patch tuesday

Microsoft disclosed CVE-2026-45598 on June 9, 2026, as an Important-rated Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability that allows an authorized local attacker to raise privileges on affected Windows systems. The dry phrasing is easy to skim past in a Patch...

CVE-2026-45501 is an Important-rated Microsoft Exchange Server spoofing vulnerability disclosed in Microsoft’s June 9, 2026 security updates, affecting on-premises Exchange Server and arriving alongside a broader Exchange patch set that also includes spoofing, information-disclosure...

Microsoft disclosed CVE-2026-45599 on June 9, 2026, as a high-severity Windows UPnP Device Host remote code execution vulnerability in Universal Plug and Play’s upnp.dll, with an 8.1 CVSS score and patches released through the June Patch Tuesday security updates. The bug is not the loudest item...

Microsoft’s June 9, 2026 security update identifies CVE-2026-45597 as a Windows UI Automation Manager elevation-of-privilege vulnerability in uiamanager.dll, a local Windows component tied to accessibility and cross-process interface automation. The immediate story is not a remote worm or a...

Microsoft patched CVE-2026-45595, a Windows Mark of the Web security feature bypass vulnerability rated Important, as part of the June 9, 2026 Patch Tuesday release for supported Windows systems. The bug matters less because it is glamorous than because it touches one of Windows’ quietest lines...

Microsoft disclosed CVE-2026-45604 on June 9, 2026, as an Important-rated Windows Managed Installer information disclosure vulnerability in the Windows Application Identity subsystem, shipping it inside a very large June Patch Tuesday release that addressed roughly 200 Microsoft flaws. The bug...

Microsoft’s June 2026 Patch Tuesday, released on June 9, delivers security fixes for roughly 200 disclosed vulnerabilities across Windows, Office, Azure, Exchange Online, Microsoft Graph, SQL Server, and related services, including 32 bugs Microsoft rated critical and a Talos Snort ruleset...

Microsoft disclosed CVE-2026-45593 on June 9, 2026, as a Windows SDK elevation-of-privilege vulnerability in its Security Update Guide, placing a developer-facing component into the same Patch Tuesday risk conversation usually dominated by Windows kernel, browser, and server flaws. The important...

Microsoft has published CVE-2026-45592 as a Windows Internet (wininet.dll) elevation-of-privilege vulnerability in the Security Update Guide on June 9, 2026, signaling that supported Windows systems should receive the applicable June security update even though public technical detail remains...

Microsoft released Windows 10 KB5094127 on June 9, 2026, as the June Patch Tuesday cumulative update for Windows 10 22H2 systems covered by Extended Security Updates, raising eligible PCs to build 19045.7417 and adding File Explorer search fixes, Secure Boot certificate status reporting, and...

Microsoft disclosed CVE-2026-42835 on June 9, 2026, as a high-severity Microsoft Teams for Android information disclosure vulnerability that can let an authorized attacker disclose information over a network through an injection weakness in the app. The headline is not that Teams for Android...

Microsoft has disclosed CVE-2026-42828, an elevation-of-privilege vulnerability in the Windows Projected File System, as part of its June 2026 security guidance for Windows systems, with the practical risk centered on local attackers who already have some access and are trying to turn that...

On June 9, 2026, Microsoft disclosed CVE-2026-40371, an Important-rated elevation-of-privilege vulnerability in Microsoft Dynamics 365 on-premises, as part of its June Patch Tuesday security release for Windows, server, cloud, developer, and business-application products. The bug is not the...

Microsoft disclosed CVE-2026-49161 on June 9, 2026, as an Important-rated security feature bypass vulnerability in Microsoft PC Manager, part of the company’s June Patch Tuesday release, which also covered roughly 200 Microsoft vulnerabilities across Windows, Office, Exchange, developer tools...

Microsoft published CVE-2026-48578 on June 9, 2026, describing an Important-rated Windows Secure Boot security feature bypass that can let a highly privileged local attacker defeat Secure Boot protections across supported Windows client and server releases. The short version is simple enough for...

Microsoft disclosed CVE-2026-48575 on June 9, 2026, as an Important Windows Secure Boot security feature bypass affecting supported Windows client and server releases, with official fixes issued through security updates and no public disclosure or exploitation reported at publication time. The...

Microsoft disclosed CVE-2026-48570 on June 9, 2026, as an Important-rated Windows Secure Boot security feature bypass affecting supported Windows client and server releases, with official fixes available and Microsoft saying exploitation is less likely and not publicly disclosed or observed in...

Microsoft disclosed CVE-2026-48568 on June 9, 2026, as an Important-rated Windows Secure Boot security feature bypass that can be exploited locally by an authorized attacker and is addressed through June Patch Tuesday updates across supported Windows client and server releases. The advisory is...

Microsoft published CVE-2026-48566 on June 9, 2026, as an Important-rated Windows DWM Core Library information disclosure vulnerability, addressed in the June Patch Tuesday updates for supported Windows client and server systems through the normal cumulative update channel. The bug is not the...

Microsoft disclosed CVE-2026-48563 on June 9, 2026, as a Critical remote code execution vulnerability in the Windows Remote Desktop Client, part of a June Patch Tuesday release that also included multiple other Remote Desktop Client flaws across supported Windows releases. The headline is not...