Microsoft Released June 2026 Software Updates
Microsoft has released software updates as part of its June 2026 Patch Tuesday. The updates fix 200 security vulnerabilities in total, with 6 zero-day vulnerabilities disclosed this month.
The breakdown of the vulnerabilities are as follows:
65 elevation of privilege
55 remote code execution
30 information disclosure
27 spoofing
7 denial of service
19 security feature bypass
The publicly disclosed zero-days are as follows:
CVE-2026-45586 - vulnerability in Windows Collaborative Translation Framework that can lead to elevation of privilege
CVE-2026-49160 - vulnerability in HTTP.sys that can lead to denial of service
CVE-2026-45585 and CVE-2026-50507 - vulnerability in Windows BitLocker that can lead to security feature bypass
CVE-2020-17103 - vulnerability in Windows Cloud FIles Mini Filter Driver that can lead to elevation of privilege
CVE-2026-42897 - vulnerability in Microsoft Exchange Server that can lead to spoofing
Why You Should Care?
These vulnerabilities are flaws that have been identified in Microsoft software, and now that they are publicly known, attackers will try to exploit as many targets as possible before users apply the fix. This makes it extra dangerous, and needs to be addressed as soon as possible.
In this case, six zero-day vulnerabilities are publicly disclosed or actively exploited, which means attackers will likely rush to write exploit code and start attacking businesses. It is only a matter of time before the attackers compromise your business. Now that patches are available, it is critical to apply the patches as soon as possible to avoid getting compromised.
What Should You Do?
Test the patches ASAP at your organization, and make sure it does not break any business applications
Roll out the rest of the Patch Tuesday updates