windows security

CVE-2026-45637 is an Important-rated Microsoft DWM Core Library elevation-of-privilege vulnerability patched in Microsoft’s June 9, 2026 Patch Tuesday release, affecting Windows systems through the Desktop Window Manager component and carrying a reported CVSS base score of 7.8. It is not the...

Microsoft has identified CVE-2026-45603 as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability, published through the MSRC Security Update Guide on June 9, 2026, affecting Windows systems where a local authorized attacker could potentially move from ordinary...

Microsoft disclosed CVE-2026-45638 on June 9, 2026, as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability affecting Windows systems, with the practical risk that an attacker who already has local authorized access could potentially gain higher privileges. That...

Microsoft disclosed CVE-2026-45635 on June 9, 2026 as an Important-rated Windows UPnP Device Host remote code execution vulnerability affecting the Universal Plug and Play stack, with public listings placing it in the June 2026 Patch Tuesday batch and assigning it a high CVSS score of 8.1. The...

Microsoft disclosed CVE-2026-45596 on June 9, 2026, as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability, putting another kernel-adjacent networking component into the monthly patch spotlight for Windows clients and servers. The important part is not that this...

Microsoft disclosed CVE-2026-45636 on June 9, 2026, as an Important-severity Windows NTFS remote code execution vulnerability caused by heap-based buffer overflow and improper input validation, affecting supported Windows client and server releases and patched through the June 2026 security...

Microsoft disclosed CVE-2026-45598 on June 9, 2026, as an Important-rated Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability that allows an authorized local attacker to raise privileges on affected Windows systems. The dry phrasing is easy to skim past in a Patch...

Microsoft disclosed CVE-2026-45601 on June 9, 2026, as an Important Windows Ancillary Function Driver for WinSock elevation-of-privilege flaw that can let a locally authenticated attacker gain SYSTEM privileges after winning a race condition in affected Windows client and server releases. The...

Microsoft disclosed CVE-2026-45599 on June 9, 2026, as a high-severity Windows UPnP Device Host remote code execution vulnerability in Universal Plug and Play’s upnp.dll, with an 8.1 CVSS score and patches released through the June Patch Tuesday security updates. The bug is not the loudest item...

Microsoft’s June 9, 2026 security update identifies CVE-2026-45597 as a Windows UI Automation Manager elevation-of-privilege vulnerability in uiamanager.dll, a local Windows component tied to accessibility and cross-process interface automation. The immediate story is not a remote worm or a...

Microsoft patched CVE-2026-45595, a Windows Mark of the Web security feature bypass vulnerability rated Important, as part of the June 9, 2026 Patch Tuesday release for supported Windows systems. The bug matters less because it is glamorous than because it touches one of Windows’ quietest lines...

Microsoft’s June 2026 Patch Tuesday, released on June 9, delivers security fixes for roughly 200 disclosed vulnerabilities across Windows, Office, Azure, Exchange Online, Microsoft Graph, SQL Server, and related services, including 32 bugs Microsoft rated critical and a Talos Snort ruleset...

Microsoft has disclosed CVE-2026-42828, an elevation-of-privilege vulnerability in the Windows Projected File System, as part of its June 2026 security guidance for Windows systems, with the practical risk centered on local attackers who already have some access and are trying to turn that...

CVE-2026-48576 is a Microsoft-tracked Secure Boot security feature bypass vulnerability disclosed through the MSRC Security Update Guide in June 2026, affecting the pre-operating-system trust chain that Windows relies on to decide whether early boot code should be allowed to run. The important...

Microsoft published CVE-2026-48573 on June 9, 2026, describing an Important-severity Windows Secure Boot security feature bypass that can be exploited locally by an authorized attacker and is addressed through June security updates for supported Windows client and server releases. The advisory...

Microsoft disclosed CVE-2026-48570 on June 9, 2026, as an Important-rated Windows Secure Boot security feature bypass affecting supported Windows client and server releases, with official fixes available and Microsoft saying exploitation is less likely and not publicly disclosed or observed in...

Microsoft published CVE-2026-48566 on June 9, 2026, as an Important-rated Windows DWM Core Library information disclosure vulnerability, addressed in the June Patch Tuesday updates for supported Windows client and server systems through the normal cumulative update channel. The bug is not the...

Microsoft disclosed CVE-2026-48563 on June 9, 2026, as a Critical remote code execution vulnerability in the Windows Remote Desktop Client, part of a June Patch Tuesday release that also included multiple other Remote Desktop Client flaws across supported Windows releases. The headline is not...

Microsoft has listed CVE-2026-47653 as a Remote Desktop Client remote code execution vulnerability in its Security Update Guide, published for Windows administrators tracking the June 9, 2026 security release, but the public advisory currently exposes more risk signaling than deep root-cause...

Microsoft listed CVE-2026-8863 on June 9, 2026, as a UEFI Secure Boot security feature bypass vulnerability in its Security Update Guide, with the public entry emphasizing confidence in the vulnerability’s existence rather than publishing deep technical exploitation details. That distinction...