Security Advisory 0140

Security Advisory 0140 PDF Date: June 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | June 3, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-10040 CVSSv3.1 Base Score: 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSSv4.0 Base Score: 6.8...

Your Windows PC has a security deadline in June 2026

A Secure Boot certificate refresh is rolling out across supported Windows devices through Windows Update. In June 2026, the Secure Boot certificates that have shipped inside Windows since 2011 begin to expire, and Microsoft is replacing them with new 2023-dated certificates. The good news: If you...

May 26, 2026—KB5089573 (OS Builds 26200.8524 and 26100.8524) Preview

May 26, 2026—KB5089573 OS Builds 26200.8524 and 26100.8524 Preview ​​​​This cumulative update for Windows 11, version 25H2 and 24H2 KB5089573, includes production-quality improvements. Visit the Windows release health dashboard for the latest status on this release. Announcements and messages Thi...

Astra Linux - уязвимость в grub2

The GRUB2’s shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules being loaded in GRUB2, thereby breaking the secure boot trust-chain...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module that serves as a dependency without checking whether any other dependent modules are still loaded, leading to a “use-after-free” scenario. This could allow arbitrary code to be...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2 in versions prior to 2.06, where it incorrectly enabled the use of the ACPI command when Secure Boot was enabled. This flaw allows an attacker with privileged access to create a Secondary System Description Table SSDT containing code that can overwrite the Linux...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, if the IMA appraisal method is used with the “imaappraiselog” boot parameter, lockdown can be circumvented using kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents the “imaappraiselog” parameter from being set during boot, but this does not cover...

Astra Linux - уязвимость в edk2

In Ubuntu’s EDK2, a insecure default setting was left enabled, allowing UEFI Shell to be used. This enables an attacker with access to the operating system to bypass Secure Boot...

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...

Astra Linux - уязвимость в grub2

A flaw was discovered in the HFS filesystem. When reading the name of an HFS volume during the grubfsmount function, the HFS filesystem driver uses the user-provided volume name as input without properly verifying the length of that name. This issue may lead to a heap-based out-of-bounds write...

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

EUVD-2026-29685

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability

...

CVE-2026-41097

Reliance on a component that is not updateable in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

CVE-2026-41097

CVE-2026-41097 describes a local security bypass in Windows Secure Boot caused by reliance on a non-updateable component. An authorized attacker could bypass a security feature locally. The CVE’s metrics show a medium base score (CVSS 3.1: 6.7; Local attack vector; high confidentiality/integrity/...

CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability

...

May 12, 2026—KB5087420 (OS Build 22631.7079)

May 12, 2026—KB5087420 OS Build 22631.7079 ​​​​​This cumulative update for Windows 11, version 23H2 KB5087420, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security updates,...

May 12, 2026—Hotpatch KB5087423 (OS Build 26100.32772)

May 12, 2026—Hotpatch KB5087423 OS Build 26100.32772 This update applies to Windows Server 2025 Datacenter & Standard machines connected to Azure Arc. To learn more about differences between security updates, optional non-security preview updates, out-of-band OOB updates, and continuous innovatio...