At the second day of Pwn2Own Berlin 2026 — a prestigious hacking competition where security researchers are paid to find flaws in popular software before criminals do — teams successfully demonstrated previously unknown vulnerabilities in Windows 11 and Microsoft Exchange (the email platform used by many businesses and schools). Researchers also found zero-days in Red Hat Enterprise Linux. Under Pwn2Own’s rules, all findings are handed over to the affected vendors immediately, giving them time to patch before any details go public.
This is security research working as intended. By the time you read this, Microsoft already knows about the flaws and is preparing fixes. No criminal gangs have these details yet. Your main job is simply to keep Windows Update turned on so you receive the patch as soon as it ships.
How to check if you’re affected
Affected devices are Windows 11 PCs and any computer that connects to Microsoft Exchange for business or school email.
- Open Settings → Windows Update → Check for updates. Install everything available, then restart your computer.
- Turn on “Get the latest updates as soon as they’re available” in Windows Update settings — this puts you at the front of the queue when patches land.
- If your organization manages Exchange, forward this story to your IT team so they know to watch for the incoming advisory.