CLSA-2026-1778177253 perl: Fix of 2 CVEs

CVE-2023-47038: fix write past buffer end via illegal user-defined Unicode property, for almalinux9.2esu - CVE-2025-40909: clone dirhandles without fchdir, for almalinux9.2esu...

March 10, 2026—KB5078775 (Monthly Rollup)

March 10, 2026—KB5078775 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only ar...

February 10, 2026—KB5075971 (Monthly Rollup)

February 10, 2026—KB5075971 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

KLA90838 Multiple vulnerabilities in Microsoft Product (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to bypass security restrictions, gain privileges, execute arbitrary code, obtain sensitive information, cause denial of service, spoof user interface. Below is a...

December 9, 2025—KB5071546 (OS Builds 19045.6691 and 19044.6691)

December 9, 2025—KB5071546 OS Builds 19045.6691 and 19044.6691 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business...

November 11, 2025—KB5068905 (Monthly Rollup)

November 11, 2025—KB5068905 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

KLA89277 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products ESU. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges, obtain sensitive information, spoof user interface. Below is a complete list of...

Malicious code in @zalastax/nolb-esu (npm)

The package @zalastax/nolb-esu was found to contain malicious code...

MAL-2025-11352 Malicious code in @zalastax/nolb-esu (npm)

The package @zalastax/nolb-esu was found to contain malicious code...

July 22, 2025—KB5062649 (OS Build 19045.6159) Preview

July 22, 2025—KB5062649 OS Build 19045.6159 Preview Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for t...

May 13, 2025—KB5058403 (Monthly Rollup)

May 13, 2025—KB5058403 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

November 12, 2024—KB5046639 (Security-only update)

November 12, 2024—KB5046639 Security-only update End of support information Windows Server 2008 SP2 Extended Security Updates ESU third and final year ended on January 10, 2023. Additionally, Extended Security Updates on Azure only support ended on January 9, 2024. For more information, see...

November 12, 2024—KB5046682 (Monthly Rollup)

November 12, 2024—KB5046682 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

November 12, 2024—KB5046697 (Monthly Rollup)

November 12, 2024—KB5046697 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only...

CVE-2024-50591 Local Privilege Escalation via Command Injection

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...

October 8, 2024-Security Only Update for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 (KB5044086)

October 8, 2024-Security Only Update for .NET Framework 2.0, 3.0, 3.5 SP1, 4.6.2 for Windows Server 2008 SP2 KB5044086 Applies to: Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4.6.2 REMINDER Windows Server 2008 R2 SP1 have...

October 8, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 (KB5044085)

October 8, 2024-Security Only Update for .NET Framework 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2008 R2 SP1 KB5044085 Applies to: Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7....

October 8, 2024—KB5044342 (Monthly Rollup)

October 8, 2024—KB5044342 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012. For a successful installation, please make sure all Subset of endpoints for ESU only a...

KLA73910 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, spoof user interface, cause denial of service, obtain sensitive information, bypass security restrictions. Below is a...

KB5043049: Cumulative security update for Internet Explorer: September 10, 2024

KB5043049: Cumulative security update for Internet Explorer: September 10, 2024 Important Certain versions of Microsoft Internet Explorer have reached the end of support. Note that some versions of Internet Explorer may be supported past the latest OS end date when Extended Security Updates ESUs...