Microsoft released multiple emergency updates to patch a severe bug affecting.NET and ASP.NET, including a critical privilege escalation vulnerability. The patches were released on the same day as Oracle's April 2026 Critical Patch Update. These updates address security concerns, but no further information is available.

Microsoft released a series of emergency updates, including.NET 10.0.7, to address a severe bug  that had the potential to allow an attacker to elevate privileges. The vulnerabilities were reported to affect various ASP.NET and ASP.NET Core versions, including a critical CVE-2026-40372 privilege escalation bug.

These patches were released alongside reports from other Microsoft updates on simple fixes for a Windows 11/10 bug. The emergency updates underscore Microsoft's focus on security, especially given the overlap with Microsoft's release of a.NET patch.

In a related but separate development, Oracle's April 2026 Critical Patch Update addressed 241 CVEs, including potentially impacting Microsoft's products or those of its ecosystem; however, there is no direct connection to the Microsoft updates.

The patches were rolled out by Microsoft to ensure users' security and system integrity. It is crucial for users to install the emergency updates to be protected against potential security threats.

Microsoft Patches Critical ASP .NET Vulnerability with Emergency Update