Today's Top Windows Articles for 2026-04-16
Articles for the IT Professional. Each day we look at roughly 100 sites for Windows articles and bring them here.
How To Electronically Sign PDF Document?
Have a PDF document. Years ago I recall I would open the PDF document on the free Adobe Acrobat reader on my windows laptop. I recalled before this, I wrote my signature on a piece of paper and took...
Windows 10 Help Forums
Apr 14, 2026 - tenforums.com
Microsoft adds Windows protections for malicious Remote Desktop files
Microsoft has introduced new Windows protections to defend against phishing attacks that abuse Remote Desktop connection (.rdp) files, adding warnings and disabling risky shared resources by default. ...
BleepingComputer
Apr 14, 2026 - bleepingcomputer.com
GeekWire Awards: The machines of the future, from self-driving earthmovers to space robots
An emerging class of startups is pushing the boundaries of what machines can do in the physical world — retrofitting bulldozers to dig on their own, launching drones that beat police cars to 911 calls...
GeekWire
Apr 14, 2026 - geekwire.com
Microsoft’s VP brings macOS-style click to reveal desktop feature to Windows 11 with new tool
PeekDesktop is a brilliant tool by Microsoft's Scott Hanselman that brings macOS Sonoma's 'click to reveal desktop' feature to Windows. Operating quietly in the system tray, this lightweight executabl...
Windows Latest
Apr 14, 2026 - windowslatest.com
Needing Digital Clocks..?
$1 submitted by /u/Prestigious-Past6268
Reddit : K-12 Systems Administrators
Apr 14, 2026 - reddit.com
Microsoft's massive Patch Tuesday: It's raining bugs
One CVE under attack, one already disclosed by angry bug hunter, and 163 more Attackers exploited a spoofing vulnerability in Microsoft SharePoint Server before Redmond issued a fix as part of April's...
The Register
Apr 14, 2026 - go.theregister.com
Privilege Elevation Dominates Massive Microsoft Patch Update
Elevation-of-privilege bugs accounted for more than half of the 165 vulnerabilities patched, with two zero-days in that mix.
darkreading
Apr 14, 2026 - darkreading.com
Patch Tuesday, April 2026 Edition
Microsoft today pushed software updates to fix a staggering 167 security vulnerabilities in its Windows operating systems and related software, including a SharePoint Server zero-day and a publicly di...
Krebs on Security
Apr 14, 2026 - krebsonsecurity.com
Left MSP for Internal IT - Early Thoughts
$1 submitted by /u/tdiz009
Reddit : Sysadmin
Apr 14, 2026 - reddit.com
9to5Mac Daily: April 14, 2026 – MacBook Neo competition, more
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple’s Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overca...
9to5Mac
Apr 15, 2026 - 9to5mac.com
Ransomware attack, now can't log in as the default domain administrator account, but can with other DA accounts.
$1 submitted by /u/CodOutrageous1032
Reddit : Sysadmin
Apr 15, 2026 - reddit.com
CVE-2026-40386
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-40385
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33555
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5466 wc_VerifyEccsiHash missing sanity check
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5504 PKCS7 CBC Padding Oracle — Plaintext Recovery
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5194 wolfSSL ECDSA Certificate Verification
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5448 1-2 Byte Buffer Overflow in wolfSSL_X509_notAfter/notBefore
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5479 wolfSSL EVP ChaCha20-Poly1305 AEAD authentication tag
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5264 DTLS 1.3 ACK heap buffer overflow
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5188 Integer underflow in X.509 SAN parsing in wolfSSL
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path.
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints()
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5392 wolfSSL heap OOB read in PKCS7 SignedData streaming
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-5446 wolfSSL ARIA-GCM TLS 1.2/DTLS 1.2 GCM nonce reuse
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-1502 HTTP client proxy tunnel headers not validated for CR/LF
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS."
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE`
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2025-1220 Null byte termination in hostnames
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-27139 FileInfo can escape from a Root in os
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32776
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32778
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32777
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32287 Infinite loop in github.com/antchfx/xpath
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-3644 Incomplete control character validation in http.cookies
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-34743 XZ Utils: Buffer overflow in lzma_index_append()
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-3849 Buffer Overflow in HPKE via Oversized ECH Config
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-28387 Potential Use-after-free in DANE Client Code
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-28388 NULL Pointer Dereference When Processing a Delta CRL
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-31789 Heap Buffer Overflow in Hexadecimal Conversion
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32288 Unbounded allocation for old GNU sparse in archive/tar
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32281 Inefficient policy validation in crypto/x509
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32280 Unexpected work during chain building in crypto/x509
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure
Information published.
MSRC Security Update Guide
Apr 15, 2026 - msrc.microsoft.com
World Quantum Day serves as a cause for computer celebration
Leaders of the Pacific Northwest's quantum computing realm had lots to celebrate — including a $500,000 boost from Washington state. Read More
GeekWire
Apr 15, 2026 - geekwire.com
Fixing a 20-year-old bug in Enlightenment E16
Comments
Hacker News
Apr 15, 2026 - iczelia.net
Microsoft 365: A guide to the updates
Microsoft 365 (and Office 365) subscribers get more frequent software updates than those who have purchased Office without a subscription, which means subscribers have access to the latest features, s...
Microsoft to cut Windows 365 price for SMBs – Computerworld
Apr 15, 2026 - computerworld.com
Microsoft fixes bug behind Windows Server 2025 automatic upgrades
Microsoft has finally fixed a known issue that was causing systems running Windows Server 2019 and 2022 to "unexpectedly" upgrade to Windows Server 2025. [...]
BleepingComputer
Apr 15, 2026 - bleepingcomputer.com
More Security, Better Performance - WSMan and Kerberos Authentication for WMI Sensors in PRTG
If you've been following Microsoft's announcements, you probably already know that NTLM is on its way out. It's not a question of "if" anymore - it's "when." And as an IT admin who relies on WMI senso...
Paessler Blog (English)
Apr 15, 2026 - blog.paessler.com
Google I/O 2026 Sessions List Reveals Android 17, AI, and Chrome as Key Topics for May 19 Event
Google has released the list of sessions for I/O 2026, outlining the main topics planned for the two-day event on May 19 and 20 at Shoreline Amphitheatre in Mou Thank you for being a Ghacks reader. Th...
gHacks
Apr 15, 2026 - ghacks.net
Creating a Planner Weekly Notification Email for Incomplete Tasks
A reader wanted a weekly incomplete task report to send details of Planner tasks to people with outstanding work to do. We used PowerShell to scan for incomplete tasks for people who are members of a ...
Office 365 for IT Pros
Apr 15, 2026 - office365itpros.com
We invested in automation… so why does it still feel like manual work?
$1 submitted by /u/Such_Rhubarb8095
Reddit : Sysadmin
Apr 15, 2026 - reddit.com
Microsoft: April updates trigger BitLocker key prompts on some servers
Microsoft confirmed on Tuesday that some Windows Server 2025 devices will boot into BitLocker recovery after installing the April 2026 KB5082063 Windows security update. [...]
BleepingComputer
Apr 15, 2026 - bleepingcomputer.com
Air-gapped Windows Patching ( Servers and PC )
$1 submitted by /u/LunarObsidian
Reddit : Sysadmin
Apr 15, 2026 - reddit.com
Over 100 Malicious Chrome Extensions Steal Google Tokens, Hijack Telegram Sessions, and Inject Ads
Security researchers at Socket have identified over 100 malicious extensions in the Chrome Web Store that are part of a coordinated campaign. Thank you for being a Ghacks reader. The post Over 100 Mal...