Microsoft’s April 2026 Patch Tuesday introduced a small-looking but important change to how Windows handles Remote Desktop (.rdp) files. What used to be a silent, one-click experience can now surface clear warnings about unknown connections and requested local resource access, closing an easy door attackers have been exploiting for phishing and session hijacking. For organizations and individual users alike, the
Category: Server and Virtualisation
Server Administration, Windows Server administration, Nginx, Apache, MySQL, PostgreSQL, MariaDB, MongoDB, VMware, vCenter, ESXi, Proxmox VE, Hyper-V, KVM, QEMU, libvirt, container, server monitoring, server security, SSH, remote access, FTP, SFTP, server performance, server hardening, iSCSI, NFS, SMB, CIFS, DNS server, DHCP server, web server, bare metal, rack server, IPMI, BIOS, RAID
RedSun: New Microsoft Defender Zero-Day Lets Unprivileged Users Gain SYSTEM Access
A freshly disclosed zero-day vulnerability in Microsoft Defender, dubbed “RedSun,” has raised alarms across enterprise security teams: an unprivileged user can escalate to full SYSTEM-level access on fully patched Windows systems. The flaw was detailed publicly in April 2026 by a researcher known as “Chaotic Eclipse” (also referenced as Nightmare‑Eclipse on GitHub). Independent verification from vulnerability analyst Will Dormann confirms
One-Click RCE in Azure Windows Admin Center: what happened and what you need to do
Windows Admin Center (WAC) is a convenient, browser-based management hub for administrators to manage servers, clients, and clusters from a centralized interface. A recent Cymulate Research Labs disclosure describes a critical chain of flaws that let an attacker achieve unauthenticated, one-click remote code execution (RCE) against both Azure-integrated and on-premises WAC deployments. The exploit requires little user interaction—a maliciously crafted
Microsoft Confirms Reboot Loops on Windows Server 2025 After April Patch KB5082063
Microsoft has confirmed a critical stability problem affecting some Windows Server 2025 domain controllers following the April 2026 cumulative update (KB5082063). Administrators around the world reported domain controllers entering repeated reboot cycles after installing the update released on April 14, 2026, and Microsoft’s release notes were updated to acknowledge the issue and a related installation failure affecting a subset of
Windows Secure Boot: A practical playbook for certificates expiring in 2026
Microsoft’s Secure Boot certificates issued in 2011 are approaching their expiration window in 2026. While affected devices will continue to boot and receive regular Windows updates, they will stop receiving new protections for the pre-boot environment — updates to Windows Boot Manager, Secure Boot DB/DBX revocations, and mitigations for newly discovered boot-level vulnerabilities. Many newer PCs already include the 2023
OpenAI’s GPT-5.4-Cyber: a practical boost for defenders — and a new risk calculus
OpenAI has introduced GPT-5.4-Cyber, a purpose-built variant of GPT-5.4 tuned to assist vetted security professionals with tasks previously reserved for specialized analysts. Rather than a general consumer release, this model is designed to lower refusal rates for legitimate cybersecurity workflows: binary reverse engineering, vulnerability scanning, malware analysis and exploit research. The announcement frames the model as a defensive accelerant —