patch tuesday

On June 9, 2026, Microsoft released its June Patch Tuesday updates for supported Windows versions and related products, fixing 208 newly disclosed vulnerabilities, including an actively exploited Microsoft Defender privilege-escalation flaw and several critical remote-code-execution bugs across...

Microsoft’s June 2026 Patch Tuesday, released on June 9, delivered roughly 200 fixes across Windows, Office, Visual Studio Code, Exchange, Azure components, and developer tooling, making it the largest monthly Microsoft security update on record. The size is the story, but not the whole story...

Microsoft released Windows 11 26H1 Build 28000.2269 as KB5095051 and Windows 11 23H2 Build 22631.7219 as KB5093998 on June 9, 2026, delivering June Patch Tuesday security fixes, Secure Boot servicing work, BitLocker reliability changes, File Explorer search fixes, AI component updates, and...

CVE-2026-42991 is a Microsoft-confirmed Windows Push Notifications elevation-of-privilege vulnerability disclosed on June 9, 2026, affecting supported Windows client and server releases and allowing a local authenticated attacker to gain higher privileges through a race-condition-style flaw. The...

Microsoft disclosed CVE-2026-42979 on June 9, 2026, as a high-severity Windows Push Notifications elevation-of-privilege vulnerability affecting Windows 10, Windows 11, Windows Server 2019, Windows Server 2022, and Windows Server 2025. The flaw is described as a local, authenticated attack...

Microsoft disclosed CVE-2026-42977 on June 9, 2026, as a high-severity Windows Push Notifications elevation-of-privilege vulnerability affecting supported Windows 10, Windows 11, and Windows Server releases, with Microsoft’s advisory describing a local race-condition flaw that requires an...

Microsoft published CVE-2026-42986 on June 9, 2026, as a high-severity Microsoft Graphics Component elevation-of-privilege vulnerability affecting supported Windows client and server releases, describing it as a local use-after-free flaw that requires an authorized attacker to already have low...

CVE-2026-42974 is a high-severity Windows Performance Monitor remote code execution vulnerability published by Microsoft on June 9, 2026, affecting Windows 11, Windows Server 2022, and Windows Server 2025, with public vulnerability trackers listing a CVSS 3.1 score of 8.1. The important point is...

Microsoft disclosed CVE-2026-42981 on June 9, 2026 as a high-severity Windows Performance Monitor remote code execution vulnerability affecting Windows 11, Windows Server 2022, and Windows Server 2025, with public listings assigning it a CVSS 3.1 score of 8.1 and Microsoft as the source. The...

Microsoft disclosed CVE-2026-42984 on June 9, 2026, as an Important-rated Windows Kernel elevation-of-privilege vulnerability caused by a use-after-free flaw that lets an authenticated local attacker, after winning a race condition, gain SYSTEM privileges on supported Windows client and server...

Microsoft listed CVE-2026-42973, a Windows Push Notification information disclosure vulnerability, in its Security Update Guide as part of the June 2026 security-update cycle affecting supported Windows platforms. The flaw is not the sort of bug that earns splashy remote-code-execution...

Microsoft disclosed CVE-2026-42970 on June 9, 2026, as a Windows Push Notification information disclosure vulnerability affecting supported Windows client and server releases, with the flaw described as local, authenticated, medium-severity, and rooted in the use of an uninitialized resource...

CVE-2026-42971 is a Microsoft-tracked Windows Push Notification information disclosure vulnerability published on June 9, 2026, affecting supported Windows client and server releases, with a medium CVSS 3.1 score of 5.5 and a local, authorized-attacker exploitation profile. That makes it less...

Microsoft disclosed CVE-2026-42969 on June 9, 2026, as a medium-severity Windows Push Notifications information disclosure vulnerability affecting supported Windows 10, Windows 11, and Windows Server releases, with the flaw described as a local issue requiring an authorized attacker rather than...

Microsoft released CVE-2026-42968 on June 9, 2026, as an Important Windows Telephony Service information disclosure vulnerability affecting supported Windows client and server releases, with updates available for Windows 10, Windows 11, Windows Server 2012, 2016, 2019, 2022, and 2025. The bug is...

Microsoft disclosed CVE-2026-42915 on June 9, 2026, as a medium-severity Windows TCP/IP denial-of-service vulnerability affecting Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025, with exploitation requiring an authorized attacker on an adjacent network. The bug is not the...

Microsoft disclosed CVE-2026-42914 on June 9, 2026, as an Important-rated Windows Kerberos denial-of-service vulnerability affecting supported Windows client and server releases, with official fixes available through June security updates and no public disclosure or active exploitation reported...

Microsoft disclosed CVE-2026-42913 on June 9, 2026, as a high-severity Remote Desktop Client remote code execution flaw affecting Windows 11, Windows Server 2022, and Windows Server 2025, with exploitation requiring a user to interact with a malicious RDP target. The bug is not the loudest item...

Microsoft published CVE-2026-42980 on June 9, 2026 as an NT OS Kernel elevation-of-privilege vulnerability affecting supported Windows client and server releases, rating it Important with a CVSS 3.1 base score of 7.8 and marking exploitation as more likely. That combination is the story: not a...

Microsoft disclosed CVE-2026-42908 on June 9, 2026, as a Windows Remote Desktop Protocol information disclosure vulnerability caused by an out-of-bounds read that could allow an unauthenticated attacker to disclose information over a network on affected Windows systems. The bug is not the...