Do Emergency Microsoft, Oracle Patches Point to Wider Issues? (computerweekly.com)
(Saturday March 28, 2026 @11:34PM (EditorDavid)
from the catching-a-bug dept.)
- Reference: 0181163220
- News link: https://it.slashdot.org/story/26/03/28/2013229/do-emergency-microsoft-oracle-patches-point-to-wider-issues
- Source link: https://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues
"Emergency out-of-band fixes issued by enterprise IT giants Microsoft and Oracle have shone a spotlight on issues around both update cycles and patching," [1]reports Computer Weekly :
> Microsoft's emergency update, [2]KB5085516 , addresses an issue that arose after installing the mandatory cumulative updates pushed live on Patch Tuesday earlier this month. [3]According to Microsoft , it has since emerged that many users experienced problems signing into applications with a Microsoft account, seeing a "no internet" error message even though the device had a working connection. This had the effect of preventing access to multiple services and applications. It should be noted that organisations using Entra ID did not experience the issue.
>
> But Microsoft's emergency patch comes just days after it doubled down on a commitment to software quality, reliability and stability. In a blog post published [4]just 24 hours prior to the latest update , Pavan Davuluri of Microsoft's Windows Insider Program Team said updates should be "predictable and easy to plan around".
Michael Bell, founder/CEO of Suzu Labs tells Computer Weekly that Microsoft's patch for the sign-in bug follows "separate hotpatches for RRAS remote code execution flaws and a Bluetooth visibility bug. Three emergency fixes in eight days does not shout reliability era."
> Oracle's [5]patch , meanwhile, addresses [6]CVE-2026-21992 , a remote code execution flaw in the REST:WebServices component of Oracle Identity Manager and the Web Services Security component of Oracle Web Services Manager in Oracle Fusion Middleware. It carries a CVSS score of 9.8 and can be exploited by an unauthenticated attacker with network access over HTTP.
[1] https://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues
[2] https://support.microsoft.com/en-us/topic/march-21-2026-kb5085516-os-builds-26200-8039-and-26100-8039-out-of-band-09e85404-1cb6-4ed4-9ca5-3e40d74307b9
[3] https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3806
[4] https://blogs.windows.com/windows-insider/2026/03/20/our-commitment-to-windows-quality/
[5] https://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues
[6] https://nvd.nist.gov/vuln/detail/CVE-2026-21992
> Microsoft's emergency update, [2]KB5085516 , addresses an issue that arose after installing the mandatory cumulative updates pushed live on Patch Tuesday earlier this month. [3]According to Microsoft , it has since emerged that many users experienced problems signing into applications with a Microsoft account, seeing a "no internet" error message even though the device had a working connection. This had the effect of preventing access to multiple services and applications. It should be noted that organisations using Entra ID did not experience the issue.
>
> But Microsoft's emergency patch comes just days after it doubled down on a commitment to software quality, reliability and stability. In a blog post published [4]just 24 hours prior to the latest update , Pavan Davuluri of Microsoft's Windows Insider Program Team said updates should be "predictable and easy to plan around".
Michael Bell, founder/CEO of Suzu Labs tells Computer Weekly that Microsoft's patch for the sign-in bug follows "separate hotpatches for RRAS remote code execution flaws and a Bluetooth visibility bug. Three emergency fixes in eight days does not shout reliability era."
> Oracle's [5]patch , meanwhile, addresses [6]CVE-2026-21992 , a remote code execution flaw in the REST:WebServices component of Oracle Identity Manager and the Web Services Security component of Oracle Web Services Manager in Oracle Fusion Middleware. It carries a CVSS score of 9.8 and can be exploited by an unauthenticated attacker with network access over HTTP.
[1] https://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues
[2] https://support.microsoft.com/en-us/topic/march-21-2026-kb5085516-os-builds-26200-8039-and-26100-8039-out-of-band-09e85404-1cb6-4ed4-9ca5-3e40d74307b9
[3] https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3806
[4] https://blogs.windows.com/windows-insider/2026/03/20/our-commitment-to-windows-quality/
[5] https://www.computerweekly.com/news/366640648/Emergency-Microsoft-Oracle-patches-point-to-wider-cyber-issues
[6] https://nvd.nist.gov/vuln/detail/CVE-2026-21992