windows security

Microsoft disclosed CVE-2026-42981 on June 9, 2026 as a high-severity Windows Performance Monitor remote code execution vulnerability affecting Windows 11, Windows Server 2022, and Windows Server 2025, with public listings assigning it a CVSS 3.1 score of 8.1 and Microsoft as the source. The...

Microsoft listed CVE-2026-42973, a Windows Push Notification information disclosure vulnerability, in its Security Update Guide as part of the June 2026 security-update cycle affecting supported Windows platforms. The flaw is not the sort of bug that earns splashy remote-code-execution...

Microsoft disclosed CVE-2026-42970 on June 9, 2026, as a Windows Push Notification information disclosure vulnerability affecting supported Windows client and server releases, with the flaw described as local, authenticated, medium-severity, and rooted in the use of an uninitialized resource...

CVE-2026-42971 is a Microsoft-tracked Windows Push Notification information disclosure vulnerability published on June 9, 2026, affecting supported Windows client and server releases, with a medium CVSS 3.1 score of 5.5 and a local, authorized-attacker exploitation profile. That makes it less...

Microsoft disclosed CVE-2026-42969 on June 9, 2026, as a medium-severity Windows Push Notifications information disclosure vulnerability affecting supported Windows 10, Windows 11, and Windows Server releases, with the flaw described as a local issue requiring an authorized attacker rather than...

Microsoft released CVE-2026-42968 on June 9, 2026, as an Important Windows Telephony Service information disclosure vulnerability affecting supported Windows client and server releases, with updates available for Windows 10, Windows 11, Windows Server 2012, 2016, 2019, 2022, and 2025. The bug is...

Microsoft published CVE-2026-42911 on June 9, 2026, as an Important-rated elevation-of-privilege flaw in the Windows Ancillary Function Driver for WinSock, affecting supported Windows client and server releases and carrying a CVSS 3.1 base score of 7.0. The dry label hides the real point: this...

Microsoft disclosed CVE-2026-42913 on June 9, 2026, as a high-severity Remote Desktop Client remote code execution flaw affecting Windows 11, Windows Server 2022, and Windows Server 2025, with exploitation requiring a user to interact with a malicious RDP target. The bug is not the loudest item...

Microsoft disclosed CVE-2026-42916 on June 9, 2026 as a high-severity elevation-of-privilege flaw in the Windows NT OS Kernel affecting Windows 10, Windows 11, and multiple supported Windows Server releases. The bug is not a remote takeover by itself, but it is exactly the kind of local kernel...

Microsoft disclosed CVE-2026-42909 on June 9, 2026, as an Important-rated Remote Desktop Client remote code execution vulnerability affecting supported Windows client and server releases, the standalone Remote Desktop client for Windows Desktop, and the newer Windows App client. The...

Microsoft published CVE-2026-42980 on June 9, 2026 as an NT OS Kernel elevation-of-privilege vulnerability affecting supported Windows client and server releases, rating it Important with a CVSS 3.1 base score of 7.8 and marking exploitation as more likely. That combination is the story: not a...

Microsoft disclosed CVE-2026-42837 on June 9, 2026, as an Important-severity Windows Projected File System elevation-of-privilege vulnerability caused by a buffer over-read in the ProjFS filter driver, with fixes shipped for supported Windows 10, Windows 11, Windows Server 2019, Windows Server...

Microsoft disclosed CVE-2026-42836 on June 9, 2026, as an Important Windows Function Discovery Service elevation-of-privilege flaw in fdwsd.dll that can let a low-privileged, authorized local attacker win a race condition and gain SYSTEM privileges across supported Windows client and server...

Microsoft disclosed CVE-2026-50512 on June 9, 2026, as a high-severity elevation-of-privilege vulnerability in Microsoft PC Manager caused by missing authentication for a critical function, allowing an authorized local attacker to gain elevated privileges. The bug is not a remote worm, not a...

Microsoft disclosed CVE-2026-50511 on June 9, 2026, as a Microsoft PC Manager elevation-of-privilege vulnerability in which improper link handling before file access could let an authorized local attacker gain higher privileges on Windows. The terse advisory is easy to underestimate because it...

Microsoft published CVE-2026-50507 on June 9, 2026, as a Windows BitLocker security feature bypass vulnerability that could let an attacker with physical access bypass BitLocker Device Encryption and access encrypted data on an affected Windows device. The dry phrasing hides the uncomfortable...

Microsoft disclosed CVE-2026-49160 on June 9, 2026, as a Windows HTTP.sys denial-of-service vulnerability addressed in the June Patch Tuesday updates, with public disclosure already recorded but no confirmed active exploitation at release time. The bug matters less because it promises dramatic...

Microsoft published CVE-2026-48565 on June 9, 2026, identifying an Important-rated Windows Narrator Braille elevation-of-privilege vulnerability caused by an untrusted search path that can let a local authenticated attacker gain SYSTEM privileges. The patch path is not a normal cumulative...

Microsoft has listed CVE-2026-47656 as a Windows Boot Manager security feature bypass vulnerability in the June 2026 security cycle, placing another early-boot weakness in the same operational risk category that has already forced enterprises to rethink Secure Boot maintenance. The interesting...

Microsoft has listed CVE-2026-45608 as a Windows DHCP Client information disclosure vulnerability in the Microsoft Security Response Center update guide on June 9, 2026, placing a familiar but easily underestimated networking component back into the Patch Tuesday risk conversation. The important...