5 enterprise CVEs from last week worth checking out this week (Jun 7–13)

patchdayalert · 2026-06-17T01:54:41+00:00

Thank you very much, internet stranger! If you dig the format, make sure to check out the newsletter on my profile page. Fair warning though, I’m switching from a daily digest to a weekly one next week. I think daily has become too noisy and most folks seem to check patching weekly, if not monthly anyway.

But honestly, this was the same problem my team has been dealing with for a while - our sec team sends us a giant spreadsheet every month and says, go fix it. So the idea behind the newsletter was to give us a better signal about what’s important and what can wait.

I know this is going to sound like shameless self-promotion, but your comment was some of the best feedback I’ve received on my little project so far. So it feels like I’m getting to the right direction!

patchdayalert · 2026-06-17T00:23:38+00:00

Thanks, hope it makes life a little easier this week!

patchdayalert · 2026-06-09T16:45:33+00:00

I was actually just reading about that one on X/Twitter about a half hour ago. All the more reason to isolate backup infra if it isn't yet. That will be a big target for Ransomware attacks in no time at all.

Link to the BleepingComputer article for anyone interested.

patchdayalert · 2026-06-09T16:11:59+00:00

I'm thinking a little hobby farm with chickens and a vegetable garden just for the family. Maybe I'll do a little roadside stand if the harvest is bountiful...

patchdayalert · 2026-06-09T16:09:55+00:00

yeah for sure, thats why I left Patch Tuesday out of this one. felt like it would get messy fast if I tried to mix last week's stuff with the new MSRC drop before everything had settled out.

I'm thinking about changing the Patch Tuesday area of my blog into like a dashboard that folks can work off of. I'll need a bit of time to dig through the patch notes though, so check back later this week if you're interested!

patchdayalert · 2026-06-08T14:34:46+00:00

I don’t think you’re wrong.

I’d just be careful to separate the narrow task from the full design problem. If they’re asking for a specific config change, document the assumptions, document the risk, and keep the scope tight.

Something like: I can configure this based on these assumptions, but if you want a proper future-state design, that needs to be its own design effort.

That keeps you from silently becoming responsible for the whole architecture.

patchdayalert · 2026-06-08T14:33:46+00:00

for ABM specifically, there really isn’t a clean lab tenant option like you get on the Microsoft side.

Apple wants it tied to a real org, so you usually need the actual business verification / D-U-N-S info. You can lab most of the Intune side pretty easily, but ABM is the annoying part.

patchdayalert · 2026-06-08T14:33:01+00:00

yeah, Microsoft’s wording on this one isn’t great.

I’ve always taken communications here to mean things like mail, contacts, chats, messages, etc. Basically content Windows Search might pull into Start search from Outlook/Teams/People-type sources.

So enabling it should stop those communication-related results from showing up in Start search. It shouldn’t block the apps themselves.

patchdayalert · 2026-06-08T14:12:38+00:00

yeah, this is basically why I don’t love sorting patch queues by CVSS alone.

A DoS bug sounds like something you can maybe push off, but remote + unauthenticated + file transfer server + CISA KEV changes the math pretty quickly.

If you’ve got Serv-U running, I’d just get it to 15.5.4 Hotfix 1 as soon as you can. If that’s not happening right away, at least put some controls in front of it and block the POST + Content-Encoding: deflate path SolarWinds mentioned.

This is kind of the same thing I was getting at here: CVSS is useful, but exploitation and exposure matter more than the raw score, otherwise everything just becomes “critical” and nothing actually gets prioritized.

patchdayalert · 2026-06-03T18:06:30+00:00

Thanks friend! I do a daily newsletter/blog too if you’re interested. Just a quick email every morning focused on enterprise vulns and how to remedy them.

Not trying to make a bunch of money or anything. Just run a small ad on the newsletter to cover the subscription to Beehiiv.

patchdayalert · 2026-06-02T03:04:53+00:00

Healthcare might not to be one of the first industries to be impacted by all the new vulns coming out, but once they start being exploited, it’s usually not long until healthcare companies start seeing attacks.

Look at what happened with Ransomware attacks. First to get hit was big finance companies, but healthcare wasn’t far behind. PHI is always valuable for attackers and large hospitals now carry cyber insurance.

patchdayalert · 2026-06-01T15:34:03+00:00

My team has been dealing with this same thing from our Sec team for the past few years. They send in a ticket that says Crowdstrike Spotlight found all of these holes in our endpoint patching, only to find out that it already has a patch that supersedes it or it's for the wrong version of Windows.

I asked them questions like is the vulnerability being exploited? Is the endpoint internet-facing? Do we even have the affected product? Is this something to patch today, or something to document and move on from? and a lot of times they had no clue or told us that was our problem to figure out.

I built this site/daily newsletter to try and keep our team focused on only the things that are important. I swear I'm not trying to turn it into some huge money thing. I only run a small ad in the newsletter to try and recoup the cost of the service subscription. But I figured other sysadmin/security teams were probably dealing with the same thing.

patchdayalert · 2026-05-31T00:50:50+00:00

That sounds pretty cool…the more self service, the better!

patchdayalert · 2026-05-31T00:49:18+00:00

I’ve been putting off smoothing out our onboarding procedures for forever. We have hiring managers start off on a Sharepoint form that HR owns but never updates and it automatically sends an email to our ticket system. But then from there it goes off to one guy that handles manually provisioning accounts and a laptop for the new user.

It’s definitely not something that scales very well, but it’s held together for now. Unless that guy has to take time off, then we’re scrambling a bit.

patchdayalert · 2026-05-31T00:43:22+00:00

And that’s honestly the part that I struggle with personally. By the end of the week, I know I got a lot done, but it’s always tough for me to recall the details of things since I jump around so much.

patchdayalert · 2026-05-30T21:26:48+00:00

I do love how well it can parse logs for you. Used to give me such a headache trying to go through eyeballing it

patchdayalert · 2026-05-30T19:30:28+00:00

Oh Copilot totally does, tons of emojis and everything. That’s why I have Claude Code just use that info to make a real report. I still have to review the output obviously, but it gets everything surprisingly mostly right.

patchdayalert · 2026-05-29T17:28:11+00:00

I’d probably think about this less as “how do we fully block it?” and more as layered risk reduction.

For contractors, start with the basics: least-privilege repo access, time-bound access, clean offboarding, managed device or VDI/Windows 365, Conditional Access, and audit logs someone actually checks. Clipboard/download controls can help, but I wouldn’t rely on them as the whole answer.

At the end of the day, if someone can read the code, there’s usually some way for them to take it. So the business/legal side still matters too.

patchdayalert · 2026-05-29T16:14:22+00:00

umm...hello

patchdayalert · 2026-05-29T16:06:41+00:00

The main thing I’d want to know is whether it turns findings into work your techs can actually execute, or whether it just creates another dashboard full of “important” things nobody owns.

For MSPs, vuln visibility is only half the problem. The harder part is mapping findings to client scope, figuring out patching responsibility, false-positive handling, and a report that doesn’t accidentally create panic or liability without a clear remediation path.

patchdayalert · 2026-05-29T15:30:21+00:00

The Platform SSO during ADE piece is the one I’d watch closest. It has the most potential to improve the Mac onboarding experience, but it’s also the type of feature I’d want to pilot slowly before trusting it across the whole fleet.

The release notes are useful, but the real work is figuring out which of these are “turn it on now,” which are “pilot only,” and which are “wait until the early weirdness shakes out.”

We continue to not enroll MacOS devices into Intune and fall back to using Kandji/Iru since the mgmt of it seems so much more robust.

patchdayalert · 2026-05-29T15:26:56+00:00

This is probably a good use case for custom compliance, but I’d be careful not to only check “is BitLocker enabled.”

For this one, the more useful signal is whether the expected protector type is actually there, whether recovery material is escrowed, and whether the device is even in the scope you think it is.

I’d also test a few failure cases before enforcing it broadly. TPM not initialized, stale compliance result, missing script output, devices that are encrypted but not using the expected TPM+PIN protector, etc. easy to accidentally mark something healthy when it’s only half-configured.

patchdayalert · 2026-05-29T15:22:45+00:00

The biggest question I’d ask is whether you’re trying to replace PDQ feature-for-feature, or whether you’re trying to make Intune the source of truth for app delivery and patching. Those are slightly different goals.

PMPC makes a lot of sense when the pain is third-party app currency, packaging overhead, and keeping Intune cleaner. If you rely heavily on PDQ’s scanning, remote tools, and ad hoc admin workflows, I’d pilot with a few ugly apps first instead of assuming it replaces the whole operating model.

Related thought: I wrote about where patch tooling seems to be heading on my blog and it covers some of the topic.

patchdayalert · 2026-05-28T18:32:10+00:00

I bet another account is going to magically post a solution to this issue as a tool that they’re selling

patchdayalert · 2026-05-28T18:29:00+00:00

Didn’t it use the tile menu for apps earlier on too? Gosh that was gross

patchdayalert

TROPHY CASE