highest risk, and the patch timeline varies by Windows release.
July 2026 Windows Updates Patch Audio Service Flaw That Leaks Event Log Memory Addresses
Microsoft’s July 2026 Patch Tuesday corrects CVE-2026-34328, an information disclosure flaw in the Windows Audio Service that leaks Event Log service memory addresses to a local attacker. While not directly exploitable for code execution, the bug can help bypass ASLR in multi‑stage attacks. The fix arrives in the monthly cumulative update for all supported Windows versions; users should patch immediately and verify their build number.
Microsoft Fixes Windows File Explorer Vulnerability That Leaks Data to Local Attackers—Apply July Updates Now
Microsoft's July 2026 Patch Tuesday fixes CVE-2026-33842, an Important‑rated information‑disclosure bug in Windows File Explorer that lets a local attacker read sensitive data without user interaction. The fix is part of the cumulative update for all supported Windows client and server editions, and it arrives alongside seven additional File Explorer information‑leak CVE fixes.
Microsoft Warns of Azure AD Infinite-Loop Flaw Triggered by Unauthenticated Attackers
Microsoft’s July 2026 Patch Tuesday includes a fix for CVE-2026-50653, an unauthenticated denial-of-service flaw in Azure Active Directory components that can crash identity services via an infinite loop. The update requires both Windows patches and a check of any applications embedding the vulnerable library, as the real risk is widespread across custom and third-party software.
Power BI Report Server's XSS Fix Requires a Specific Build—Your Last Update May Not Be Enough
Microsoft released a patch for CVE-2026-58647, an XSS vulnerability in Power BI Report Server with a CVSS score of 8.0. The fix is in build 15.0.1121.120 (May 2026 version 1.26.9682.1442); earlier builds, including other May updates, are vulnerable. Administrators should upgrade immediately and verify all nodes in scale-out deployments.
Critical SharePoint RCE Patched a Month Ago — Is Your Server Still Exposed?
CVE-2026-58644 is a critical SharePoint Server RCE with a CVSS of 9.8, exploitable without authentication. The fix was included in June 2026 updates but only disclosed in July, meaning admins who kept current are safe while others face urgent risk. This article provides a practical checklist to verify protection and patch exposed servers immediately.
Microsoft’s July 2026 Windows Updates Seal a Serious NTFS Security Hole—Patch Now
The July 2026 Windows security updates fix a heap-based buffer overflow in NTFS (CVE-2026-58640) that could let attackers execute arbitrary code with only low privileges and user interaction. While not a network worm, the vulnerability affects all supported Windows and Windows Server releases. Home users should install the patch via Windows Update; IT admins must urgently update endpoints that handle untrusted files and confirm post-patch build numbers.
Microsoft Fixes Windows Narrator Flaw That Could Give Attackers System-Level Access
Microsoft's July 2026 Patch Tuesday fixes CVE-2026-58635, a command-injection vulnerability in Windows Narrator's braille support that allows a local attacker to escalate privileges to SYSTEM. All supported Windows versions are affected, and no workarounds exist—immediate patch deployment is recommended.
Patch Microsoft PC Manager Now to Close a Privilege Escalation Hole Windows Update Won’t Touch
Microsoft disclosed a local privilege-escalation vulnerability (CVE-2026-58636) in its PC Manager application, requiring a manual update to version 3.21.6.0. The flaw, not covered by Windows Update, allows a low-privileged attacker to gain full system control. This analysis explains the risk, why it’s easy to overlook, and exactly how users and IT administrators should patch or remove the utility.
Microsoft Patches Excel Flaw CVE-2026-58618 That Could Allow Remote Code Execution via Malicious Files
Microsoft’s July 2026 Patch Tuesday included a fix for CVE-2026-58618, a high-severity Excel vulnerability that could let attackers execute code via malicious workbooks. The flaw affects many Office versions; users and admins should update immediately.
Microsoft Issues Patch for Windows Admin Center Code Execution Flaw — Upgrade to 2.7.4 Now
Microsoft has patched CVE-2026-58631, an improper-authorization vulnerability in Windows Admin Center that allows an authenticated attacker to execute code on the gateway host. The fix is version 2.7.4, and administrators must upgrade all gateways, harden access, and monitor for signs of exploitation. This vulnerability, alongside four other WAC flaws fixed in July 2026, underscores the importance of treating management tools as high-priority security assets.
Microsoft Patches a Critical 8.8-Rated Privilege Hole in Configuration Manager 2509—Here’s Your Urgent Fix Checklist
Microsoft released a fix for CVE-2026-47301, an elevation-of-privilege vulnerability in Configuration Manager 2509 that lets a low-privileged authenticated attacker gain full control over the management platform without user interaction. With a CVSS score of 8.8 and network accessibility, it’s a high-risk flaw that demands immediate patching, account audits, and network hardening across enterprise environments.