patch tuesday

Microsoft disclosed CVE-2026-42915 on June 9, 2026, as a medium-severity Windows TCP/IP denial-of-service vulnerability affecting Windows 10, Windows 11, Windows Server 2022, and Windows Server 2025, with exploitation requiring an authorized attacker on an adjacent network. The bug is not the...

Microsoft disclosed CVE-2026-42914 on June 9, 2026, as an Important-rated Windows Kerberos denial-of-service vulnerability affecting supported Windows client and server releases, with official fixes available through June security updates and no public disclosure or active exploitation reported...

Microsoft disclosed CVE-2026-42913 on June 9, 2026, as a high-severity Remote Desktop Client remote code execution flaw affecting Windows 11, Windows Server 2022, and Windows Server 2025, with exploitation requiring a user to interact with a malicious RDP target. The bug is not the loudest item...

Microsoft published CVE-2026-42980 on June 9, 2026 as an NT OS Kernel elevation-of-privilege vulnerability affecting supported Windows client and server releases, rating it Important with a CVSS 3.1 base score of 7.8 and marking exploitation as more likely. That combination is the story: not a...

Microsoft disclosed CVE-2026-42908 on June 9, 2026, as a Windows Remote Desktop Protocol information disclosure vulnerability caused by an out-of-bounds read that could allow an unauthenticated attacker to disclose information over a network on affected Windows systems. The bug is not the...

Microsoft disclosed CVE-2026-42907 on June 9, 2026, as a Windows Shell information disclosure vulnerability affecting supported Windows client and server releases, with public listings placing it at medium severity and tying remediation to the June Patch Tuesday security updates. The headline is...

Microsoft disclosed CVE-2026-42904 on June 9, 2026, as an Important Windows TCP/IP elevation-of-privilege vulnerability caused by a heap-based buffer overflow that can let an unauthenticated attacker with adjacent-network access gain SYSTEM privileges on affected Windows clients and servers. The...

CVE-2026-42903 is a Microsoft-disclosed Windows Kerberos denial-of-service vulnerability published on June 9, 2026, as part of the June Patch Tuesday cycle, affecting supported Windows client and server releases, including domain-controller-capable Windows Server versions where Kerberos...

Microsoft published CVE-2026-50507 on June 9, 2026, as a Windows BitLocker security feature bypass vulnerability that could let an attacker with physical access bypass BitLocker Device Encryption and access encrypted data on an affected Windows device. The dry phrasing hides the uncomfortable...

Microsoft disclosed CVE-2026-49160 on June 9, 2026, as a Windows HTTP.sys denial-of-service vulnerability addressed in the June Patch Tuesday updates, with public disclosure already recorded but no confirmed active exploitation at release time. The bug matters less because it promises dramatic...

Microsoft disclosed CVE-2026-42910 on June 9, 2026, as a Windows Hotpatch Monitoring Service elevation-of-privilege vulnerability in the Security Update Guide, directing administrators to treat the flaw as a patched Windows security issue rather than a speculative advisory. The interesting part...

Microsoft released Windows 11’s June 2026 Patch Tuesday update on June 9, 2026, bringing KB5094126 to Windows 11 versions 25H2 and 24H2 with OS builds 26200.8655 and 26100.8655, including a new Low Latency Profile meant to make Start, Search, Action Center, and app launches feel faster. The...

Microsoft’s June 9, 2026 security update lists CVE-2026-45653 as an Important Windows Kernel elevation-of-privilege vulnerability, one of several kernel-class fixes in a record-sized Patch Tuesday release affecting Windows client and server systems. The important word is not merely kernel; it is...

Microsoft has listed CVE-2026-45608 as a Windows DHCP Client information disclosure vulnerability in the Microsoft Security Response Center update guide on June 9, 2026, placing a familiar but easily underestimated networking component back into the Patch Tuesday risk conversation. The important...

CVE-2026-45637 is an Important-rated Microsoft DWM Core Library elevation-of-privilege vulnerability patched in Microsoft’s June 9, 2026 Patch Tuesday release, affecting Windows systems through the Desktop Window Manager component and carrying a reported CVSS base score of 7.8. It is not the...

Microsoft disclosed CVE-2026-45638 on June 9, 2026, as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability affecting Windows systems, with the practical risk that an attacker who already has local authorized access could potentially gain higher privileges. That...

Microsoft disclosed CVE-2026-45635 on June 9, 2026 as an Important-rated Windows UPnP Device Host remote code execution vulnerability affecting the Universal Plug and Play stack, with public listings placing it in the June 2026 Patch Tuesday batch and assigning it a high CVSS score of 8.1. The...

Microsoft released CVE-2026-45602 on June 9, 2026, as a Windows Dynamic Host Configuration Protocol Server tampering vulnerability affecting supported Windows client and server releases, with an official fix available and no public disclosure or active exploitation reported at publication. The...

Microsoft disclosed CVE-2026-45600 on June 9, 2026, as an Important-rated Windows Kernel-Mode Driver elevation-of-privilege vulnerability in its June Patch Tuesday release, affecting Windows systems through a local privilege-escalation path rather than a remote, unauthenticated network attack...

CVE-2026-45504 is a Microsoft Exchange Server elevation-of-privilege vulnerability disclosed in Microsoft’s June 9, 2026 Patch Tuesday release, rated Important, and listed among a cluster of Exchange Server fixes that administrators should treat as operationally urgent despite sparse public...