Microsoft threat watch

Security Update Guide, advisories, and patch watch.

Watch items

Recent Microsoft watch items

Showing the 20 most recent items, newest first. Each row links to the official advisory.

20 rows ยท sorted newest first

Operations view

Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability

critical
activeCISA KEVCVE-2026-45659

Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability which allows an authorized attacker to execute code over a network.

Jun 30, 2026, 7:00 PMOfficial source

Global Buffer Overflow in GNU gzip (CVE-2026-41992)

activeVendor advisoryCVE-2026-41992

Information published. Information published. Information published.

Jun 30, 2026, 3:02 AMOfficial source

attr < 2.6.0 Symlink Traversal Privilege Escalation via getfattr/setfattr (CVE-2026-54371)

high
activeVendor advisoryCVE-2026-54371

Information published. Information published. Information published.

Jun 30, 2026, 3:01 AMOfficial source

WebOb: Location header normalization during redirect leads to open redirect (CVE-2026-44889)

medium
activeVendor advisoryCVE-2026-44889

Information published. Information published. Information published.

Jun 28, 2026, 3:04 AMOfficial source

Bluetooth: fix memory leak in error path of hci_alloc_dev() (CVE-2026-53252)

activeVendor advisoryCVE-2026-53252

Information published. Information published.

Jun 27, 2026, 3:19 AMOfficial source

6lowpan: fix off-by-one in multicast context address compression (CVE-2026-53263)

activeVendor advisoryCVE-2026-53263

Information published. Information published.

Jun 27, 2026, 3:19 AMOfficial source

mm/hugetlb: restore reservation on error in hugetlb folio copy paths (CVE-2026-53154)

activeVendor advisoryCVE-2026-53154

Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vim: Out-of-bounds Read with Text Properties (CVE-2026-57454)

medium
activeVendor advisoryCVE-2026-57454

Information published. Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove (CVE-2026-52947)

activeVendor advisoryCVE-2026-52947

Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vim: PowerShell Command Injection via Unescaped Filename in zip.vim Extraction (CVE-2026-57453)

medium
activeVendor advisoryCVE-2026-57453

Information published. Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vim: Out-of-bounds Read in Text Property Count (CVE-2026-57451)

medium
activeVendor advisoryCVE-2026-57451

Information published. Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vim: Out-of-bounds Write in Spell File Prefix Dump (CVE-2026-55892)

medium
activeVendor advisoryCVE-2026-55892

Information published. Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

net/smc: avoid NULL deref of conn->lnk in smc_msg_event tracepoint (CVE-2026-52941)

activeVendor advisoryCVE-2026-52941

Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

net: mvpp2: refill RX buffers before XDP or skb use (CVE-2026-53215)

activeVendor advisoryCVE-2026-53215

Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

ksmbd: fix FSCTL permission bypass by adding a permission check for FSCTL_SET_SPARSE (CVE-2026-52944)

activeVendor advisoryCVE-2026-52944

Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vim: Arbitrary Code Execution via Python Omni-Completion Docstrings (CVE-2026-57456)

high
activeVendor advisoryCVE-2026-57456

Information published. Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

IB/isert: Reject login PDUs shorter than ISER_HEADERS_LEN (CVE-2026-53176)

activeVendor advisoryCVE-2026-53176

Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

USB: serial: io_ti: fix heap overflow in get_manuf_info() (CVE-2026-53196)

activeVendor advisoryCVE-2026-53196

Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vim: Out-of-bounds Write in Spell File Word Count (CVE-2026-55693)

high
activeVendor advisoryCVE-2026-55693

Information published. Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vim: Vimscript Code Injection in netrw NetrwLocalRmFile() via crafted filename (CVE-2026-55895)

high
activeVendor advisoryCVE-2026-55895

Information published. Information published. Information published.

Jun 27, 2026, 3:18 AMOfficial source

Vendor watch hub

What this page covers

The Microsoftwatch hub is a vendor-specific view inside ITECS MSP Threat Radar. We pull the latest security advisories, incidents, and known-exploited CVEs directly from the official feeds below, score each one for MSP relevance, and surface what's most likely to need attention this week.

  • Confirm whether recent Microsoft activity overlaps with your environment.
  • Prioritize advisories by MSP-relevance score, severity, and status.
  • Turn the signal into an assessment, briefing, or managed-service engagement with ITECS.

At a glance

Tracked

3575

Active

2736

Featured

2807

Unique CVEs

20

Most recent entry

Jun 30, 2026, 7:00 PM

Feed refreshes daily ยท 5:15 a.m. Central

SourcesยทMicrosoft Security Update Guide (MSRC), CISA KEV, and NVD

"Most recent entry" is the newest item the upstream feed has published โ€” not our sync time.

Related vendors

Other productivity vendors in the radar

Vendor watch FAQ

Common questions

What is the Microsoft threat watch page?

It is the Microsoft-specific view inside ITECS Threat Radar, built to track recent advisories, incidents, and watch items that may affect Dallas-area business operations.

How should teams use the Microsoft watch page?

Use it to confirm whether current Microsoft issues overlap with your environment, prioritize remediation, and decide whether you need an assessment, managed security follow-through, or vendor-specific hardening work.

Can ITECS help respond to Microsoft security issues?

Yes. ITECS can help map Microsoft advisories against your systems, validate affected services, prioritize remediation, and connect the issue to broader managed cybersecurity or managed IT workflows.