Microsoft Patches 198 Vulnerabilities in June 2026 Security Update - cyberpress.org
cyberpress.orgArchived Jun 11, 2026✓ Full text saved
Microsoft Patches 198 Vulnerabilities in June 2026 Security Update cyberpress.org
Full text archived locally
✦ AI Summary· Claude Sonnet
Microsoft Patches 198 Vulnerabilities in June 2026 Security Update
By Lucas Martin
June 10, 2026
Categories:
Cyber Security News
Microsoft has released its June 2026 Patch Tuesday security update, addressing 198 vulnerabilities across its product ecosystem, one of the largest single-month patches in recent memory.
The update includes fixes for 3 zero-day vulnerabilities that were publicly disclosed before patching, along with 32 Critical-severity flaws and 166 Important-severity issues requiring immediate attention from administrators and end users.
Impact Type Count
Elevation of Privilege 63
Remote Code Execution 54
Spoofing 29
Information Disclosure 26
Security Feature Bypass 18
Denial of Service 7
Tampering 3
Microsoft Patch Tuesday June 2026
Three publicly disclosed zero-days headline this month’s release, all rated Important in severity:
CVE-2026-50507 – Windows BitLocker Security Feature Bypass Vulnerability: A publicly disclosed flaw in Windows BitLocker that allows an attacker to bypass the drive encryption security feature. This is particularly concerning for organizations relying on BitLocker for data-at-rest protection on endpoint devices.
CVE-2026-49160 – HTTP.sys Denial of Service Vulnerability: A publicly disclosed vulnerability in the HTTP/2 stack (HTTP.sys) that could allow an unauthenticated attacker to crash or destabilize Windows web servers. Organizations running IIS or any HTTP.sys-dependent services should treat this patch as high-priority.
CVE-2026-45586 – (Zero-day #3): This vulnerability rounds out the trio of zero-days addressed in this month’s update and requires immediate customer action per Microsoft’s advisory.
Among the 32 Critical-rated vulnerabilities, Remote Code Execution (RCE) flaws dominate with 54 RCE issues total across all severities.
CVE-2026-47652 – Windows Hyper-V RCE is a critical flaw enabling remote code execution within Hyper-V hypervisor environments, posing severe risk to virtualized infrastructure.
CVE-2026-47288 – Windows Kerberos KDC RCE targets the Kerberos Key Distribution Center and could allow attackers to execute code against domain authentication infrastructure a worst-case scenario for Active Directory environments.
CVE-2026-47291 – HTTP.sys RCE represents a separate critical RCE in Windows HTTP.sys, distinct from the zero-day DoS variant, enabling potential pre-authentication remote code execution on exposed servers.
CVE-2026-45648 – Active Directory Domain Services RCE is a critical flaw that could allow attackers to execute code on domain controllers, making it a top-priority patch for all enterprise environments.
Beyond the Windows core, this update spans a wide range of Microsoft products. SharePoint Server received patches for at least 10 spoofing vulnerabilities across CVE-2026-47636 through CVE-2026-48562.
Remote Desktop Client was patched for multiple Critical and Important RCE flaws, including CVE-2026-44799, CVE-2026-44801, CVE-2026-42985, CVE-2026-42992, and CVE-2026-47654.
Windows Secure Boot received a cluster of Security Feature Bypass fixes, and Visual Studio Code was addressed for elevation-of-privilege, information-disclosure, and tampering vulnerabilities.
Here is the complete table of all 198 CVEs from the June 2026 Patch
CVE Title Severity Impact Product
CVE-2026-50507 Windows BitLocker Security Feature Bypass Important Security Feature Bypass Windows BitLocker
CVE-2026-49160 HTTP.sys Denial of Service Important Denial of Service HTTP/2
CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) EoP Important Elevation of Privilege Windows CTFMON
CVE-2026-50508 Windows NTLM Spoofing Important Spoofing Windows NTLM
CVE-2026-49161 Microsoft PC Manager Security Feature Bypass Important Security Feature Bypass Microsoft PC Manager
CVE-2026-48583 Windows Kernel Elevation of Privilege Important Elevation of Privilege Windows Kernel
CVE-2026-48578 Secure Boot Security Feature Bypass Important Elevation of Privilege Windows Secure Boot
CVE-2026-48576 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot
CVE-2026-48575 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot
CVE-2026-48574 Windows Media Remote Code Execution Critical Remote Code Execution Windows Media
CVE-2026-48573 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot
CVE-2026-48570 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot
CVE-2026-48569 Visual Studio Code Security Feature Bypass Important Security Feature Bypass Visual Studio Code
CVE-2026-48568 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot
CVE-2026-48566 Windows DWM Core Library Information Disclosure Important Information Disclosure Windows DWM Core Library
CVE-2026-48565 Windows Narrator Braille Elevation of Privilege Important Elevation of Privilege Windows Narrator Braille
CVE-2026-48563 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client
CVE-2026-48562 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-48560 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47656 Windows Boot Manager Security Feature Bypass Important Security Feature Bypass Windows Boot Manager
CVE-2026-47654 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client
CVE-2026-47653 Remote Desktop Client RCE Important Remote Code Execution Remote Desktop Client
CVE-2026-47652 Windows Hyper-V RCE Critical Remote Code Execution Windows Hyper-V
CVE-2026-47648 Windows Storage Elevation of Privilege Important Elevation of Privilege Windows Storage
CVE-2026-47643 Azure Stack Edge RCE Important Remote Code Execution Azure Stack Edge
CVE-2026-47641 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47640 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47639 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47638 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47637 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47636 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47635 Microsoft Outlook and Word RCE Critical Remote Code Execution Microsoft Office
CVE-2026-47634 Microsoft SharePoint Server Spoofing Important Spoofing Microsoft Office SharePoint
CVE-2026-47631 Microsoft Exchange Server Spoofing Important Spoofing Microsoft Exchange Server
CVE-2026-47298 Microsoft SharePoint Server RCE Important Remote Code Execution Microsoft Office SharePoint
CVE-2026-47293 Microsoft Office Click-To-Run EoP Important Elevation of Privilege Microsoft Office Click-To-Run
CVE-2026-47292 Visual Studio Code MSSQL Extension RCE Important Elevation of Privilege Visual Studio Code
CVE-2026-47291 HTTP.sys Remote Code Execution Critical Remote Code Execution Windows HTTP.sys
CVE-2026-47289 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client
CVE-2026-47288 Windows Kerberos KDC RCE Critical Remote Code Execution Windows Kerberos
CVE-2026-47287 Visual Studio Code Tampering Important Tampering Visual Studio Code
CVE-2026-47284 Visual Studio Code Information Disclosure Important Information Disclosure Visual Studio Code
CVE-2026-47281 Visual Studio Code Elevation of Privilege Important Elevation of Privilege Visual Studio Code
CVE-2026-45658 Windows BitLocker Security Feature Bypass Important Security Feature Bypass Windows BitLocker
CVE-2026-45657 Windows Kernel RCE Critical Remote Code Execution Windows Kernel
CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Important Security Feature Bypass Windows UEFI
CVE-2026-45655 Windows BitLocker Security Feature Bypass Important Security Feature Bypass Windows BitLocker
CVE-2026-45654 Secure Boot Security Feature Bypass Important Security Feature Bypass Windows Secure Boot
CVE-2026-45653 Windows Kernel Elevation of Privilege Important Elevation of Privilege Windows Kernel
CVE-2026-45650 Microsoft Bing Search Spoofing Important Spoofing Microsoft Bing
CVE-2026-45649 Office for Android Spoofing Important Spoofing Office for Android
CVE-2026-45648 Windows Active Directory Domain Services RCE Critical Remote Code Execution Active Directory Domain Services
CVE-2026-45647 Microsoft Defender for Endpoint for Mac EoP Important Elevation of Privilege Microsoft Defender for Endpoint
CVE-2026-45645 Microsoft Office RCE Important Remote Code Execution Microsoft Office
CVE-2026-45644 Microsoft Live Share Canvas SDK EoP Important Elevation of Privilege Microsoft Live Share Canvas SDK
CVE-2026-45643 Microsoft Word RCE Important Remote Code Execution Microsoft Office Word
CVE-2026-45642 Microsoft Azure Attestation Service Spoofing Important Spoofing Azure Attestation Service
CVE-2026-44804 Windows DWM Core Library EoP Important Elevation of Privilege Windows DWM Core Library
CVE-2026-44803 Windows Graphics Component RCE Critical Remote Code Execution Windows Win32K – GRFX
CVE-2026-44802 Windows DWM Core Library EoP Important Elevation of Privilege Windows DWM Core Library
CVE-2026-44801 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client
CVE-2026-44799 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client
CVE-2026-42993 Remote Desktop Client RCE Important Remote Code Execution Remote Desktop Client
CVE-2026-42992 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client
CVE-2026-42991 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications
CVE-2026-42989 Winlogon Elevation of Privilege Important Elevation of Privilege Winlogon
CVE-2026-42987 Windows Deployment Services (WDS) RCE Critical Remote Code Execution Windows Deployment Services
CVE-2026-42986 Microsoft Graphics Component EoP Important Elevation of Privilege Microsoft Graphics Component
CVE-2026-42985 Remote Desktop Client RCE Critical Remote Code Execution Remote Desktop Client
CVE-2026-42984 Windows Kernel Elevation of Privilege Important Elevation of Privilege Windows Kernel
CVE-2026-42983 Windows DWM Core Library EoP Important Elevation of Privilege Windows DWM Core Library
CVE-2026-42981 Windows Performance Monitor RCE Important Remote Code Execution Windows Performance Monitor
CVE-2026-42980 NT OS Kernel Elevation of Privilege Important Elevation of Privilege Windows NT OS Kernel
CVE-2026-42979 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications
CVE-2026-42978 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications
CVE-2026-42977 Windows Push Notifications EoP Important Elevation of Privilege Windows Push Notifications
CVE-2026-42974 Windows Performance Monitor RCE Important Remote Code Execution Windows Performance Monitor
CVE-2026-42973 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications
CVE-2026-42972 Windows Hyper-V Information Disclosure Important Information Disclosure Windows Hyper-V
CVE-2026-42971 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications
CVE-2026-42970 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications
CVE-2026-42969 Windows Push Notification Information Disclosure Important Information Disclosure Windows Push Notifications
CVE-2026-42968 Windows Telephony Server Information Disclosure Important Information Disclosure Windows Telephony Service
CVE-2026-42916 NT OS Kernel Elevation of Privilege Important Elevation of Privilege Windows NT OS Kernel
CVE-2026-42915 Windows TCP/IP Denial of Service Important Denial of Service Windows TCP/IP
Organizations should apply the June 2026 cumulative updates as soon as possible. The combination of publicly disclosed zero-days and a high volume of Critical RCE vulnerabilities makes this Patch Tuesday one of the most consequential of the year.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
Share
Facebook
Twitter
Pinterest
WhatsApp
Lucas Martinhttps://cyberpress.org/
Lucas Martin is an Investigative cybersecurity journalist dedicated to breaking stories on ransomware cartels, data breaches, and state-sponsored espionage.
Recent Articles
Attackers Weaponize AWS and Google Logs for Stealthy Exfiltration
AWS June 11, 2026
GitLab Patches Multiple Flaws Enabling Account Takeover Attacks
Cyber Security News June 11, 2026
Public PoC Released for Linux Kernel Guest-to-Host Escape Flaw
Cyber Security News June 11, 2026
JDY Botnet Expands With 1,500 Compromised Devices Targeting Fresh Vulnerabilities
Botnet June 11, 2026
Ivanti Command Injection Flaw Actively Exploited After PoC Release
Vulnerability June 11, 2026
Related Stories
AWS
Attackers Weaponize AWS and Google Logs for Stealthy Exfiltration
Varshini - June 11, 2026
Cyber Security News
GitLab Patches Multiple Flaws Enabling Account Takeover Attacks
Lucas Martin - June 11, 2026
Cyber Security News
Public PoC Released for Linux Kernel Guest-to-Host Escape Flaw
Lucas Martin - June 11, 2026
Botnet
JDY Botnet Expands With 1,500 Compromised Devices Targeting Fresh Vulnerabilities
Varshini - June 11, 2026
Cyber Security News
Claude Fable 5 Jailbreak Enables Stack Exploit Generation
Lucas Martin - June 11, 2026
Cyber Security News
Windows Translation Framework 0-Day Enables Privilege Escalation
Lucas Martin - June 10, 2026
LEAVE A REPLY
Comment:
Name:*
Email:*
Website: