Back to overview

METTLER TOLEDO: Microsoft cumulative patches until March for FreshWay B/D

VDE-2026-066
Last update
07/14/2026 12:00
Published at
07/14/2026 12:00
Vendor(s)
Mettler-Toledo GmbH
External ID
VDE-2026-066
CSAF Document

Summary

This update deploys cumulative Microsoft Windows security patches through March 2026 for LTSB 2016, LTSC 2019, and LTSC 2021.

Impact

Not deploying Windows security patches increases the attack surface, leaves systems exposed to known vulnerabilities, and elevates operational risk.

Affected Product(s)

Model no. Product name Affected versions
FreshWay B Microsoft Windows 10 LTSC 2021 lacking KB5066135, Microsoft Windows 10 LTSC 2019 lacking KB5005112, Microsoft Windows 10 LTSC 2019 lacking KB5066143, Microsoft Windows 10 LTSB 2016 lacking KB4577586, Microsoft Windows 10 LTSC 2019 lacking KB5078752, Microsoft Windows 10 LTSB 2016 lacking KB5078938, Microsoft Windows 10 LTSC 2021 lacking KB5031539, Microsoft Windows 10 LTSC 2021 lacking KB5078885, Microsoft Windows 10 LTSB 2016 lacking KB5075902
FreshWay D Microsoft Windows 10 LTSC 2019 lacking KB5078752, Microsoft Windows 10 LTSC 2019 lacking KB5066143, Microsoft Windows 10 LTSC 2021 lacking KB5031539, Microsoft Windows 10 LTSC 2021 lacking KB5078885, Microsoft Windows 10 LTSC 2019 lacking KB5005112, Microsoft Windows 10 LTSC 2021 lacking KB5066135

Vulnerabilities

Expand / Collapse all

Published
07/14/2026 13:10
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary

Heap-based buffer overflow in Windows Telephony Service allows an unauthorized attacker to elevate privileges over an adjacent network.

References

Published
07/14/2026 13:10
Weakness
Integer Overflow or Wraparound (CWE-190)
Summary

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

References

Published
07/14/2026 13:10
Weakness
Heap-based Buffer Overflow (CWE-122)
Summary

Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

References

Published
07/14/2026 13:10
Weakness
Out-of-bounds Read (CWE-125)
Summary

Out-of-bounds read in Windows Extensible File Allocation allows an authorized attacker to elevate privileges locally.

References

Published
07/14/2026 13:10
Weakness
Out-of-bounds Read (CWE-125)
Summary

Out-of-bounds read in Windows NTFS allows an authorized attacker to elevate privileges locally.

References

Published
07/14/2026 13:10
Weakness
Improper Authentication (CWE-287)
Summary

Improper authentication in Windows SMB Server allows an authorized attacker to elevate privileges locally.

References

Published
07/14/2026 13:10
Weakness
Out-of-bounds Read (CWE-125)
Summary

Out-of-bounds read in Windows GDI+ allows an unauthorized attacker to disclose information over a network.

References

Published
07/14/2026 13:10
Weakness
Use After Free (CWE-416)
Summary

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.

References

Published
07/14/2026 13:10
Weakness
Improper Validation of Specified Type of Input (CWE-1287)
Summary

Improper validation of specified type of input in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

References

Published
07/14/2026 13:10
Weakness
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200)
Summary

Exposure of sensitive information to an unauthorized actor in Windows Shell Link Processing allows an unauthorized attacker to perform spoofing over a network.

References

Mitigation

Install the cumulative Windows security patches through March 2026 for LTSB 2016, LTSC 2019, and LTSC 2021. The patches have to be applied to scales FreshWay B and FreshWay D with Windows operating system.

Acknowledgments

Mettler-Toledo GmbH thanks the following parties for their efforts:

Revision History

Version Date Summary
1.0.0 07/14/2026 12:00 Initial revision