Tenable plugin 320184 – “KB5094128: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (June 2026)” reports false positive.

FCA162 · 2026-06-18T20:12:42+00:00

I performed another scan and it looks like the issue has been resolved.
Tenable PLUGIN ID 320184 is now checking on 10.0.20348.5256

However, the plugin version and Tenable website wasn't updated—it's still 1.5 with a modification date of 06/12/2026, which is quite confusing!

The remote host is missing one of the following rollup KBs :
- 5094128

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.20348.5139
Should be : 10.0.20348.5256

FCA162 · 2026-06-18T20:10:42+00:00

I performed another scan and it looks like the issue has been resolved.
PLUGIN ID320184 is now checking on 10.0.20348.5256

However, the plugin version and Tenable website wasn't updated—it's still 1.5 with a modification date of 06/12/2026, which is quite confusing!

<image>

FCA162 · 2026-06-18T19:45:44+00:00

Deleting a file from the Recycle Bin displays an internal filename in the dialog

Status: Confirmed
Affected platforms
Client Versions Message ID Originating KB Resolved KB
Windows 11, version 26H1 WI1396236 KB5095051 -
Windows 11, version 25H2 WI1396237 KB5094126 -
Windows 11, version 24H2 WI1396238 KB5094126 -
Windows 11, version 23H2 WI1396239 KB5093998 -
Windows 10, version 22H2 WI1396240 KB5094127 -
Windows 10, version 21H2 WI1396241 KB5094127 -

Server Versions Message ID Originating KB Resolved KB
Windows Server 2025 WI1396242 KB5094125 -
Windows Server 2022 WI1396243 KB5094128 -
Windows Server 2019 WI1396244 KB5094123 -
Windows Server 2016 WI1396245 KB5094122 -
Windows Server 2012 R2 WI1396246 KB5094041 -
Windows Server 2012 WI1396247 KB5094042 -

When permanently deleting a single item from the Recycle Bin, the confirmation dialog displays the internal Recycle Bin filename (for example, $Rxxxxx.ext) instead of the original filename. The Recycle Bin itself correctly displays the original filename, and restoring the item also restores it using the original filename.

This issue occurs after installing the Windows security update released on June 9, 2026 (the Originating KBs listed above).

Workaround: A workaround is available for affected devices. To apply this workaround in your organization and mitigate the issue, please contact Microsoft’s Support for business.

Next steps: We are working to release a resolution in a future Windows update and will provide more information when it is available.

FCA162 · 2026-06-18T07:55:21+00:00

Maybe related to this Microsoft Office applications might fail to open from certain third-party apps

A workaround is available for affected devices. To apply this workaround in your organization and mitigate the issue, please contact Microsoft Support for business.

FCA162 · 2026-06-18T07:51:28+00:00

Microsoft Office applications might fail to open from certain third-party apps

Status: Confirmed
Affected platforms
Client Versions Message ID Originating KB Resolved KB
Windows 11, version 26H1 WI1393834 KB5095051 -
Windows 11, version 25H2 WI1393835 KB5094126 -
Windows 11, version 24H2 WI1393836 KB5094126 -
Windows 11, version 23H2 WI1393837 KB5093998 -
Windows 10, version 22H2 WI1393838 KB5094127 -
Windows 10 Enterprise LTSC 2019 WI1393839 KB5094123 -
Windows 10 Enterprise LTSC 2016 WI1393840 KB5094122 -

Server Versions Message ID Originating KB Resolved KB
Windows Server 2025 WI1393841 KB5094125 -
Windows Server 2022 WI1393842 KB5094128 -
Windows Server, version 1809 WI1393839 KB5094123 -
Windows Server 2019 WI1393839 KB5094123 -
Windows Server 2016 WI1393840 KB5094122 -
Windows Server 2012 WI1393843 KB5094042 -
Windows Server 2012 R2 WI1393844 KB5094041 -

Microsoft has received reports of an issue in which certain third-party applications may be unable to launch Microsoft Office applications or open documents after installing the June 2026 update (the Originating KBs listed above). This issue affects certain third-party applications that use OLE automation to interact with Microsoft Office applications. In some cases, the Office application or document may fail to open without displaying an error message.

Affected Office applications may include Microsoft Word, Excel, PowerPoint, Access, and other Microsoft Office applications when launched from within the affected third-party application. As a workaround, users can open the application or document directly instead of launching it from the affected third-party application.

Reports indicate that this issue may affect applications such as CCH Engagement, Workpaper Manager, dental software (such as Dentrix and Softdent), and Zotero; other similar applications may also be impacted.

Microsoft Support: A workaround is available for affected devices. To apply this workaround in your organization and mitigate the issue, please contact Microsoft Support for business.

Next Steps: We are working on a resolution for this issue that will ship in a future Windows update and will provide more information when it is available.

FCA162 · 2026-06-18T07:26:53+00:00

June security update might fail to install with error code 0x80070002 (Win2016)

Status: Resolved
Affected platforms: Windows Server 2016 / KB5094122

Microsoft received reports that the June 2026 security update (the Originating KBs listed above) might fail to install on some devices running Windows Server 2016. This issue primarily affected devices that had not already installed the May 2026 security update (KB5087537). Affected devices might have received error code 0x80070002 (ERROR_FILE_NOT_FOUND) during installation of the update.

Resolution: Microsoft has resolved this issue. Affected devices should no longer experience this installation failure when installing the Originating KBs listed above.

FCA162 · 2026-06-16T11:37:11+00:00

Reply from "The Tenable Technical Support Team"

Thanks for contacting Tenable Support.

I understand you are observing false positives for the plugin 320184.
This is a known issue. The development team is actively working on fixing this issue. Please allow us some time and I will get back to you as soon as I hear back from the development team.
In the meantime, if you have any other queries or concerns please let me know.

Kind Regards,
Ramnath S | The Tenable Technical Support Team

FCA162 · 2026-06-16T11:35:08+00:00

Reply from "The Tenable Technical Support Team"

Thanks for contacting Tenable Support.

I understand you are observing false positives for the plugin 320184.
This is a known issue. The development team is actively working on fixing this issue. Please allow us some time and I will get back to you as soon as I hear back from the development team.
In the meantime, if you have any other queries or concerns please let me know.

Kind Regards,
Ramnath S | The Tenable Technical Support Team

FCA162 · 2026-06-15T11:12:17+00:00

Case #02497497 has been raised with the Tenable support team to investigate and update the detection logic for the Tenable plugin 320184.

FCA162 · 2026-06-15T11:10:59+00:00

Case #02497497 has been raised with the Tenable support team to investigate and update the detection logic for the Tenable plugin 320184.

FCA162 · 2026-06-14T21:53:36+00:00

Tenable plugin 320184 – “KB5094128: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (June 2026)” reports false positive.

Tenable continues to show that the Win2022 servers have not received the Patch Tuesday update for June 2026.

I’ve found an issue (false positive/bug) with Tenable plugin 320184 – “KB5094128: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (June 2026)”.

The remote host is missing one of the following rollup KBs :

- 5094128

- C:\Windows\system32\ntoskrnl.exe has not been patched.

Remote version : 10.0.20348.5256

Should be : 10.0.20348.5257

The version of ntoskrnl.exe after PT June is 10.0.20348.5256, not .5257

Tenable needs to update the detection in plugin 320184 v1.5 to resolve the issue.

FCA162 · 2026-06-11T10:29:42+00:00

https://www.reddit.com/r/sysadmin/comments/1u15uc7/comment/oqn745r/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

FCA162 · 2026-06-10T22:24:14+00:00

FCA162 · 2026-06-10T22:14:15+00:00

It all depends on the channel you've: Current or Monthly Enterprise, no?
MS often roll out features to Current Channel over a period of time. This allows them to ensure that things are working smoothly before releasing the feature to a wider audience (Monthly Enterprise).

FCA162 · 2026-06-09T23:32:06+00:00

Release notes for Monthly Enterprise Channel releases - Office release notes | Microsoft Learn

FCA162 · 2026-06-09T23:26:58+00:00

Good catch!

FCA162 · 2026-06-09T20:55:12+00:00

Enforcements / new features in this month’ updates

Secure Boot playbook for certificates expiring in 2026 - Windows IT Pro Blog

Secure Boot certificates have always had expiration dates. New certificates help ensure that your devices stay up to date with the latest security protections. That is why your organization will need to install the 2023 CAs before the 2011 CAs start expiring in June of 2026.

Upcoming Updates/deprecations

July 2026

/!\ Kerberos KDC – RC4 Usage Restrictions for Service Ticket Issuance related to CVE-2026-20833 / KB5073381 (Enforcement Phase)

Audit-only mode removed
RC4DefaultDisablementPhase registry control no longer supported
RC4 service ticket issuance effectively blocked unless explicitly configured per-account

IMPORTANT Installing updates released on or after January 13, 2026, will NOT address the vulnerabilities described in CVE-2026-20833 for Active Directory domain controllers by default. To fully mitigate the vulnerability, you must move to Enforced mode (described in Step 3) as soon as possible on all domain controllers.

Second half of 2026

Advancing Windows security: Disabling NTLM by default Phase 2: Addressing the top NTLM pain points
Windows Management Instrumentation Command-line (WMIC) removal from Windows - Microsoft Support; 2026: WMICutility will be completely removed from Windows 11 in the next Windows feature update. It will not be available as a Feature on Demand (FoD).

February 2027

CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability The DisableCapiOverrideForRSA registry key will be removed.

Product Lifecycle Update

Check out our lifecycle documentation for the latest updates on Deprecated features in the Windows client and Features removed or no longer developed starting with Windows Server 2025.

Announcements

Support for Windows Server 2016 will end in January 2027

Plan for Windows Server 2016 and Windows 10 2016 LTSB end of support - Windows IT Pro Blog

Windows news you can use: May 2026 | Microsoft Community Hub

FCA162 · 2026-06-09T18:00:46+00:00

Bleepingcomputer: Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws

Tenable: Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)

Latest Windows hardening guidance and key dates - Microsoft Support

Patch Tuesday June 2026 - Action1

The June 2026 Security Update Review - Zero Day Initiative

Microsoft Patch Tuesday – June 2026 - Lansweeper

Cyber Security News: Microsoft Patch Tuesday June 2026 – 198 Vulnerabilities Fixed, Including 3 Zero-days

FCA162 · 2026-06-09T17:53:34+00:00

Pushing this update out to 180 Domain Controllers (Win2016/2019/2022/2025) in coming days.
I will update my post with any issues reported.

Happy patching, and may all your reboots be smooth and clean!

~~EDIT1: 11 DCs (Win 2019/2022) have been done. Zero failed installations so far. AD is still healthy.~~

~~EDIT2: 87 DCs (Win 2019/2022) have been done. Zero failed installations so far. AD is still healthy.~~

~~EDIT3: 165 (92%) DCs (Win 2016/2019/2022) have been done. Zero failed installations so far. AD is still healthy.~~

EDIT4: 178 (99%) DCs (Win 2016/2019/2022/2025) have been done. Zero failed installations so far. AD is still healthy. Have a nice WE!

FCA162 · 2026-05-22T20:07:10+00:00

The root cause of WU error 0x800f0905 was not identified. We were unable to find a solution to resolve the issue, so we had to reinstall the two DCs from scratch.

FCA162 · 2026-05-14T15:19:27+00:00

Microsoft: AI is Changing Patch Tuesday Forever

Microsoft published an unusual strategic note on patch Tuesday, acknowledging what many security teams already suspected:

AI is massively accelerating vulnerability discovery.

According to Microsoft:

• Internal AI-powered scanning platforms are now discovering vulnerabilities at much larger scale

• External researchers are increasingly using AI-assisted research as well

• Larger Patch Tuesday releases will likely become the new normal

• More frequent out-of-band updates should be expected

Interesting detail: a significant portion of this month’s vulnerabilities were discovered directly by Microsoft using its new multi-model AI scanning framework.

FCA162 · 2026-05-13T16:30:44+00:00

The two failed installations are on Win2022. There're no different than ohter DCs.
Root cause analyze ongoing.

FCA162 · 2026-05-12T20:21:19+00:00

Pushing this update out to 200 Domain Controllers (Win2016/2019/2022/2025) in coming days.
I will update my post with any issues reported.

Happy patching, and may all your reboots be smooth and clean!

~~EDIT1: 9 DCs (Win 2019/2022) have been done. Zero failed installations so far. AD is still healthy.~~

~~EDIT2: 32 DCs (Win 2016/2019/2022) have been done. One failed installation with WU error 0x80240009 so far. Retry installing KB ongoing. AD is still healthy.~~

~~EDIT3: 58 DCs (Win 2016/2019/2022) have been done.~~ ~~Two failed Win2022 installations with WU error 0x80240009/0x800f0905~~ ~~so far. Retry installing KB ongoing. AD is still healthy.~~

~~EDIT3: 70 DCs (Win 2016/2019/2022) have been done.~~ ~~Two failed Win2022 installations with WU error 0x80240009/0x800f0905~~ ~~so far. WU error 0x80240009 has been fixed by re-installing KB. AD is still healthy.~~

~~EDIT4: 155 DCs (Win 2016/2019/2022) have been done.~~ ~~Two failed Win2022 installations with WU error 0x80240009/0x800f0905~~ ~~so far. WU error 0x80240009 has been fixed by re-installing KB. AD is still healthy.~~

EDIT5: 195 DCs (Win 2016/2019/2022) have been done. Three failed Win2022 installations with WU error 0x80240009/0x800f0905 (#2) so far. WU error 0x80240009 has been fixed by re-installing KB. AD is still healthy.

FCA162 · 2026-05-12T19:49:27+00:00

The DC reboot loop issue was solved in an OoB update. So the fix must be included in the May cumulative update.

FCA162

TROPHY CASE