Overview
Microsoft has disclosed a now-patched high severity security flaw in Windows Admin Center - a locally deployed management tool that lets system administrators manage clients, servers and clusters without the need to connect to the cloud - that could allow an attacker to escalate their privileges.
Although patched at the end of 2025, this latest disclosure serves as a reminder to all businesses to ensure their Microsoft solutions are kept up to date, both in the cloud and locally.
- CVE-2026-26119: Microsoft Windows Admin Center Improper Authentication & Elevation of Privilege (CVSSv3 8.8). Affected versions: Prior to ver. 2511
Acronis have released patches for three critical vulnerabilities in two versions of their Cyber Protect solutions – Acronis Cyber Protect is an all-in-one cyber security solution that integrates data backup and recovery with a range of other protective measures. The vulnerabilities relate to missing and improper authorisation, allowing potential sensitive data disclosure and manipulation.
- CVE-2025-30411, CVE-2025-30412 & CVE-2025-30416: Cyber Protect Sensitive Data Disclosure and Manipulation due to Missing Authorisation (CVSSv3 10.0). Affected versions: Cyber Protect 15 (Windows, Linux) before build 41800, Cyber Protect 16 (Windows, Linux) before build 39938
Palo Alto Networks have recently published details of a denial-of-service (DoS) vulnerability in the Advanced DNS Security (ADNS) feature of their PAN-OS software. This vulnerability enables an unauthenticated attacker to initiate system reboots using a maliciously crafted packet. Repeated attempts to initiate reboots cause the firewall to enter maintenance mode.
- CVE-2026-0229: Advanced DNS PAN-OS Security Denial-of-Service (DoS) (CVSSv4 6.6). Affected versions: Firewall (12.1.0) < 12.1.4, Firewall (11.2.10) < 11.2.10
Recommended Action
Organisations are encouraged to review the appropriate security advisory pages and apply the updates:
Microsoft – Security Update Guide
Acronis – Advisory Database
Palo Alto Networks – Security Advisories
If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.