
Published for the 5 PM recap on Friday, July 17, 2026. Today’s technology news is a useful mix of urgent patching, operational caution, and a few good reminders about how fast the security landscape is moving. The short version: Microsoft’s July update still matters, a new Windows proof-of-concept deserves attention even before a CVE exists, CISA is pushing emergency Fortinet FortiSandbox patching, Zoom has a critical Windows client fix, OpenSSL quietly received a denial-of-service hardening fix, and content platforms are getting more aggressive about blocking AI training scrapers.
Quick Take
- Patch Windows, but check Dell compatibility first. Microsoft says the July 2026 Windows security update is available, but KB5101650 is temporarily blocked for a limited number of Dell devices with Intel processors because of shutdown, heat, performance, and battery-drain risk.
- A new Windows proof-of-concept is public. BleepingComputer reports that a researcher released a LegacyHive proof-of-concept that can help a non-admin user gain admin-level execution paths under certain conditions. Microsoft says it is investigating.
- Fortinet FortiSandbox needs immediate review. CISA confirmed active exploitation of two FortiSandbox command-injection flaws and set a July 19 federal patch deadline.
- Zoom users on Windows should update now. Zoom’s own security bulletin lists CVE-2026-53412 as a critical improper-input-validation flaw in Zoom Workplace for Windows that could allow account takeover over the network.
- OpenSSL-dependent servers need package checks. The HollowByte issue can waste server memory with tiny TLS handshake payloads; fixed OpenSSL versions are available through upstream and distribution packages.
- AI scraping is moving from policy to enforcement. Patreon is working with Cloudflare to block AI bots instead of only asking crawlers not to train on creator content.
1. Windows July Updates: Important, But Watch The Dell Block
Microsoft’s official Windows message center says the July 2026 security update is now available for supported Windows versions and recommends installing it promptly. The same Microsoft notice includes a practical caution: the Windows 11 KB5101650 update for versions 25H2 and 24H2 is not available for a limited number of Dell devices with Intel processors because Dell reported an incompatibility that can cause unexpected shutdowns, poor performance, increased heat, and battery drain.
That is both good and bad news. The good news is that Microsoft and Dell are blocking the update on affected machines rather than pushing a known-problem build everywhere. The bad news is that July’s patch cycle is still large and security-sensitive. Zero Day Initiative’s July security update review called out multiple high-risk Microsoft bugs, including an actively exploited SharePoint Server issue and a VMSwitch flaw with a 9.9 CVSS score that matters for Hyper-V environments.
What Home Users Should Do
- Open Settings > Windows Update and see what Windows offers naturally. If the update is blocked, do not try to force-install it from a random download link.
- If you use a Dell laptop or desktop and see heat, fan, shutdown, or battery problems after a recent update, write down the model number and update history before troubleshooting.
- Back up documents, photos, tax records, and business files before major cumulative updates.
- After the reboot, test your browser, email, printer, VPN, password manager, and remote-work tools.
What Small Businesses Should Do
Use staged patching. Start with a few normal workstations, confirm printing, VPN, shared drives, accounting software, Microsoft 365 sign-in, and line-of-business apps, then continue the rollout. Servers, Hyper-V hosts, remote-access systems, and public-facing services need backup confirmation and maintenance windows. The IT Guys recently covered practical Windows settings and backup policy basics for small offices, which is still the right foundation for this kind of update week.
2. New Windows LegacyHive Proof-Of-Concept Raises Admin-Rights Concerns
BleepingComputer reported today that a researcher using the Nightmare Eclipse handle released a proof-of-concept exploit called LegacyHive. The report says the PoC abuses a claimed Windows User Profile Service vulnerability that has not yet received a CVE ID. In testing described by Will Dormann, successful exploitation could let a non-admin user modify a target user’s classes registry hive and gain automatic code execution when an admin logs in.
This is not the same as a remote internet worm. The publicly released PoC was reportedly stripped down and requires extra credentials, which lowers immediate abuse risk. Still, for small businesses the lesson is clear: local admin rights and shared workstations are still dangerous. If one employee account, kiosk account, or shared PC account can become a stepping stone into administrator context, the damage can spread quickly.
- Keep daily-use accounts separate from administrator accounts.
- Do not let staff share a common Windows login on front-desk or warehouse machines.
- Use endpoint protection and review alerts for unusual registry, profile, or user-hive activity.
- Patch Windows normally, but also harden account structure. Patches cannot fix a culture of shared admin logins.
3. CISA Confirms Active Fortinet FortiSandbox Exploitation
CISA confirmed active exploitation of two Fortinet FortiSandbox vulnerabilities, CVE-2026-39808 and CVE-2026-25089. BleepingComputer reports that both are critical-severity command-injection issues that can allow unauthenticated remote code execution with low complexity and no user interaction. CISA added them to the Known Exploited Vulnerabilities catalog and gave federal agencies until Sunday, July 19, 2026, to patch vulnerable systems.
Most home users do not own FortiSandbox. Many small businesses do not either. But this matters for companies that rely on managed security appliances, firewalls, sandboxing tools, or an outside IT provider. Security appliances are high-value targets because they often sit at the edge of the network and inspect sensitive traffic.
- If your business uses Fortinet security products, ask whether FortiSandbox is deployed and whether these two CVEs are patched.
- If a FortiSandbox instance is internet-facing, treat this as urgent.
- Review logs for suspicious command execution, new admin users, unexpected configuration changes, and outbound connections.
- Do not assume a security appliance is safe just because it is a security appliance. It still needs patching and monitoring.
4. Zoom Fixes A Critical Windows Account-Takeover Vulnerability
Zoom’s security bulletin lists CVE-2026-53412, published July 14 and updated July 15, as a critical improper-input-validation issue affecting Zoom Workplace for Windows. NVD describes the issue as allowing an unauthenticated user to conduct account takeover via network access. TechRadar and BleepingComputer both reported that affected versions include Windows Zoom clients and related VDI or SDK components, with newer patched versions available.
The good news is that Zoom says the vulnerabilities were found internally and there is no evidence, in the public reporting I reviewed, that CVE-2026-53412 has been exploited in the wild. The bad news is that a critical unauthenticated account-takeover bug in a meeting tool is exactly the sort of thing criminals notice once advisories go public.
- Open Zoom and check for updates from inside the application, or download only from Zoom’s official site.
- For businesses, confirm VDI clients, Zoom Rooms for Windows, and Meeting SDK deployments too. Do not patch only the normal desktop app if you run more than that.
- Remind staff not to install “Zoom security updates” from email links or chat messages.
- If Zoom is used for customer calls, billing, legal, medical, or management meetings, treat updates as part of your privacy practice, not just software housekeeping.
5. HollowByte Shows Why Quiet Library Fixes Still Matter
BleepingComputer reported today on HollowByte, a denial-of-service issue in OpenSSL described by Okta’s Red Team. The issue can let unauthenticated attackers trigger memory growth by sending a tiny malicious TLS handshake input that claims a much larger message will follow. The OpenSSL team addressed the behavior as a hardening fix and backported the change to fixed versions including OpenSSL 4.0.1, 3.6.3, 3.5.7, 3.4.6, and 3.0.21.
OpenSSL is buried inside many systems: web servers, Linux distributions, language runtimes, databases, appliances, and internal tools. That is why small businesses should not only patch visible apps like browsers and Zoom. The boring package updates on servers matter too.
- For Linux servers, apply normal distribution security updates rather than manually swapping OpenSSL files unless you know exactly what depends on them.
- Restart affected services after library updates so running processes actually use the fixed code.
- Watch for unexplained memory growth on web, proxy, VPN, or API servers.
- Ask hosting providers whether managed servers and appliances have received the relevant OpenSSL packages.
6. AI Scraping Controls Are Becoming A Real Business Issue
TechCrunch reported today that Patreon is moving from asking AI bots not to scrape to directly blocking AI crawlers with Cloudflare’s help. For creators, agencies, consultants, and small businesses, this is bigger than Patreon. It signals a shift from polite robots.txt-style preferences toward enforced access controls for content that may be used in AI training.
The useful takeaway is not that every business should block all bots immediately. Search indexing, uptime monitoring, payment integrations, embeds, and legitimate automation still matter. The useful takeaway is that companies should decide what content is public, what content is paid or private, and what automated access is acceptable.
- Review whether customer portals, file libraries, member content, or paid resources are accidentally public.
- Use access controls for valuable private content instead of relying only on “please do not scrape” language.
- Check web analytics for unusual crawler traffic or bandwidth spikes.
- If you sell content, templates, courses, or documentation, write down a clear AI-crawler policy and enforce it technically where possible.
Good News, Bad News
Good News
- Microsoft is blocking a problematic Windows update on affected Dell devices instead of blindly pushing it to every machine.
- Zoom has patches available for a critical Windows client issue, and the vulnerability was reportedly found internally.
- CISA’s Fortinet guidance is concrete: the affected products and deadlines are known, so admins can act.
- OpenSSL fixes are available through normal versioned releases and distribution packages.
- Platforms are beginning to give creators and businesses stronger controls over AI scraping.
Bad News
- A public Windows proof-of-concept exists before the claimed issue has a CVE, which makes tracking and patch planning harder.
- Fortinet FortiSandbox exploitation is active, and edge/security appliances are attractive attacker targets.
- Critical meeting-app vulnerabilities are high-impact because they sit directly in business communication workflows.
- Quiet library fixes such as OpenSSL hardening can be missed by businesses that only patch desktop apps.
- AI scraping rules are getting more technical and more contentious, which may affect websites, creators, and customer portals.
The IT Guys Bottom Line
Today’s best small-business action is a focused Friday checklist: check Windows Update, confirm whether any Dell machines are blocked or acting strangely, update Zoom, ask your IT provider about Fortinet FortiSandbox exposure, patch Linux and server packages, and make sure public-facing content is intentionally public. None of this requires panic. It does require ownership.
If your office does not know who owns patching for workstations, servers, meeting apps, firewalls, and websites, that is the real issue to fix. Security news becomes manageable when every system has a named owner, a backup, and a maintenance window.
Sources
- Microsoft Learn: Windows message center
- Zero Day Initiative: The July 2026 Security Update Review
- BleepingComputer: New Windows LegacyHive zero-day gives hackers admin privileges
- BleepingComputer: CISA urges immediate action on actively exploited Fortinet flaws
- CISA: Adds two known exploited vulnerabilities to catalog
- Zoom Security Bulletins
- NVD: CVE-2026-53412
- TechRadar: Zoom patches critical security flaw
- BleepingComputer: HollowByte OpenSSL DoS flaw
- TechCrunch: Patreon starts blocking AI scraping bots