Agregátor RSS

Jedním z nedostatků, na kterém se shodnou i fandové značky, je absence fyzických ovládacích prvků v interiéru vozů Tesla. Všechno řešíte na velkém displeji, ale ovládání hmatem je jistější a bezpečnější. Řešením jsou tlačítka S3XY Buttons. Jde o počin bulharské společnosti Enhance Automotive, jsou ...

Jedním z nedostatků, na kterém se shodnou i fandové značky, je absence fyzických ovládacích prvků v interiéru vozů Tesla. Všechno řešíte na velkém displeji, ale ovládání hmatem je jistější a bezpečnější. Řešením jsou tlačítka S3XY Buttons. Jde o počin bulharské společnosti Enhance Automotive, jsou ...

Hlad po rychlé a levné konstrukci dronů pro obranný sektor stále roste a reaguje na to i japonský startup JISDA. Jeho inženýři vyvinuli malý kluzák ACM-01 Shiraha za pouhých 70 tisíc jenů (9 tisíc korun). Shirana slouží primárně jako výcviková platforma k jednorázovému použití, případné poškození ...

Sledujeme nové funkce, které s aktualizacemi přibývají do oblíbené mobilní mapové a navigační aplikace Mapy.com od českého Seznamu.

In 2024, compromised service accounts and forgotten API keys were behind 68% of cloud breaches. Not phishing. Not weak passwords. Unmanaged non-human identities that nobody was watching. For every employee in your org, there are 40 to 50 automated credentials: service accounts, API tokens, AI agent connections, and OAuth grants. When projects end or employees leave, [email protected]

Grinex, a Kyrgyzstan-incorporated cryptocurrency exchange sanctioned by the U.K. and the U.S. last year, said it's suspending operations after it blamed Western intelligence agencies for a $13.74 million hack. The exchange said it fell victim to what it described as a large-scale cyber attack that bore hallmarks of foreign intelligence agency involvement. This attack led to the theft of over 1 Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

EU dotovala Codasip miliardami, teď ho kupují Američané • . • Onsemi v ČR posiluje, ale Evropa lobbuje proti cizím vlastníkům. • Akvizice může pohřbít ambice EU na vlastní procesory pro AI a servery.

Spousta her se pokusila sesadit WoWko z trůnu MMORPG her. Žádné se to ale nepodařilo a příběh Azerothu pokračuje dál. Pojďme se podívat na všechna rozšíření, která od vydání v roce 2004 vyšla.

Threat actors are exploiting security flaws in TBK DVR and end‑of‑life (EoL) TP-Link Wi-Fi routers to deploy Mirai-botnet variants on compromised devices, according to findings from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42. The attack targeting TBK DVR devices has been found to exploit CVE-2024-3721 (CVSS score: 6.3), a medium-severity command injection vulnerability affecting Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Lidé přebírají chybné odpovědi umělé inteligence bez kritického zhodnocení • Falešná jistota způsobuje zvýšení sebedůvěry při omylech • Finanční motivace a zpětná vazba prokazatelně snižují nezdravou závislost

Jarní nákupní sezóna přináší zajímavé akce napříč kategoriemi. Tentokrát najdete v přehledu slevy na cestovní eSIM karty, parfémy, kuchyňské nože, gratis kreditní kartu i výhodné repasované počítače. Řada akcí platí jen do konce tohoto týdne, takže se vyplatí neotálet.

Identity management is a critical concern for any enterprise, and it’s becoming ever more complex and convoluted with the advent of AI agents.

World ID is taking a unique (and to some, controversial) approach to this challenge by building a ‘digital proof of human’ ecosystem for the internet. Today, at its “Lift Off” event, the Sam Altman co-founded initiative made a series of announcements, which included the launch of version 4.0 of its World ID protocol, a World ID app, World ID for Business, World ID for Agents, a new verification tool called Selfie Check, new monetization programs, and integrations with Zoom and Okta.

“It’s a re-engineering of the stack around a very simple idea: Humans should have a right to exceptional privacy and security,” Daniel Shorr, chief of staff to the CEO at Tools for Humanity, said at the event.

How ‘proof of human’ works

Billed as the infrastructure for the age of AI, World ID was co-founded by Altman and Alex Blania, and is being developed by technology company Tools for Humanity, whose iris imaging technology seeks to eliminate the need to provide emails, photos, or other personal details to prove identity.

World ID’s mission is to provide “proof of human” (POH), so that people know they are in fact interacting with another human being (or a bot on behalf of a verified human), rather than a deepfake or other unknown entity. The ideal is to reduce abuse, impersonation, fraud, and misinformation, and promote trust in online interactions.

POH ensures that only one account exists per user (‘one-person-one-ID’) via Tools For Humanity’s iris-scanning Orb device, which uses multispectral sensors and infrared light to capture high-res images of a human’s irises. These images are processed in seconds on-device to generate an ‘IrisCode,’ a unique cryptographic hash based on the iris’s unique details and textures.

IrisCodes are then compared to entries in the World Chain, a global blockchain-based database, to verify the user hasn’t previously registered. This check uses zero-knowledge proofs (ZKPs), a cryptographic prover-verifier mechanism, to confirm iris uniqueness without needing to link personal data.

If the IrisCode is identified as unique, the user receives a World ID that can be stored on their phone. IrisCodes are anonymized and fragmented across secure servers to minimize breach risks, preventing reverse engineering. The Orb also deletes original images by default.

Other World ID initiatives include Deep Face and Face Auth, which help identify deepfakes by performing private 1:1 face comparisons of selfies and Orb-captured images.

Tiago Sada, chief product officer at Tools for Humanity, emphasized the protocol’s open source nature, third-party auditing, and regular security updates. “It goes beyond standard end-to-end encryption, and it uses multiple primitives, including anonymized multi-party computation and zero knowledge proofs to protect you along the way,” he said at today’s event.

More than 18 million people across 160 countries have now verified their “humanness” via Orb and have used them more than 450 million times, execs said.

New World ID features

The new World ID 4.0 is a more scalable and powerful version of World ID that incorporates essential upgrades like key rotation (which detaches keys from identity), multi-party entropy (to ensure that every interaction is unlinkable), and finer credential controls (more ways to manage and protect information), Shorr explained.

It now includes a new verification method, “Selfie Check,” that can be used in lieu of Tools for Humanity’s Orb device. “Take a selfie and ‘boom, you’re in,’” Shorr explained. He noted that it’s not as robust as the Orb, but it’s “really, really compelling for specific use cases. Not every use case today requires the gold standard of Orb assurance.”

World ID also now includes agent delegation tools that essentially serve as what Shorr called “a power of attorney for your agent,” allowing it to perform actions on the user’s behalf.

“With the explosion of agents, the internet is fundamentally changing again,” he said. “How do you make sure the right humans are in the loop?”

This is especially important at critical moments where users or platforms need to ensure that a purchase or decision was intentional. At the same time, he said, “we don’t want Skynet.”

Security company Okta is now onboard, introducing Human Principal, a verification method based on World ID that is now available in beta.

World ID also announced upcoming new monetization efforts. Shorr noted that it’s difficult to monetize the network when you can’t share user data, but at the same time, being human is “incredibly valuable” in the age of AI, and the internet will want to know which users are human.

“We dug through the history books, and we came up with an inventively old approach: Fees,” he said. When services or developers ask for World ID proof, apps will pay a fee, not humans.

World ID and Zoom fighting deepfakes

Ensuring participants in Zoom calls are real people is another concern.

Brendan Ittelson, Zoom’s chief ecosystem officer, noted that deepfakes are more realistic than ever and the technology to create them is much more accessible, so it’s no longer a hypothetical ‘will this happen?’

Customers across Zoom’s user base are deeply concerned, he said, yet there are challenges with existing verification techniques and knowledge base options.

“The technology is evolving so fast, so doing detection techniques and all that is a constant cat and mouse game,” he said. “You really need a platform where you’re looking at [the question], ‘how can you validate someone and be privacy forward, but also have that strong human connection?’”

To address that problem, today’s announcements included the news that World ID is coming to Zoom. New capabilities will match live images with the Orb-verified ID on a user’s device when they log into a call. They can also verify themselves in real time; nothing leaves their device. World ID verification will be indicated by a badge in the user’s Zoom window.

Not everyone is convinced, though

While touted as a way to make the internet a safer, more democratic, and inclusive place, the ambitious initiative has been met with significant criticism.

Detractors, including the likes of notorious whistleblower Edward Snowden, warn of privacy and biometric data risks. They argue that storing iris data could create immense security problems, as well as the potential for its misuse and for unlawful surveillance.

Other criticisms are that World ID creates a central point of failure, requires blind trust in one company, and exploits vulnerable and developing nations. For instance, the initiative became massively popular in Kenya because iris scans were traded for Worldcoin cryptocurrency (WLD). This hinted at bribery, detractors note; the program has since been banned in the country, and is also either banned or suspended in Brazil, Indonesia, Hong Kong, and Spain.

Further, the initiative raises concerns around data protection laws, credential theft (which can be particularly catastrophic because irises are immutable), and ‘function creep’ that could eventually restrict access to sites and force participation in the program.

Indeed, Orbs, which began shipping in the third quarter of 2025, are purchased from the private Tools for Humanity organization and are owned by “community operators,” who verify World IDs with their devices and receive WLD tokens for their efforts.

Protecting this kind of biometric data is crucial, said David Shipley of Beauceron Security: He pointed to Apple’s approach, where biometric data is securely stored on-device, and only a digital expression based on that data is transmitted, never the original biometric data itself.

“This feels like a super-bad idea,” he said of World ID. While having a secure, verified digital ID as a service that can be trusted is much needed, it shouldn’t be delivered by a private sector entity, he contended.

“Private sector control of personhood feels Hollywood-style cyber dystopian,” said Shipley. “Proof of being human and proof of being a citizen are public goods and should be delivered by public bodies that can be held accountable through democratic representation.”

Fewer than 10 people worldwide have eradicated the virus with stem cells. But this case was special—no one knew his brother’s cells carried a protective mutation until transplant day.

When the 63-year-old man received a bone marrow transplant from his brother, he got a two-for-one deal. The therapy was meant to tame a life-threatening blood disorder. But it also wiped out all signs of HIV, which he had been battling for 14 years.

Called the Oslo patient, he joins a small group of people with HIV who no longer need medication after a stem cell transplant. Four years later, the donor stem cells had completely overhauled his immune system, and there were no signs of lingering virus—even in hidden reservoirs that are notoriously hard to target.

His case is special. Previous successes in long-term remission had used donated stem cells carrying a mutation in the CCR5 gene. Called CCR5Δ32, this version of the gene blocks HIV’s ability to infect and destroy immune cells, rendering the virus incapable replicating. The Oslo patient carried one copy of the protective gene variant but was still infected. His donor brother, unexpectedly, had two copies.

In three months, the patient’s immune cells were clear of viral genetic material. Now, two years after ending antiviral medication, he is “having a great time” with more energy than he knows what to do with, study author Anders Eivind Myhre at the Oslo University Hospital told Agence France-Presse. “For all practical purposes, we are quite certain that he is cured.”

Sneaky Virus

Thanks to antiviral drugs, HIV is no longer a death sentence. And HIV preexposure prophylaxis, or PrEP, reduces the chances of infection in high-risk populations. Though it once required daily pills, the FDA recently approved a twice-a-year shot, making prevention less of a headache. But access remains uneven worldwide, and many hesitate to seek the drugs for fear of stigma.

Neither drug is a cure. The HIV virus attacks T cells and gradually destroys the body’s defenses. Over time, even mundane infections like a cold or the flu become harder to fight. As HIV replicates, it infiltrates hidden reservoirs—the gut is a common holdout—and embeds itself in DNA across the body.

Antiviral drugs keep active HIV in check but can’t touch reservoirs. Even after years of control, the virus rebounds as soon as treatment stops. To truly conquer HIV, we need a cure.

Fewer than 10 people worldwide have beaten the virus after an immune system reset. The first case, in 2009, was a lucky surprise. Known as the Berlin patient, a man received a stem cell transplant for a lethal blood cancer—and the cells kept HIV at bay for 20 months without drugs. The donor stem cells carried two copies of the CCR5Δ32 mutation, revealing its potent protective effect.

Other successes followed with stem cells carrying double and single copies of CCR5Δ32, and even normal versions of the gene—suggesting unknown factors are critical “for an eradicating HIV cure,” wrote the team.

Winning the Lottery, Twice

Treating HIV wasn’t the Norwegian man’s first priority when he agreed to a stem cell transplant.

Diagnosed in 2006, he’d kept the virus suppressed for over a decade with antiviral drugs. Repeated tests found no detectable viral genetic material in his blood, and he was able to live a relatively normal life.

But in 2017, he began struggling with extreme fatigue. His blood cell counts plummeted: Including the cells carrying oxygen, fighting off infections, and preventing uncontrolled bleeding. The life-threatening condition was eventually traced to a bone marrow disease. Several treatments briefly kept symptoms in check, but then they returned. His only option was a bone marrow transplant.

The patient’s care team searched for immune-compatible donors who also carried two copies of the CCR5Δ32 mutation, hoping to simultaneously treat the blood disorder and HIV. It’s like trying to find a needle in a haystack, said study author Marius Trøseid in a press release.

As the patient’s health rapidly declined, the team focused on treating the bone marrow disease with his 60-year-old brother as the donor. On transplant day, they realized they’d hit the jackpot—the brother carried both copies of CCR5Δ32.

“We had no idea…That was amazing,” said Myhre.

Brotherly Love

The HIV-resistant stem cells began replacing the patient’s own cells within 90 days. Two years on, the transplanted cells had fully repopulated his bone marrow—which is where blood cells are born—and cured the bone marrow disease.

The immune system reboot also allowed the patient to end antiviral medications. Four years after the transplant, the donor cells had completely taken over in multiple organs, including the lower gut—a known reservoir for HIV.

It’s the first time a bone marrow transplant has achieved total replacement in the gut, wrote the team.

Tests in more than 65 million T cells, HIV’s main targets, failed to detect intact genetic material needed for the virus to grow and spread. The results suggest the “HIV reservoir had been eliminated,” wrote the team.

The man’s immune system seemed to forget the virus. Viral antibodies gradually faded, and newly minted T cells patrolled the body as usual. Liberated from the constant threat of HIV, the body’s immune defenses returned to health—as if he had never been infected.

But the therapy wasn’t all smooth sailing. Roughly a month and a half after transplant, the man experienced severe graft-versus-host disease, where transplanted cells viciously attack the body. A combination of drugs eventually quelled the assault. In a twist, a deeper analysis suggests the drugs treating the immune attack might have also helped fight the virus.

A bone marrow transplant is a last resort and only used to treat people with HIV who also have deadly bone marrow disorders. Roughly 10 to 20 percent of patients die from the procedure within a year, regardless of underlying disease. For now, antivirals remain the first option for millions of people living with the virus. But these unique cases of full, long-term remission shed light on how the virus behaves.

Scientists are still trying to define what “cure” means when it comes to HIV.

“Moving forward, a critical step will be to compare existing cases of HIV cure to identify the most effective combination of biomarkers,” wrote the team. For example, do decreased viral load, antibodies, or a boost in healthy T cells amount to a cure? How long should the changes last? And did the patient struggle with HIV even though he had a single copy of CCR5Δ32?

Individual cases only offer a glimpse into HIV’s complexity. Projects like the European-led IciStem are underway to consolidate case results so scientists can better share findings and ideas—and potentially beat HIV once and for all.

As for the Oslo patient, he’s “perhaps no longer a patient. At least he doesn’t feel like it,” said Trøseid.

The post Norwegian Man Cured of HIV by His Brother’s Stem Cells appeared first on SingularityHub.

Ucelený přehled článků, zpráviček a diskusí za minulých 7 dní.

Američtí vědci postavili jednoduché mechanické počítače, které se kompletně skládají z mechanických komponent a zvládají jednoduché výpočty. Nepoužívají ani kousek mikročipu, ani špetku elektřiny. V budoucnu by mohly vzniknout mechanické počítače do extrémních podmínek nebo třeba chytré reagující materiály.

Bakterie nás doběhly, když ukázaly, že základní poučka genetiky nemusí platit. Všichni vědí, že instrukce pro tvorbu bílkovin jsou zakódovány v DNA. Ale může to být i obráceně? Může bílkovina kódovat DNA?

Grinex, a US-sanctioned cryptocurrency exchange registered in Kyrgyzstan, said it’s halting operations after experiencing a $13 million heist carried out by “western special services” hackers.

Researchers from TRM, which has confirmed the theft, put the value of stolen assets at $15 million after discovering roughly 70 drained addresses, about 16 more than Grinex reported. Neither TRM nor fellow blockchain research firm Elliptic has said how the attackers slipped past Grinex’s defenses. Grinex said it has been under almost constant attack attempts since incorporating 16 months ago. The latest attacks, it said, targeted Russian users of the exchange.

Damaging "Russia's financial sovereignty"

“The digital footprints and nature of the attack indicate an unprecedented level of resources and technology available exclusively to the structures of unfriendly states,” Grinex said. “According to preliminary data, the attack was coordinated with the aim of causing direct damage to Russia's financial sovereignty.”

Read full article

Comments

The Payouts King ransomware is using the QEMU emulator as a reverse SSH backdoor to run hidden virtual machines on compromised systems and bypass endpoint security. [...]

Long before Taco Tuesday became part of the pop-culture vernacular, Tuesdays were synonymous with security — and for anyone in the tech world, they still are.  Patch Tuesday, as you most likely know, refers to the day each month when Microsoft releases security updates and patches for its software products — everything from Windows to Office to SQL Server, developer tools to browsers.

The practice, which happens on the second Tuesday of the month, was initiated to streamline the patch distribution process and make it easier for users and IT system administrators to manage updates.  Like tacos, Patch Tuesday is here to stay.

In a blog post celebrating the 20th anniversary of Patch Tuesday, the Microsoft Security Response Center wrote: “The concept of Patch Tuesday was conceived and implemented in 2003. Before this unified approach, our security updates were sporadic, posing significant challenges for IT professionals and organizations in deploying critical patches in a timely manner.”

Patch Tuesday will continue to be an “important part of our strategy to keep users secure,” Microsoft said, adding that it’s now an important part of the cybersecurity industry.  As a case in point, Adobe, among others, follows a similar patch cadence.

Patch Tuesday coverage has also long been a staple of Computerworld’s commitment to provide critical information to the IT industry. That’s why we’ve gathered together this collection of recent patches, a rolling list we’ll keep updated each month.

In case you missed a recent Patch Tuesday announcement, here are the latest six months of updates.

Microsoft’s Patch Tuesday release for April is a whopper

Windows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle in memory. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild. 

The Readiness team is recommending “Patch Now” schedules for nearly every major product family this month: Windows, Office (with a zero-day), Microsoft Edge (Chromium), SQL Server, and Microsoft Developer Tools (.NET). April also brings Phase 2 of Microsoft’s Kerberos RC4 hardening with full enforcement set for July. There is a lot to cover, so the Readiness team built an infographic mapping the deployment risk for each platform.

More info is available here on Microsoft Security updates for April 2026.

For March, Patch Tuesday delivers fixes for 83 vulnerabilities

Microsoft’s March Patch Tuesday release addresses 83 vulnerabilities across Windows, Office, SQL Server, Azure, and .NET — with two publicly disclosed zero-days affecting SQL Server and .NET (though neither is being actively exploited in the wild.) Six additional vulnerabilities spanning the Windows Kernel, Graphics Component, SMB Server, Accessibility Infrastructure, and Winlogon are flagged as “Exploitation More Likely.”

The most significant change this month is the introduction of Common Log File System (CLFS) hardening with signature verification, which will affect how Windows handles log files across the operating system. More info on Microsoft Security updates for March 2026.

February’s Patch Tuesday release fixes 59 flaws, including 6 being exploited

The company’s Patch Tuesday release for February addresses 59 CVEs across the company’s product family — roughly half the volume of January’s 159 patches. Six vulnerabilities, affecting Windows Shell, MSHTML, Desktop Window Manager, Remote Desktop, Remote Access, and Microsoft Word, are already being actively exploited. (All five Critical-rated CVEs target Azureservices rather than Windows, however.) 

Both Windows and Office get a “Patch Now” recommendation, with CISA setting a March 3 enforcement deadline for all six exploited vulnerabilities. Two new enforcement timelines also take effect in April: Kerberos RC4 deprecation (CVE-2026-20833) and Windows Deployment Services hardening (CVE-2026-0386). More info on Microsoft Security updates for February 2026.

For January, Patch Tuesday starts off with a bang

The first Patch Tuesday release of 2026 addresses 112 CVEs across Microsoft’s product portfolio, including eight rated critical and three zero-day vulnerabilities. One zero-day (CVE-2026-20805), an information disclosure flaw in the Desktop Window Manager, is already under active exploitation, prompting CISA to add it to the Known Exploited Vulnerabilities catalog with a remediation deadline of Feb. 3, 2026. (Note: 95 of the vulnerabilities affect Windows.) More info on Microsoft Security updates for January 2026.

Ho ho ho! December’s Patch Tuesday delivers three zero-days

The December Patch Tuesday update addresses three zero-days (CVE-2025-64671, CVE-2025-54100, and CVE-2025-62221) but includes surprisingly few total patches (just 57). Notably, Microsoft has not published any critical updates for the Windows platform this month. That said, given the zero-days, we recommend a “Patch Now” release schedule for Windows and Microsoft Office. More info on Microsoft Security updates for December 2025.

Be thankful: November’s Patch Tuesday has just one zero-day

This November Patch Tuesday release offers a much reduced set of updates, with just 63 Microsoft patches and (only) one zero-day (CVE-2025-62215) affecting the Windows desktop platform. Windows desktops this month require a “Patch Now” plan, and while the severity of these security vulnerabilities is less than it was in October, the testing requirements are still extensive. More info on Microsoft Security updates for November 2025.

Windows admins are going to be busy this month, dealing with the largest Patch Tuesday cycle we can recall. The April release involves 165 updates and roughly 340 unique CVEs from Microsoft — including two zero-days, one of which is already being actively exploited in the wild. 

The Readiness team is recommending “Patch Now” schedules for nearly every major product family this month: Windows, Office (with a zero-day), Microsoft Edge (Chromium), SQL Server, and Microsoft Developer Tools (.NET). April also brings Phase 2 of Microsoft’s Kerberos RC4 hardening with full enforcement set for July. There is a lot to cover, so the Readiness team built an infographic mapping the deployment risk for each platform.

(More information about recent Patch Tuesday releases is available here.)

Known issues

Microsoft reports a single Windows 11 25H2 issue. It affects a narrow enterprise deployment group, but matters to anyone affected.

• KB5083769 – BitLocker recovery prompt on first restart (Windows 11 25H2/24H2). Devices with BitLocker enabled on the OS drive and the Group Policy “Configure TPM platform validation profile for native UEFI firmware configurations” set with PCR7 in the validation profile may be prompted for the BitLocker recovery key on the first restart after installing this update. Recommendation: Remove the PCR7 Group Policy configuration and run gpupdate /force before installing.

Issues resolved

April’s KB5083769 closes four issues, three quality-of-life and one multi-cycle reset failure:

• KB5083769 – Reset this PC (Windows 11 25H2/24H2). Resolves a defect that broke device reset on certain hardware and configuration combinations, taking the last-resort recovery path with it.
• KB5083769 – Secure Boot certificate rollout. The ongoing Secure Boot CA refresh picks up two improvements: the Windows Security app now displays certificate update status directly (Settings → Privacy & Security → Windows Security), and the quality update widens the device-targeting data for the staged rollout.
• KB5083769 – SMB compression over QUIC. SMB compression requests over QUIC now complete more consistently; the update addresses prior timeouts.
• KB5083769 – Remote Desktop anti-phishing. Opening a .RDP file now triggers a confirmation dialog listing every requested connection setting, each disabled by default. Users must explicitly opt in to local resource sharing before the connection is made; a one-time security warning appears the first time a .RDP file is opened after installing the update.

Major revisions and mitigations

Microsoft released no major revisions to Windows or Office. But Azure and Chromium/Edge have picked up several updates since the last month:

• Microsoft documented four critical Azure CVEs; no user action required.
• Microsoft re-published 141 Chrome/V8/WebGL/WebML/WebRTC fixes from the weekly upstream cadence; Edge picks them up through its own auto-update channel.

So Microsoft published 145 CVEs that affected Edge over the past 30 days. That averages out to around five reported security vulnerabilities per (working) day. Does anybody remember the good old days when we just had 10 critical-rated memory-related issues with IE — each month?

Windows lifecycle and enforcement updates

The saying that “April is the cruelest month” seems apropos, as we have three rather strict enforcements from Microsoft:

• Kernel driver cross-signed trust — evaluation mode begins April. Microsoft is dropping trust for legacy kernel drivers signed under the deprecated cross-signed root program, audit-only on Windows 11 24H2/25H2/26H1 and Server 2025.
• Kerberos RC4 hardening Phase 2 — April. Following November 2025’s Phase 1, domain controllers now default to AES-SHA1 encrypted tickets for accounts without an explicit Kerberos encryption type configured (CVE-2026-20833). The enforcement phase begins in July.
• Windows Deployment Services hands-free deployment — disabled by default from April. Hardening for CVE-2026-0386 (Unattend.xml over unauthenticated RPC) disables hands-free WDS deployment by default, beginning with the April update. Admins can override, but Microsoft does not recommend doing so.

Testing guidance

Each month, the Readiness team analyzes the latest Patch Tuesday updates and provides detailed, actionable testing guidance. April’s release covers 56 component updates across Windows. Microsoft flagged two as High Risk — Kerberos authentication and the Remote Desktop client — and delivered five patches to the Projected File System driver affecting cloud sync scenarios. Secure Boot and BitLocker validation expands to seven scenarios this cycle, including a new Windows Hello PIN persistence check. Prioritize Kerberos infrastructure, Remote Desktop stability, and cloud sync before broad deployment.

Kerberos and KDC

The Kerberos Key Distribution Center (kdcsvc.dll) and client library (kerb3961.dll) carry a High Risk flag this month. Microsoft’s guidance targets environments using keytab-based authentication with RC4 encryption — a legacy configuration common in mixed Windows and non-Windows service environments. The client-side update affects only Windows 10 1607, but server-side changes apply to all editions from Windows Server 2022 through 2025.

• After installing the update on domain controllers, open Event Viewer and review the System and Security logs for events with IDs 201–209.
• Capture full event details for any new events in that range: text, timestamp, and affected account or service.
• Focus testing on long-running services authenticating via RC4 keytabs, as these are most likely to surface failures after the update.

Remote Desktop client

Microsoft also flags the Remote Desktop ActiveX control (mstscax.dll) as High Risk. The update affects clipboard redirection, printer redirection, and session reconnection stability across all supported Windows versions. A separate update to mstsc.exe covers SmartScreen behavior for .RDP file handling, RemoteApp, and Hyper-V Enhanced Session mode.

• Connect to a remote device using mstsc.exe and check that the session establishes and remains stable.
• Copy and paste between local and remote sessions, both text and files, and expect correct transfer in both directions.
• Redirect a local printer into the remote session, print a test page, and confirm the job completes.
• Disconnect, reconnect, and verify clipboard and printer redirection survive the reconnection.
• Expect RemoteApp resources to launch normally and Hyper-V Enhanced Session mode to connect without error.

Secure Boot and BitLocker (continuing)

Secure Boot and BitLocker testing now expands to seven scenarios, including a new Windows Hello PIN persistence test. These validate Secure Boot state, BitLocker encryption, and key rolling related to the ongoing CVE-2023-24932 mitigation. Perform only on dedicated test devices with recovery keys backed up.

• Enable BitLocker on the OS drive, verify TPM protectors are present using manage-bde -protectors -get c:, then disable and verify the drive is fully decrypted.
• Enable BitLocker on a data drive, verify protectors, then disable and verify decryption completes.
• With Secure Boot enabled, enable BitLocker, trigger the recovery screen using reagentc /boottore, and verify the recovery key unlocks the drive.
• With Secure Boot disabled, enable BitLocker, force recovery via BCD test signing changes, unlock with recovery key, suspend BitLocker, and verify normal boot resumes.
• With both enabled, apply the Secure Boot key update (CVE-2023-24932) and verify the system boots without triggering recovery.
• Test hibernation with Secure Boot and BitLocker both enabled and verify clean resume without recovery prompts.
• On a device running March 2026, enable Windows Hello PIN and BitLocker, install the April update, and confirm the PIN still works.

Networking

April patches the Ancillary Function Driver for WinSock (afd.sys) twice — once paired with the TDX transport driver, once standalone — making it the most-patched network component this month. A separate patch to HTTP.sys affects HTTP/3 on Windows 11 23H2 and 22H2.

• Browse websites, download and upload files (including large files), and test VPN and Remote Desktop connections over both IPv4 and IPv6.
• Check that Teams, Outlook, and other messaging applications sign in, send messages, and reconnect after network blips.
• Test sandboxed and low-privilege processes — Edge, Store apps, and Electron apps — to confirm their network requests succeed.
• Generate sustained network load and confirm no BSODs, no new errors in Event Viewer, and no throughput degradation.

VPN and IPsec

April patches two VPN components: the Windows Filtering Platform driver (wfplwfs.sys) and the IKE Extensions service (ikeext.dll). The WFP update targets UWP VPN plug-in stability, sleep/wake recovery, and Always On VPN. The IKE update covers IKEv2 tunnels, IPsec security associations, and Connection Security Rules.

• Connect and disconnect your UWP VPN plug-in client repeatedly (10+ cycles) and confirm the client remains usable and the system stays stable.
• Keep the VPN connected for 30+ minutes during active use; verify it survives network changes (Wi-Fi to Ethernet) and sleep/wake cycles.
• If using Always On VPN, confirm it connects at sign-in and reconnects after network loss.
• Establish IKEv2 VPN connections and verify the tunnel is stable and internal resources are reachable.
• Validate that Connection Security Rules negotiate IPsec correctly and that protected traffic remains protected.

Authentication and security

Patches to the SSPI kernel drivers (ksecdd.sys, ksecpkg.sys) span NTLM, Kerberos, CredSSP, and TLS/SSL. The Windows Hello for Business stack also picks up updates for Enhanced Sign-in Security.

• Exercise end-to-end sign-in and resource-access flows for applications that use NTLM, Kerberos, CredSSP, or TLS/SSL authentication.
• Test both success and failure cases: correct versus incorrect credentials, allowed versus denied accounts, and expired certificates.
• Verify Windows Hello for Business authentication with Enhanced Sign-in Security across sign-in, lock, unlock, and reboot cycles.

Graphics, Shell and desktop

April updates span Direct3D, the Desktop Window Manager, and the graphics kernel (win32kbase.sys, win32kfull.sys). The Windows Shell (shell32.dll) picks up a patch affecting Mark-of-the-Web preservation for downloaded shortcuts, and COM Automation (oleaut32.dll) gets an update.

• Run stress tests with sustained UI activity: rapid open/close of windows, snap layouts, virtual desktop switching, and multi-monitor connect/disconnect.
• Test GPU-accelerated workloads — video playback, 3D applications, browser hardware acceleration — and check for visual artifacts or flickering.
• Download a .lnk shortcut file from the internet and confirm SmartScreen displays a warning when the shortcut is opened — verifying Mark-of-the-Web is preserved.
• Run COM Automation workflows — VBA, PowerShell, and Office automation — and confirm they execute correctly.

Hyper-V and virtualization

April patches both Hyper-V compute layers (computecore.dll, vmcompute.dll, vmwp.exe), along with the hypervisor binary (hvax64.exe) for Windows 11 25H2 and 24H2.

• Start, save, resume, and stop a VM using Hyper-V Manager or PowerShell and repeat the cycle multiple times.
• Export a VM, import it, and confirm the imported VM boots and runs normally.
• Launch Windows Sandbox and confirm it starts without error.

Windows Installer, Cloud Sync and MDM

April updates to Windows Installer (msi.dll), the Cloud Files filter (cldflt.sys), and the MDM management layer affect installation workflows, cloud sync, and device management.

• Install, uninstall, and repair MSI packages to verify Windows Installer functions correctly.
• Connect and disconnect your cloud sync provider (e.g. OneDrive) multiple times and confirm sync functions after restarts.
• Enroll a device in Intune or your MDM solution, verify compliance status, and trigger a policy sync.

Common Log File System and storage

The Common Log File System driver (clfs.sys) — subject of March’s major hardening change — picks up a follow-up patch. Storage Spaces (spaceport.sys) and app isolation file system drivers (bfs.sys, wcifs.sys) also receive updates this cycle.

• Run Windows Update install and rollback cycles, then power-cycle the machine multiple times to confirm the system boots normally each time.
• Install and uninstall a set of representative applications through multiple cycles and confirm each completes without error.
• Perform a backup using your normal solution, restore from it, and verify data integrity.
• If using Storage Spaces, create a pool with mirrored and thin virtual disks, write data, and verify clean deletion.

Office and SharePoint

April’s Office updates target MSI editions: Excel 2016 (KB5002860), PowerPoint 2016 (KB5002808), Office 2016 shared libraries (KB5002859), and SharePoint Server 2016, 2019, and Subscription editions. These will not install on Click-to-Run deployments such as Microsoft 365 Apps.

• Open and edit complex Excel workbooks with formulas, macros, and external data connections; save and reopen to verify integrity.
• Create and edit PowerPoint presentations with embedded media and transitions.
• Across all patched server editions, validate SharePoint document library operations, co-authoring, and workflow execution.
• Verify that Office add-ins and line-of-business applications integrating with Office continue to operate correctly.

April’s two High Risk components should top every testing queue. Kerberos changes could disrupt long-running services using RC4 keytabs; monitor event IDs 201–209 and keep rollback plans ready. The Remote Desktop client update warrants thorough validation of clipboard, printer redirection, and session reconnection, particularly in RDP-dependent environments. Secure Boot and BitLocker validation remains essential as CVE-2023-24932 key rolling continues. Five patches to the Projected File System driver elevate cloud sync testing this cycle. The dual afd.sys updates and VPN/IPsec patches warrant regression testing across remote-access infrastructure. Office updates are confined to MSI editions.

Each month, we break down the update cycle into product families (as defined by Microsoft) with the following basic groupings:

• Browsers (Microsoft IE and Edge)
• Microsoft Windows (both desktop and server)
• Microsoft Office
• Microsoft Exchange and SQL Server
• Microsoft Developer Tools (Visual Studio and .NET)
• Adobe (if you get this far)

Browsers

Microsoft’s browsers look quiet this month. Two Microsoft-authored Edge spoofing fixes both ride the standard Edge update channel: CVE-2026-33119 (Edge for Android, CVSS 5.4, moderate) and CVE-2026-33118 (CVSS 4.3, low).

The real story is upstream: 140+ Chromium fixes in the past month, including CVE-2026-5281 — a use-after-free in Dawn that Google has confirmed is actively exploited in the wild. We  recommend you patch now for all Chromium endpoints (here’s looking at you, Edge).

Microsoft Windows

Microsoft delivers 134 Windows CVEs across desktop and server — four critical, the rest important or moderate, with no zero-days or publicly disclosed flaws this cycle. Headline by raw CVSS is a 9.8 IKE/IPsec RCE; priority by exploitability is the Active Directory RCE — the only Windows critical Microsoft rates “Exploitation More Likely.” The four critical-rated issues are concentrated in three Windows areas: Active Directory, networking (two flaws), and Remote Desktop Client.

• Active Directory / Identity — CVE-2026-33826, RCE in Active Directory via improper input validation (CVSS 8.0, critical; Exploitation More Likely). An authenticated low-privilege attacker on an adjacent network can execute code on a domain controller – your entire directory service is the surface. This is a priority for anyone running AD on-prem.
• Networking (IKE/IPsec) — CVE-2026-33824, RCE in IKE Service Extensions via double-free (CVSS 9.8, critical; Less Likely). Highest CVSS in the cycle: unauthenticated, network-callable, no UI. Patch VPN concentrators and IPsec gateways first.
• Networking (TCP/IP) — CVE-2026-33827, RCE via race condition in the TCP/IP stack (CVSS 8.1, critical; Less Likely). Network-callable, but the race lifts attack complexity (AC:H).
• Remote Desktop Client — CVE-2026-32157, RCE via use-after-free (CVSS 8.8, critical; Less Likely). Triggered when a user connects to a malicious RDP server (UI:R) — the threat model is reverse RDP, not inbound. Flag for jump-host operators.

Beyond the criticals, the standout Windows flaw is CVE-2026-27912 — Kerberos elevation of privilege via improper authorization (CVSS 8.0, important). Authorized attackers on an adjacent network can elevate through the Kerberos handler. Coordinate domain-controller deployment with the Kerberos RC4 Phase 2 hardening covered in the lifecycle section; both touch domain controllers. The Kerberos flaw (CVE-2026-27912) pushes April’s Windows updates to Patch Now.

Microsoft Office

Office receives 14 security fixes, three rated critical and one actively exploited in the wild. The active SharePoint exploit forces Office to Patch Now, with SharePoint servers taking priority over the client push.

• CVE-2026-32201 – Microsoft SharePoint Server — Spoofing, actively exploited in the wild (CVSS 6.5, important). The score understates the urgency: exploitation has been confirmed, and a spoofing flaw inside SharePoint is a platform for credential theft and lateral movement regardless of internal-only posture. Patch immediately, ahead of the Office client push.
• CVE-2026-32190 – Microsoft Office — Remote code execution (CVSS 8.4, critical). The Preview Pane remains the attack vector; previewing a crafted file in Outlook or File Explorer is sufficient to trigger execution without further user action. As we’ve noted before, this keeps recurring.
• CVE-2026-33114, CVE-2026-33115 — Microsoft Word — Remote code execution (both CVSS 8.4, critical). Paired Word RCEs on the same release channel; affected surface matches CVE-2026-32190.

Excel carries the heaviest cluster — four additional RCEs: CVE-2026-32189, CVE-2026-32197, CVE-2026-32198, and CVE-2026-32199, plus an information-disclosure flaw in CVE-2026-32188. Microsoft Word picks up two fixes outside the critical pair: RCEs CVE-2026-33095 and CVE-2026-23657, and information disclosure CVE-2026-33822. This is a Patch Now release for Office, driven by the SharePoint zero-day. Organizations that cannot deploy Office clients quickly should consider disabling the Preview Pane in Outlook and File Explorer as a temporary mitigation against the critical RCE trio.

Microsoft Exchange and SQL Server

Exchange Server picks up zero CVEs this month, a rare quiet cycle, and the right window to clear any deferred CU work. SQL Server gets three, including a network RCE that grants SQL sysadmin on success:

• CVE-2026-33120 — Microsoft SQL Server — Remote code execution via untrusted pointer dereference (CVSS 8.8, important; Exploitation Less Likely). Authenticated attackers get full SQL sysadmin on success. Scope is unusually narrow: only SQL Server 2022 for x64-based Systems on the GDR servicing branch — CU 24 and every other supported version (2016 SP3 through 2025) are not listed as affected.
• CVE-2026-32167, CVE-2026-32176 — Microsoft SQL Server — Elevation of privilege via SQL injection (both CVSS 6.7, important). Paired flaws affecting SQL Server 2016 SP3 through 2025 on both GDR and CU branches. Local EoP, not remote — the concern is breadth, not blast radius.

The Readiness team recommends Patch Now for any SQL Server 2022 GDR operation. Schedule the wider SQL footprint with your normal database-maintenance window.

Developer tools

There are 10 CVEs in Developer Tools this month, headlined by a critical-rated .NET Framework DoS and two GitHub-attributed flaws that will affect developer workflows directly.

• CVE-2026-23666 — .NET Framework — Denial of service via improper input validation (CVSS 7.5, critical; Exploitation Less Likely). The critical rating despite a DoS impact reflects exploit-code maturity; the CVSS vector includes E:P (proof-of-concept).
• CVE-2026-32631 — Visual Studio — NTLM hash leak via git clone from manipulated repositories (CVSS 7.4, important). GitHub-attributed: cloning a malicious repo or checking out a branch that resolves to an attacker-controlled UNC path leaks the user’s NTLM hash. Affects Visual Studio 2017, 2019, and 2022 (17.12 and 17.14).
• CVE-2026-26143 — PowerShell — Security feature bypass (CVSS 7.8, important). Highest CVSS in the set, and PowerShell SFBs always merit attention.

Five more developer-related updates round out the cycle: four .NET / Visual Studio DoS or spoofing fixes (CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-32226) and a moderate TLS PSK/ALPN bypass (CVE-2026-21637). None have been disclosed or exploited. The Readiness team recommends Patch Now for .NET Framework and PowerShell.

Adobe (and third-party updates)

Microsoft no longer ships Adobe updates as part of its bulletin. Adobe ships APSB26-44 separately for Acrobat and Reader — two listed as critical. They are worth your attention, given Reader’s prevalence on enterprise desktops. For anyone packaging, testing and deploying these recent and rapid Adobe releases: we hear you. The packages are big, and the management effort keeps growing.