CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ⬡ Vulnerabilities & CVEs Jun 11, 2026

Microsoft Patches 198 Vulnerabilities in June 2026 Security Update - cyberpress.org

cyberpress.org Archived Jun 11, 2026 ✓ Full text saved

Microsoft Patches 198 Vulnerabilities in June 2026 Security Update cyberpress.org

Full text archived locally
✦ AI Summary · Claude Sonnet


    Microsoft Patches 198 Vulnerabilities in June 2026 Security Update By Lucas Martin June 10, 2026 Categories: Cyber Security News Microsoft has released its June 2026 Patch Tuesday security update, addressing 198 vulnerabilities across its product ecosystem, one of the largest single-month patches in recent memory. The update includes fixes for 3 zero-day vulnerabilities that were publicly disclosed before patching, along with 32 Critical-severity flaws and 166 Important-severity issues requiring immediate attention from administrators and end users. Impact Type Count Elevation of Privilege 63 Remote Code Execution 54 Spoofing 29 Information Disclosure 26 Security Feature Bypass 18 Denial of Service 7 Tampering 3 Microsoft Patch Tuesday June 2026 Three publicly disclosed zero-days headline this month’s release, all rated Important in severity: CVE-2026-50507 – Windows BitLocker Security Feature Bypass Vulnerability: A publicly disclosed flaw in Windows BitLocker that allows an attacker to bypass the drive encryption security feature. This is particularly concerning for organizations relying on BitLocker for data-at-rest protection on endpoint devices. CVE-2026-49160 – HTTP.sys Denial of Service Vulnerability: A publicly disclosed vulnerability in the HTTP/2 stack (HTTP.sys) that could allow an unauthenticated attacker to crash or destabilize Windows web servers. Organizations running IIS or any HTTP.sys-dependent services should treat this patch as high-priority. CVE-2026-45586 – (Zero-day #3): This vulnerability rounds out the trio of zero-days addressed in this month’s update and requires immediate customer action per Microsoft’s advisory. Among the 32 Critical-rated vulnerabilities, Remote Code Execution (RCE) flaws dominate with 54 RCE issues total across all severities. CVE-2026-47652 – Windows Hyper-V RCE is a critical flaw enabling remote code execution within Hyper-V hypervisor environments, posing severe risk to virtualized infrastructure. CVE-2026-47288 – Windows Kerberos KDC RCE targets the Kerberos Key Distribution Center and could allow attackers to execute code against domain authentication infrastructure a worst-case scenario for Active Directory environments. CVE-2026-47291 – HTTP.sys RCE represents a separate critical RCE in Windows HTTP.sys, distinct from the zero-day DoS variant, enabling potential pre-authentication remote code execution on exposed servers.  CVE-2026-45648 – Active Directory Domain Services RCE is a critical flaw that could allow attackers to execute code on domain controllers, making it a top-priority patch for all enterprise environments. Beyond the Windows core, this update spans a wide range of Microsoft products. SharePoint Server received patches for at least 10 spoofing vulnerabilities across CVE-2026-47636 through CVE-2026-48562.  Remote Desktop Client was patched for multiple Critical and Important RCE flaws, including CVE-2026-44799, CVE-2026-44801, CVE-2026-42985, CVE-2026-42992, and CVE-2026-47654.  Windows Secure Boot received a cluster of Security Feature Bypass fixes, and Visual Studio Code was addressed for elevation-of-privilege, information-disclosure, and tampering vulnerabilities. Here is the complete table of all 198 CVEs from the June 2026 Patch CVE Title Severity Impact Product CVE-2026-50507 Windows BitLocker Security Feature Bypass Important Security Feature Bypass Windows BitLocker CVE-2026-49160 HTTP.sys Denial of Service Important Denial of Service HTTP/2 CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) EoP Important Elevation of Privilege Windows CTFMON CVE-2026-50508 Windows NTLM Spoofing Important Spoofing Windows NTLM CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Important Security Feature Bypass Microsoft PC Manager CVE-2026-48583 Windows Kernel Elevation of Privilege Important Elevation of Privilege Windows Kernel CVE-2026-48578 Secure Boot Security Feature Bypass Important Elevation of Privilege Windows Secure Boot CVE-2026-48576 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot CVE-2026-48575 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot CVE-2026-48574 Windows Media Remote Code Execution Critical Remote Code Execution Windows Media CVE-2026-48573 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot CVE-2026-48570 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot CVE-2026-48569 Visual Studio Code Security Feature Bypass Important Security Feature Bypass Visual Studio Code CVE-2026-48568 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot CVE-2026-48566 Windows DWM Core Library Information Disclosure Important Information Disclosure Windows DWM Core Library CVE-2026-48565 Windows Narrator Braille Elevation of Privilege Important Elevation of Privilege Windows Narrator Braille CVE-2026-48563 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client CVE-2026-48562 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-48560 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47656 Windows Boot Manager Security Feature Bypass Important Security Feature Bypass Windows Boot Manager CVE-2026-47654 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client CVE-2026-47653 Remote Desktop Client RCE Important Remote Code Execution Remote Desktop Client CVE-2026-47652 Windows Hyper-V RCE Critical Remote Code Execution Windows Hyper-V CVE-2026-47648 Windows Storage Elevation of Privilege Important Elevation of Privilege Windows Storage CVE-2026-47643 Azure Stack Edge RCE Important Remote Code Execution Azure Stack Edge CVE-2026-47641 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47640 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47639 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47638 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47637 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47636 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47635 Microsoft Outlook and Word RCE Critical Remote Code Execution Microsoft Office CVE-2026-47634 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint CVE-2026-47631 Microsoft Exchange Server Spoofing Important Spoofing Microsoft Exchange Server CVE-2026-47298 Microsoft SharePoint Server RCE Important Remote Code Execution Microsoft Office SharePoint CVE-2026-47293 Microsoft Office Click-To-Run EoP Important Elevation of Privilege Microsoft Office Click-To-Run CVE-2026-47292 Visual Studio Code MSSQL Extension RCE Important Elevation of Privilege Visual Studio Code CVE-2026-47291 HTTP.sys Remote Code Execution Critical Remote Code Execution Windows HTTP.sys CVE-2026-47289 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client CVE-2026-47288 Windows Kerberos KDC RCE Critical Remote Code Execution Windows Kerberos CVE-2026-47287 Visual Studio Code Tampering Important Tampering Visual Studio Code CVE-2026-47284 Visual Studio Code Information Disclosure Important Information Disclosure Visual Studio Code CVE-2026-47281 Visual Studio Code Elevation of Privilege Important Elevation of Privilege Visual Studio Code CVE-2026-45658 Windows BitLocker Security Feature Bypass Important Security Feature Bypass Windows BitLocker CVE-2026-45657 Windows Kernel RCE Critical Remote Code Execution Windows Kernel CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Important Security Feature Bypass Windows UEFI CVE-2026-45655 Windows BitLocker Security Feature Bypass Important Security Feature Bypass Windows BitLocker CVE-2026-45654 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot CVE-2026-45653 Windows Kernel Elevation of Privilege Important Elevation of Privilege Windows Kernel CVE-2026-45650 Microsoft Bing Search Spoofing Important Spoofing Microsoft Bing CVE-2026-45649 Office for Android Spoofing Important Spoofing Office for Android CVE-2026-45648 Windows Active Directory Domain Services RCE Critical Remote Code Execution Active Directory Domain Services CVE-2026-45647 Microsoft Defender for Endpoint for Mac EoP Important Elevation of Privilege Microsoft Defender for Endpoint CVE-2026-45645 Microsoft Office RCE Important Remote Code Execution Microsoft Office CVE-2026-45644 Microsoft Live Share Canvas SDK EoP Important Elevation of Privilege Microsoft Live Share Canvas SDK CVE-2026-45643 Microsoft Word RCE Important Remote Code Execution Microsoft Office Word CVE-2026-45642 Microsoft Azure Attestation Service Spoofing Important Spoofing Azure Attestation Service CVE-2026-44804 Windows DWM Core Library EoP Important Elevation of Privilege Windows DWM Core Library CVE-2026-44803 Windows Graphics Component RCE Critical Remote Code Execution Windows Win32K – GRFX CVE-2026-44802 Windows DWM Core Library EoP Important Elevation of Privilege Windows DWM Core Library CVE-2026-44801 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client CVE-2026-44799 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client CVE-2026-42993 Remote Desktop Client RCE Important Remote Code Execution Remote Desktop Client CVE-2026-42992 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client CVE-2026-42991 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications CVE-2026-42989 Winlogon Elevation of Privilege Important Elevation of Privilege Winlogon CVE-2026-42987 Windows Deployment Services (WDS) RCE Critical Remote Code Execution Windows Deployment Services CVE-2026-42986 Microsoft Graphics Component EoP Important Elevation of Privilege Microsoft Graphics Component CVE-2026-42985 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client CVE-2026-42984 Windows Kernel Elevation of Privilege Important Elevation of Privilege Windows Kernel CVE-2026-42983 Windows DWM Core Library EoP Important Elevation of Privilege Windows DWM Core Library CVE-2026-42981 Windows Performance Monitor RCE Important Remote Code Execution Windows Performance Monitor CVE-2026-42980 NT OS Kernel Elevation of Privilege Important Elevation of Privilege Windows NT OS Kernel CVE-2026-42979 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications CVE-2026-42978 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications CVE-2026-42977 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications CVE-2026-42974 Windows Performance Monitor RCE Important Remote Code Execution Windows Performance Monitor CVE-2026-42973 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications CVE-2026-42972 Windows Hyper-V Information Disclosure Important Information Disclosure Windows Hyper-V CVE-2026-42971 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications CVE-2026-42970 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications CVE-2026-42969 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications CVE-2026-42968 Windows Telephony Server Information Disclosure Important Information Disclosure Windows Telephony Service CVE-2026-42916 NT OS Kernel Elevation of Privilege Important Elevation of Privilege Windows NT OS Kernel CVE-2026-42915 Windows TCP/IP Denial of Service Important Denial of Service Windows TCP/IP Organizations should apply the June 2026 cumulative updates as soon as possible. The combination of publicly disclosed zero-days and a high volume of Critical RCE vulnerabilities makes this Patch Tuesday one of the most consequential of the year. Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google. Share Facebook Twitter Pinterest WhatsApp Lucas Martinhttps://cyberpress.org/ Lucas Martin is an Investigative cybersecurity journalist dedicated to breaking stories on ransomware cartels, data breaches, and state-sponsored espionage. Recent Articles Attackers Weaponize AWS and Google Logs for Stealthy Exfiltration AWS June 11, 2026 GitLab Patches Multiple Flaws Enabling Account Takeover Attacks Cyber Security News June 11, 2026 Public PoC Released for Linux Kernel Guest-to-Host Escape Flaw Cyber Security News June 11, 2026 JDY Botnet Expands With 1,500 Compromised Devices Targeting Fresh Vulnerabilities Botnet June 11, 2026 Ivanti Command Injection Flaw Actively Exploited After PoC Release Vulnerability June 11, 2026 Related Stories AWS Attackers Weaponize AWS and Google Logs for Stealthy Exfiltration Varshini - June 11, 2026 Cyber Security News GitLab Patches Multiple Flaws Enabling Account Takeover Attacks Lucas Martin - June 11, 2026 Cyber Security News Public PoC Released for Linux Kernel Guest-to-Host Escape Flaw Lucas Martin - June 11, 2026 Botnet JDY Botnet Expands With 1,500 Compromised Devices Targeting Fresh Vulnerabilities Varshini - June 11, 2026 Cyber Security News Claude Fable 5 Jailbreak Enables Stack Exploit Generation Lucas Martin - June 11, 2026 Cyber Security News Windows Translation Framework 0-Day Enables Privilege Escalation Lucas Martin - June 10, 2026 LEAVE A REPLY Comment: Name:* Email:* Website:
    💬 Team Notes
    Article Info
    Source
    cyberpress.org
    Category
    ⬡ Vulnerabilities & CVEs
    Published
    Jun 11, 2026
    Archived
    Jun 11, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗