Microsoft June 2026 Patch Tuesday

176/2026

Critical

June 10, 2026

10:45 am

Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed 206 flaws, including 3 publicly disclosed zero-day vulnerabilities.

Microsoft has addressed multiple vulnerabilities in this release that could allow attackers to gain elevated privileges, perform spoofing and denial-of-service attacks, bypass security restrictions, obtain sensitive information, or execute arbitrary code and gain access to the affected systems.

June’s Patch Tuesday was released to fix security flaws in several Microsoft products, such as .NET, Nuance PowerScribe, Microsoft Office, Visual Studio Code, Microsoft Kinect, Microsoft Windows DNS, Windows Projected File System Filter Driver, Windows Administrator Protection, Microsoft Teams, Windows Kerberos, Windows TCP/IP, Windows Shell, Windows RDP, Windows Performance Monitor, Windows DWM Core Library, Windows DHCP Client, Microsoft Copilot, Microsoft Exchange Server, Windows SDK, Windows NTFS and Microsoft Azure.

The publicly disclosed zero-day flaws in the June Patch are:

Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability “CVE-2026-45586” allows the authorized attacker to elevate privileges locally.
HTTP.sys Denial-of-Service Vulnerability “CVE-2026-49160” allows the unauthorized attacker to deny service over a network.
Windows BitLocker Security Feature Bypass Vulnerability “CVE-2026-50507” allows the unauthorized attacker to bypass a security feature with a physical attack.

Sample of the addressed vulnerabilities:

1. Microsoft DHCP Client Service Remote Code Execution Vulnerability (CVE- 2026-44815):

CVSS: 9.8
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Consequences: Remote Code Execution

2. Microsoft Visual Studio Code Elevation of Privilege Vulnerability (CVE-2026- 47281):

CVSS: 9.6
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: Required
Consequences: Gain Privileges

Vulnerabilities

Microsoft MSRC

Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Microsoft MSRC

References

Microsoft MSRC

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.