Data Breach

Microsoft Patch Tuesday June 2026 – 198 Vulnerabilities Fixed, Including 3 Zero-days

Microsoft has released its June 2026 Patch Tuesday security updates, addressing a hefty 198 vulnerabilities across its product ecosystem. The June rollout, published on June 9, 2026, stands out not only for its volume but also for the inclusion of three zero-day vulnerabilities that were actively ex...

S ShomoySoft Editorial
· Jun 10, 2026 · 13 min read · 👁 12 views
Microsoft Patch Tuesday June 2026 – 198 Vulnerabilities Fixed, Including 3 Zero-days

Microsoft has released its June 2026 Patch Tuesday security updates, addressing a hefty 198 vulnerabilities across its product ecosystem.

The June rollout, published on June 9, 2026, stands out not only for its volume but also for the inclusion of three zero-day vulnerabilities that were actively exploited or publicly known before a fix was available.

Administrators are urged to prioritize deployment, as customer action is required for every CVE in this cycle.

Vulnerability TypeCount
Elevation of Privilege63
Remote Code Execution54
Spoofing27
Information Disclosure26
Security Feature Bypass18
Denial of Service7
Tampering3
Total198

3 Zero-Days Patched

CVE-2026-50507 is a Windows BitLocker Security Feature Bypass rated Important. A successful bypass could allow an attacker with physical or local access to circumvent BitLocker’s full-disk encryption protections, undermining a control that many organizations treat as a last line of defense for lost or stolen devices.

CVE-2026-49160 is an HTTP.sys Denial of Service vulnerability affecting the HTTP/2 stack, also rated Important. Because HTTP.sys sits beneath IIS and other Windows networking services, a crafted request stream could knock exposed web-facing servers offline, making this a priority for internet-facing infrastructure.

The third zero-day, CVE-2026-45586, rounds out the trio of pre-disclosure flaws Microsoft confirmed were known to attackers ahead of patch availability. Together, the three underscore a recurring theme: encryption bypass, service disruption, and boot-path integrity remain favorite targets.

Critical RCE Vulnerabilities patched

Beyond the zero-days, this cycle contains 54 RCE vulnerabilities, of which a notable subset is rated Critical.

Remote Desktop Client received the most concentrated cluster of RCE patches, with 11 total CVEs, including Critical-rated CVE-2026-44801CVE-2026-44799CVE-2026-42992, and CVE-2026-42985.

Windows Hyper-V was also significantly impacted by Critical RCE vulnerabilities CVE-2026-47652CVE-2026-45641, and CVE-2026-45607 all capable of allowing VM guest escape and code execution on the host.

Other Critical RCE highlights include:

Microsoft Office also shipped several Critical RCE patches, CVE-2026-45458 and CVE-2026-45456 (Outlook and Word), CVE-2026-45474, and CVE-2026-45472 all exploitable via malicious document delivery.

With 63 EoP vulnerabilities, privilege escalation dominates this patch cycle. Key components affected include Windows DWM Core Library (11 EoP CVEs), Windows Ancillary Function Driver for WinSock (7 CVEs), Windows Push Notifications (4 CVEs), and the Windows Kernel (CVE-2026-48583CVE-2026-45653).

The Critical-rated Microsoft Cryptographic Services EoP (CVE-2026-44810) is particularly notable as it targets a foundational security subsystem. These EoP flaws are frequently chained with initial access exploits in multi-stage attack scenarios to gain SYSTEM-level control.

Windows Secure Boot received 8 Security Feature Bypass patches this month, continuing a trend of attacker investment in undermining pre-OS boot integrity.

Given three actively known zero-days and multiple Critical RCEs, security teams should test and deploy this month’s updates without delay, prioritizing BitLocker, HTTP.sys, Remote Desktop, and Hyper-V hosts. Where immediate patching is not possible, network segmentation and restricting RDP exposure can reduce risk until updates are applied.

Here is the full list of CVE’s

CVE NumberCVE TitleImpact
CVE-2026-50508Windows NTLM Spoofing VulnerabilitySpoofing
CVE-2026-50507Windows BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-49161Microsoft PC Manager Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-49160HTTP.sys Denial of Service VulnerabilityDenial of Service
CVE-2026-48583Windows Kernel Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-48578Secure Boot Security Feature Bypass VulnerabilityElevation of Privilege
CVE-2026-48576Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-48575Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-48574Windows Media Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-48573Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-48570Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-48569Visual Studio Code Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-48568Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-48566Windows DWM Core Library Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-48565Windows Narrator Braille Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-48563Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-48562Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-48560Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47656Windows Boot Manager Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-47654Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47653Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47652Windows Hyper-V Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47648Windows Storage Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-47643Azure Stack Edge Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47641Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47640Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47639Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47638Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47637Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47636Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47635Microsoft Outlook and Word Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47634Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-47631Microsoft Exchange Server Spoofing VulnerabilitySpoofing
CVE-2026-47298Microsoft SharePoint Server Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47293Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-47292Visual Studio Code MSSQL Extension Remote Code Execution VulnerabilityElevation of Privilege
CVE-2026-47291HTTP.sys Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47289Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-47288Windows Kerberos Key Distribution Center (KDC) Remote Code ExecutionRemote Code Execution
CVE-2026-47287Visual Studio Code Tampering VulnerabilityTampering
CVE-2026-47284Visual Studio Code Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-47281Visual Studio Code Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45658Windows BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45657Windows Kernel Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45656UEFI Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45655Windows BitLocker Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45654Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45653Windows Kernel Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45650Microsoft Bing Search Spoofing VulnerabilitySpoofing
CVE-2026-45649Office for Android Spoofing VulnerabilitySpoofing
CVE-2026-45648Windows Active Directory Domain Services Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45647Microsoft Defender for Endpoint for Mac Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45645Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45644Microsoft Live Share Canvas SDK Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45643Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45642Microsoft Azure Attestation Service Spoofing VulnerabilitySpoofing
CVE-2026-45641Windows Hyper-V Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45640Windows Bluetooth Port Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45639Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45638Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45637Microsoft DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45636Windows NTFS Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45635Windows UPnP Device Host Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45634Windows DHCP Client Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45608Windows DHCP Client Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45607Windows Hyper-V Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45606Microsoft UxTheme Library Denial of Service VulnerabilityDenial of Service
CVE-2026-45605Windows Bluetooth Service Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45604Windows Managed Installer Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45603Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45602Windows DHCP Tampering VulnerabilityTampering
CVE-2026-45601Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45600Windows Kernel-Mode Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45599Windows UPnP Device Host Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45598Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45597Windows UI Automation Manager Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45596Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45595Windows Mark of the Web Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45594Windows Application Identity (AppID) Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45593Windows SDK Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45592Windows Internet (wininet.dll) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45591ASP.NET Core Denial of Service VulnerabilityDenial of Service
CVE-2026-45588Secure Boot Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45586Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45583Microsoft Exchange Server Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45504Microsoft Exchange Server Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45503Microsoft Exchange Server Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45502Microsoft Exchange Server Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45501Microsoft Exchange Server Spoofing VulnerabilitySpoofing
CVE-2026-45500Microsoft Exchange Server Spoofing VulnerabilitySpoofing
CVE-2026-45491.NET Tampering VulnerabilityTampering
CVE-2026-45490.NET SDK Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45487Windows Program Compatibility Assistant Service Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45486Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45485Microsoft Office Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45484Microsoft SharePoint Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45483Microsoft Office Project Server Spoofing VulnerabilitySpoofing
CVE-2026-45482Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45481Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-45479Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-45476Microsoft Azure Network Adapter Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-45475Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45474Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45472Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45471Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45469Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45468Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-45467Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-45466Microsoft Word Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45465Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-45464Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-45463Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45462Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-45461Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45460Microsoft Office Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45459Microsoft Excel Security Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-45458Microsoft Outlook and Word Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45457Microsoft Word Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45456Microsoft Outlook and Word Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45455Microsoft Excel Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-45454Microsoft SharePoint Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-45453Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-44824Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44823Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44822Microsoft Excel Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-44821Microsoft Office Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-44820Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44819Microsoft Office Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44818Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44817Microsoft Excel Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44815DHCP Client Service Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44814Windows DWM Core Library Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-44813Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44812Windows Graphics Component Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44811Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44810Microsoft Cryptographic Services Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44809Windows Common Log File System Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44808Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44807Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44805Windows Network Controller Host Agent Denial of Service VulnerabilityDenial of Service
CVE-2026-44804Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44803Windows Graphics Component Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44802Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-44801Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-44799Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42993Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42992Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42991Windows Push Notifications Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42989Winlogon Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42987Windows Deployment Services (WDS) Remote Code ExecutionRemote Code Execution
CVE-2026-42986Microsoft Graphics Component Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42985Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42984Windows Kernel Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42983Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42981Windows Performance Monitor Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42980NT OS Kernel Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42979Windows Push Notifications Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42978Windows Push Notifications Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42977Windows Push Notifications Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42974Windows Performance Monitor Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42973Windows Push Notification Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42972Windows Hyper-V Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42971Windows Push Notification Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42970Windows Push Notification Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42969Windows Push Notification Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42968Windows Telephony Server Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42916NT OS Kernel Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42915Windows TCP/IP Denial of Service VulnerabilityDenial of Service
CVE-2026-42914Windows Kerberos Denial of Service VulnerabilityDenial of Service
CVE-2026-42913Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42912Windows Telephony Service Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42911Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42910Windows Hotpatch Monitoring Service Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42909Remote Desktop Client Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-42908Windows Remote Desktop Protocol (RDP) Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42907Windows Shell Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42906Windows Shell Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42905Windows DWM Core Library Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42904Windows TCP/IP Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42903Windows Kerberos Denial of Service VulnerabilityDenial of Service
CVE-2026-42902Microsoft PowerToys Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42837Windows Projected File System Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42836Windows Function Discovery Service Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-42835Microsoft Teams for Android Information Disclosure VulnerabilityInformation Disclosure
CVE-2026-42829Windows Administrator Protection Secure Feature Bypass VulnerabilitySecurity Feature Bypass
CVE-2026-42828Windows Projected File System Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-41108Windows DNS Client Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-41098Azure Stack Edge Spoofing VulnerabilitySpoofing
CVE-2026-41092Microsoft Kinect Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-40409Windows Universal Disk Format File System Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-40404Windows Universal Disk Format File System Driver Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-40376Visual Studio Code Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-40371Microsoft Dynamics 365 (on-premises) Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-34335Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-33828Windows Device Health Attestation Elevation of Privilege VulnerabilityElevation of Privilege
CVE-2026-33113Microsoft SharePoint Server Spoofing VulnerabilitySpoofing
CVE-2026-32193Azure Kubernetes Service (AKS) Remote Code Execution VulnerabilityRemote Code Execution
CVE-2026-26142Nuance PowerScribe Remote Code Execution VulnerabilityRemote Code Execution

Other Patch Tuesday Updates:

Source: CybersecurityNews.com

Tags: #Vulnerability #Zero-Day #Exploit #DDoS #Cloud Security #Windows
Follow ShomoySoft for more: Follow on Facebook

💬 Comments (0)

Login to join the discussion.

No comments yet. Be the first!

Related Articles

Recommended for you