A security researcher using the name Nightmare Eclipse released a new Windows zero-day called RoguePlanet on June 10, 2026, hours after Microsoft’s June Patch Tuesday, claiming it can make Microsoft Defender spawn a SYSTEM-level command prompt on patched Windows 10 and Windows 11 machines. The exploit lands in the middle of a public fight between Microsoft and a researcher who says the company mishandled earlier vulnerability disclosures. Microsoft has cast the releases as irresponsible; many security watchers see a vendor credibility problem wrapped around a disclosure crisis. Either way, Windows users and administrators are now stuck managing the blast radius of a dispute they did not create.
June’s Patch Tuesday should have been the kind of release that dominates security calendars by sheer mass. Depending on how various researchers count republished Chromium issues and product-family entries, Microsoft addressed roughly 200 vulnerabilities, with several dozen rated critical and multiple publicly disclosed zero-days in the mix. For enterprise administrators, that is not a patch cycle; it is a triage event.
Then RoguePlanet arrived.
That timing is the point. Nightmare Eclipse did not merely publish another proof of concept; they published it immediately after Microsoft’s largest-ever Patch Tuesday window, creating the maximum possible contrast between Redmond’s monthly security machinery and the uncomfortable fact that fully patched systems may still be exposed. It turns the ritual of “install the updates and exhale” into something more brittle.
The exploit reportedly targets Microsoft Defender and abuses a race condition to produce a command shell running with SYSTEM privileges. That distinction matters because SYSTEM is not just “administrator but louder.” It is the level of local authority Windows reserves for the operating system itself, which means a successful exploit can become a pivot point for disabling defenses, installing persistence, or moving laterally if paired with other access.
This is also why the usual comfort phrase — proof of concept — feels inadequate. A proof of concept may be intended to demonstrate a flaw, but in the wrong hands it can also become a recipe. The more complete, reliable, and public it is, the shorter the distance between research drama and operational risk.
That is a dangerous neighborhood for bugs. Security products tend to inspect untrusted input, run background services, handle elevated operations, and integrate deeply with the operating system. When they fail, they can fail with the very privileges they were granted to protect the machine.
The details being reported suggest RoguePlanet is not a universal, click-once-and-win exploit. Race conditions can be timing-sensitive, system-dependent, and unreliable across hardware and configurations. That will lead some people to downgrade the threat in their heads.
They should be careful. Unreliability is not the same as harmlessness. Attackers have a long history of turning fiddly local privilege escalation bugs into practical tools through retries, environment checks, and chaining. A bug that does not work on every system is still a problem if it works often enough on the machines that matter.
It also raises an awkward question about patch lineage. RoguePlanet is being described as a modification or bypass related to earlier patched work rather than an entirely unrelated discovery. If that holds, the story becomes less about one researcher’s escalating protest and more about whether Microsoft is applying narrow fixes to symptoms while leaving nearby attack surfaces intact.
Bug bounty programs exist partly to prevent this. They turn vulnerability discovery into a structured transaction: report privately, give the vendor time to patch, receive recognition and possibly money, and keep users safer while the process unfolds. When that system breaks down, both sides reach for moral language very quickly.
Microsoft’s moral language has been “irresponsible disclosure.” Nightmare Eclipse’s has been closer to “you broke the deal first.” The public’s reaction, judging from security forums and community discussion, has not been uniformly sympathetic to Microsoft. That should worry the company more than the theatrics of any single GitHub post.
Users may dislike zero-day dumps, but many also distrust vendor-controlled disclosure systems that appear opaque, inconsistent, or punitive. If researchers believe they can be ignored, underpaid, threatened, or deplatformed after privately reporting severe bugs, some will choose spectacle over process. That does not make the spectacle safe, but it does make it predictable.
The uncomfortable truth is that both things can be true at once. A researcher can have a legitimate grievance with Microsoft’s handling of vulnerabilities, and still be endangering ordinary users by publishing weaponizable exploit details before a patch exists. The collateral damage does not become acceptable because the vendor behaved badly.
Threatening a pseudonymous researcher during a live zero-day dispute shifts the story from “Microsoft is protecting customers” to “Microsoft is trying to punish the person embarrassing it.” That is especially risky for a company already facing years of frustration over Windows changes, forced-feeling integration, advertising creep, update reliability, account requirements, and the general sense that users are increasingly managed rather than served.
This is not to say Microsoft should smile politely while exploit code spreads. A vendor has every reason to discourage public release of unpatched vulnerabilities, and there are cases where legal tools may be appropriate. But legal threats do not patch endpoints. They do not rebuild trust with researchers. They do not help administrators explain to executives why yesterday’s emergency patch window did not end the risk.
The apparent retreat from legal threats shows Microsoft understood at least part of the backlash. But backing away from the threat is not the same as solving the disclosure failure. If the researcher’s core complaint is compensation, recognition, or handling of previous reports, the only durable fix is a process that security researchers can trust even when the answer is “no bounty” or “lower severity than claimed.”
Microsoft is not a small vendor learning this for the first time. It runs one of the world’s most attacked software ecosystems. Windows is everywhere from gaming rigs to hospitals, factories, school districts, trading desks, and small businesses with no dedicated security staff. A disclosure breakdown in this ecosystem scales immediately.
Zero-days make the rhythm look slow.
RoguePlanet’s release hours after the June updates underlines the mismatch between calendar-based maintenance and adversarial timing. Attackers do not wait for the second Tuesday. Researchers in a feud certainly do not. Even Microsoft Defender’s own update mechanisms, which can ship intelligence and platform updates outside the normal Windows cumulative update cycle, cannot magically repair every product flaw the moment exploit code appears.
For sysadmins, this creates the worst kind of ambiguity. The June cumulative update is still important and should still be deployed according to risk tolerance and testing reality. But installing it does not close the RoguePlanet question. That means administrators have to communicate a subtle message: “Patch immediately, but do not assume patching is complete mitigation.”
That message is hard to sell. Executives prefer red-yellow-green dashboards. Help desks prefer known-good recommendations. Security teams prefer CVEs, severity scores, and vendor guidance. A fresh public zero-day without a formal fix lives in the gray zone where everyone is responsible and nobody has a satisfying control.
The temptation is to wait for Microsoft to publish a CVE, an advisory, or a Defender platform update. In some environments, that may be the only practical option. But higher-risk shops should already be thinking about detection, privilege boundaries, application control, Defender tamper protection, endpoint telemetry, and whether local admin exposure makes this kind of bug more valuable to an intruder.
Windows has spent decades balancing compatibility, manageability, and security. That balance is the reason old applications still run, drivers can support obscure hardware, and administrators can automate almost anything. It is also why the platform carries a vast amount of privileged machinery that must interact with messy real-world inputs.
Defender sits in the middle of that bargain. Microsoft has made Defender good enough that many organizations rely on it as a primary endpoint security layer, especially when bundled licensing makes third-party tools harder to justify. That success increases the consequences when Defender itself becomes part of the attack surface.
The irony is sharp. Microsoft has spent years arguing that integrated security is a reason to stay in its ecosystem. The more Windows, Defender, identity, cloud management, and telemetry are fused into a single security story, the more a public flaw in one pillar shakes confidence in the whole pitch.
That does not mean Defender is uniquely bad. All endpoint security products carry risk because they operate at high privilege and inspect hostile material. But Microsoft’s scale changes the equation. A Defender bug is not just a vendor bug; it is a Windows ecosystem event.
Vendors want time, control, and minimal reputational damage. Researchers want acknowledgement, fair severity assessment, payment where applicable, and assurance that their work will not disappear into a corporate queue. Users want the vulnerability fixed before criminals learn how to exploit it. These interests overlap, but they are not identical.
Bug bounties were supposed to professionalize the exchange. In many cases, they have. But bounty programs can also create resentment when payout decisions feel arbitrary, when duplicate findings are rejected without adequate explanation, or when a vendor’s internal severity model diverges from a researcher’s view of real-world exploitability.
Microsoft’s particular challenge is that Windows vulnerabilities are rarely abstract. A bypass in BitLocker, a Defender elevation, or a SYSTEM-level local exploit feels tangible to users. These are not edge-case bugs in a forgotten component. They touch the basic promise that the operating system can defend its own boundary lines.
Nightmare Eclipse’s conduct, if accurately reported, is reckless in its public consequences. But the fact that the releases are generating sympathy in some corners should be read as an indictment of the broader relationship between major vendors and independent researchers. When people cheer the person dropping zero-days, even nervously, the vendor has already lost part of the trust battle.
The first operational concern is exposure. If the exploit requires local code execution, then the defensive priority becomes reducing the paths by which untrusted code runs in the first place. That means browser hardening, email attachment controls, application control, script restrictions, least privilege, and keeping users away from local administrator rights wherever possible.
The second concern is visibility. A Defender-spawned SYSTEM shell is not a normal administrative event in most environments. Endpoint detection rules should be watching suspicious child processes, unusual command shell invocation, privilege escalation patterns, Defender service anomalies, and post-exploitation behavior rather than waiting for a perfect RoguePlanet signature.
The third concern is communications. Security teams should tell stakeholders that Microsoft’s June updates are necessary but may not address this specific public exploit. That sentence is frustrating, but it is better than letting leadership believe the Patch Tuesday reboot closed every headline risk.
Home users have fewer levers. They should install the June updates, keep Defender and security intelligence current, avoid running unknown tools, and be especially skeptical of “fix” utilities or exploit-check scripts from random repositories. The most likely path to harm for ordinary users is not a movie-style remote takeover from the open internet; it is being tricked into running something that gives a local exploit its opening.
The bigger patch has to be procedural. Microsoft needs to show researchers that severe reports will be handled transparently, bounty decisions will be explained credibly, and disputes will not default to corporate muscle. It also needs to show customers that public zero-days involving core Windows security features trigger clear, timely guidance rather than fragmented signals from reporters, researchers, and social media.
This is harder than shipping a binary fix. Process failures do not have a single vulnerable function to rewrite. They involve legal teams, security response centers, communications staff, product engineers, bounty managers, and executives who may all have different views of risk.
But Microsoft’s scale makes process a security feature. If independent researchers decide the company is fair, predictable, and fast, more bugs stay private until patched. If they decide it is opaque or punitive, more disputes will spill into public view. That is not an endorsement of exploit dumping; it is a recognition of how trust works.
The company also needs to be careful not to treat community anger as mere anti-Microsoft reflex. Some of it is that, of course. But some of it comes from users who feel Windows has become more coercive while its security promises remain imperfect. When that audience sees Microsoft threatening a researcher instead of visibly resolving the underlying vulnerability pipeline, the reaction is not hard to predict.
Microsoft Patched the Month, Not the Feud
June’s Patch Tuesday should have been the kind of release that dominates security calendars by sheer mass. Depending on how various researchers count republished Chromium issues and product-family entries, Microsoft addressed roughly 200 vulnerabilities, with several dozen rated critical and multiple publicly disclosed zero-days in the mix. For enterprise administrators, that is not a patch cycle; it is a triage event.Then RoguePlanet arrived.
That timing is the point. Nightmare Eclipse did not merely publish another proof of concept; they published it immediately after Microsoft’s largest-ever Patch Tuesday window, creating the maximum possible contrast between Redmond’s monthly security machinery and the uncomfortable fact that fully patched systems may still be exposed. It turns the ritual of “install the updates and exhale” into something more brittle.
The exploit reportedly targets Microsoft Defender and abuses a race condition to produce a command shell running with SYSTEM privileges. That distinction matters because SYSTEM is not just “administrator but louder.” It is the level of local authority Windows reserves for the operating system itself, which means a successful exploit can become a pivot point for disabling defenses, installing persistence, or moving laterally if paired with other access.
This is also why the usual comfort phrase — proof of concept — feels inadequate. A proof of concept may be intended to demonstrate a flaw, but in the wrong hands it can also become a recipe. The more complete, reliable, and public it is, the shorter the distance between research drama and operational risk.
RoguePlanet Is a Defender Problem With a Trust Problem Attached
On the technical merits, RoguePlanet is most alarming because it appears to involve Defender, the security component many Windows users treat as the baseline protection layer. Defender is not a niche enterprise add-on. It ships with Windows, it runs widely, and it sits in the privileged, always-on space where security software often has to operate.That is a dangerous neighborhood for bugs. Security products tend to inspect untrusted input, run background services, handle elevated operations, and integrate deeply with the operating system. When they fail, they can fail with the very privileges they were granted to protect the machine.
The details being reported suggest RoguePlanet is not a universal, click-once-and-win exploit. Race conditions can be timing-sensitive, system-dependent, and unreliable across hardware and configurations. That will lead some people to downgrade the threat in their heads.
They should be careful. Unreliability is not the same as harmlessness. Attackers have a long history of turning fiddly local privilege escalation bugs into practical tools through retries, environment checks, and chaining. A bug that does not work on every system is still a problem if it works often enough on the machines that matter.
It also raises an awkward question about patch lineage. RoguePlanet is being described as a modification or bypass related to earlier patched work rather than an entirely unrelated discovery. If that holds, the story becomes less about one researcher’s escalating protest and more about whether Microsoft is applying narrow fixes to symptoms while leaving nearby attack surfaces intact.
The Researcher’s Grievance Does Not Make Users Fair Game
Nightmare Eclipse has framed the releases as retaliation or forced transparency after Microsoft allegedly reneged on an arrangement, likely tied to vulnerability disclosure and bounty expectations. That claim has not been publicly proven in full, and the exact terms of any exchange remain murky. But the broad shape is familiar: a researcher believes the vendor undervalued a bug, mishandled communication, or tried to control the narrative after receiving private details.Bug bounty programs exist partly to prevent this. They turn vulnerability discovery into a structured transaction: report privately, give the vendor time to patch, receive recognition and possibly money, and keep users safer while the process unfolds. When that system breaks down, both sides reach for moral language very quickly.
Microsoft’s moral language has been “irresponsible disclosure.” Nightmare Eclipse’s has been closer to “you broke the deal first.” The public’s reaction, judging from security forums and community discussion, has not been uniformly sympathetic to Microsoft. That should worry the company more than the theatrics of any single GitHub post.
Users may dislike zero-day dumps, but many also distrust vendor-controlled disclosure systems that appear opaque, inconsistent, or punitive. If researchers believe they can be ignored, underpaid, threatened, or deplatformed after privately reporting severe bugs, some will choose spectacle over process. That does not make the spectacle safe, but it does make it predictable.
The uncomfortable truth is that both things can be true at once. A researcher can have a legitimate grievance with Microsoft’s handling of vulnerabilities, and still be endangering ordinary users by publishing weaponizable exploit details before a patch exists. The collateral damage does not become acceptable because the vendor behaved badly.
Microsoft’s Legal Reflex Made the Security Story Worse
Microsoft reportedly responded to earlier Nightmare Eclipse disclosures by condemning the behavior and threatening legal action. That may have been emotionally satisfying inside a legal or communications meeting. It was strategically clumsy.Threatening a pseudonymous researcher during a live zero-day dispute shifts the story from “Microsoft is protecting customers” to “Microsoft is trying to punish the person embarrassing it.” That is especially risky for a company already facing years of frustration over Windows changes, forced-feeling integration, advertising creep, update reliability, account requirements, and the general sense that users are increasingly managed rather than served.
This is not to say Microsoft should smile politely while exploit code spreads. A vendor has every reason to discourage public release of unpatched vulnerabilities, and there are cases where legal tools may be appropriate. But legal threats do not patch endpoints. They do not rebuild trust with researchers. They do not help administrators explain to executives why yesterday’s emergency patch window did not end the risk.
The apparent retreat from legal threats shows Microsoft understood at least part of the backlash. But backing away from the threat is not the same as solving the disclosure failure. If the researcher’s core complaint is compensation, recognition, or handling of previous reports, the only durable fix is a process that security researchers can trust even when the answer is “no bounty” or “lower severity than claimed.”
Microsoft is not a small vendor learning this for the first time. It runs one of the world’s most attacked software ecosystems. Windows is everywhere from gaming rigs to hospitals, factories, school districts, trading desks, and small businesses with no dedicated security staff. A disclosure breakdown in this ecosystem scales immediately.
Patch Tuesday Cannot Be the Only Safety Net
The monthly patch cadence is one of Microsoft’s great operational achievements and one of its most obvious limitations. Patch Tuesday gives administrators predictability. It allows testing cycles, maintenance windows, compliance reporting, and vendor coordination. In a sane month, that rhythm is a feature.Zero-days make the rhythm look slow.
RoguePlanet’s release hours after the June updates underlines the mismatch between calendar-based maintenance and adversarial timing. Attackers do not wait for the second Tuesday. Researchers in a feud certainly do not. Even Microsoft Defender’s own update mechanisms, which can ship intelligence and platform updates outside the normal Windows cumulative update cycle, cannot magically repair every product flaw the moment exploit code appears.
For sysadmins, this creates the worst kind of ambiguity. The June cumulative update is still important and should still be deployed according to risk tolerance and testing reality. But installing it does not close the RoguePlanet question. That means administrators have to communicate a subtle message: “Patch immediately, but do not assume patching is complete mitigation.”
That message is hard to sell. Executives prefer red-yellow-green dashboards. Help desks prefer known-good recommendations. Security teams prefer CVEs, severity scores, and vendor guidance. A fresh public zero-day without a formal fix lives in the gray zone where everyone is responsible and nobody has a satisfying control.
The temptation is to wait for Microsoft to publish a CVE, an advisory, or a Defender platform update. In some environments, that may be the only practical option. But higher-risk shops should already be thinking about detection, privilege boundaries, application control, Defender tamper protection, endpoint telemetry, and whether local admin exposure makes this kind of bug more valuable to an intruder.
The Windows Security Model Keeps Paying Interest on Old Debt
Local privilege escalation flaws are sometimes treated as second-tier vulnerabilities because they generally require an attacker to already have some foothold. That framing has always been too neat. Modern intrusions are chained events, and a local privilege escalation bug can be the step that turns a phished user, a malicious document, a browser exploit, or a low-privilege service compromise into full machine ownership.Windows has spent decades balancing compatibility, manageability, and security. That balance is the reason old applications still run, drivers can support obscure hardware, and administrators can automate almost anything. It is also why the platform carries a vast amount of privileged machinery that must interact with messy real-world inputs.
Defender sits in the middle of that bargain. Microsoft has made Defender good enough that many organizations rely on it as a primary endpoint security layer, especially when bundled licensing makes third-party tools harder to justify. That success increases the consequences when Defender itself becomes part of the attack surface.
The irony is sharp. Microsoft has spent years arguing that integrated security is a reason to stay in its ecosystem. The more Windows, Defender, identity, cloud management, and telemetry are fused into a single security story, the more a public flaw in one pillar shakes confidence in the whole pitch.
That does not mean Defender is uniquely bad. All endpoint security products carry risk because they operate at high privilege and inspect hostile material. But Microsoft’s scale changes the equation. A Defender bug is not just a vendor bug; it is a Windows ecosystem event.
Public Exploit Drops Are a Symptom of a Broken Incentive System
The security industry likes to talk about responsible disclosure as if it were a universally accepted norm with a few bad actors outside the fence. The reality is less tidy. Disclosure is an incentive system, and incentive systems fail when participants believe the other side has too much power.Vendors want time, control, and minimal reputational damage. Researchers want acknowledgement, fair severity assessment, payment where applicable, and assurance that their work will not disappear into a corporate queue. Users want the vulnerability fixed before criminals learn how to exploit it. These interests overlap, but they are not identical.
Bug bounties were supposed to professionalize the exchange. In many cases, they have. But bounty programs can also create resentment when payout decisions feel arbitrary, when duplicate findings are rejected without adequate explanation, or when a vendor’s internal severity model diverges from a researcher’s view of real-world exploitability.
Microsoft’s particular challenge is that Windows vulnerabilities are rarely abstract. A bypass in BitLocker, a Defender elevation, or a SYSTEM-level local exploit feels tangible to users. These are not edge-case bugs in a forgotten component. They touch the basic promise that the operating system can defend its own boundary lines.
Nightmare Eclipse’s conduct, if accurately reported, is reckless in its public consequences. But the fact that the releases are generating sympathy in some corners should be read as an indictment of the broader relationship between major vendors and independent researchers. When people cheer the person dropping zero-days, even nervously, the vendor has already lost part of the trust battle.
Administrators Are Left Managing Risk Without a Clean Button to Press
For Windows administrators, the practical response starts with refusing the false choice between panic and complacency. RoguePlanet is not a reason to freeze June patching. It is a reason to patch, monitor, and assume that patching alone may not settle the issue.The first operational concern is exposure. If the exploit requires local code execution, then the defensive priority becomes reducing the paths by which untrusted code runs in the first place. That means browser hardening, email attachment controls, application control, script restrictions, least privilege, and keeping users away from local administrator rights wherever possible.
The second concern is visibility. A Defender-spawned SYSTEM shell is not a normal administrative event in most environments. Endpoint detection rules should be watching suspicious child processes, unusual command shell invocation, privilege escalation patterns, Defender service anomalies, and post-exploitation behavior rather than waiting for a perfect RoguePlanet signature.
The third concern is communications. Security teams should tell stakeholders that Microsoft’s June updates are necessary but may not address this specific public exploit. That sentence is frustrating, but it is better than letting leadership believe the Patch Tuesday reboot closed every headline risk.
Home users have fewer levers. They should install the June updates, keep Defender and security intelligence current, avoid running unknown tools, and be especially skeptical of “fix” utilities or exploit-check scripts from random repositories. The most likely path to harm for ordinary users is not a movie-style remote takeover from the open internet; it is being tricked into running something that gives a local exploit its opening.
The Real Patch Microsoft Needs Is Procedural
Microsoft will likely patch RoguePlanet, assign or update a CVE if it validates the issue, and fold detections into Defender and associated telemetry. That is the expected technical response. It is necessary, but it will not close the story.The bigger patch has to be procedural. Microsoft needs to show researchers that severe reports will be handled transparently, bounty decisions will be explained credibly, and disputes will not default to corporate muscle. It also needs to show customers that public zero-days involving core Windows security features trigger clear, timely guidance rather than fragmented signals from reporters, researchers, and social media.
This is harder than shipping a binary fix. Process failures do not have a single vulnerable function to rewrite. They involve legal teams, security response centers, communications staff, product engineers, bounty managers, and executives who may all have different views of risk.
But Microsoft’s scale makes process a security feature. If independent researchers decide the company is fair, predictable, and fast, more bugs stay private until patched. If they decide it is opaque or punitive, more disputes will spill into public view. That is not an endorsement of exploit dumping; it is a recognition of how trust works.
The company also needs to be careful not to treat community anger as mere anti-Microsoft reflex. Some of it is that, of course. But some of it comes from users who feel Windows has become more coercive while its security promises remain imperfect. When that audience sees Microsoft threatening a researcher instead of visibly resolving the underlying vulnerability pipeline, the reaction is not hard to predict.
RoguePlanet Turns One Bug Into a Test of Microsoft’s Security Compact
The most concrete lesson from this episode is not that Windows is doomed or that every Defender installation is instantly compromised. It is that the security compact around Windows depends on more than code. It depends on researchers believing private disclosure is worth it, administrators receiving timely guidance, and users trusting that Microsoft’s security posture is more than a monthly patch spectacle.- RoguePlanet reportedly affects fully patched Windows 10 and Windows 11 systems by abusing Microsoft Defender behavior to obtain a SYSTEM-level command prompt.
- The exploit’s race-condition nature may make it unreliable across all machines, but unreliable local privilege escalation can still be operationally useful to attackers.
- Microsoft’s June 2026 Patch Tuesday remains important, but it should not be assumed to mitigate RoguePlanet unless Microsoft issues specific guidance or a fix.
- Organizations should treat the current risk as a detection and hardening problem, not merely a waiting game for the next cumulative update.
- The public dispute between Nightmare Eclipse and Microsoft is now part of the threat model because it affects when vulnerabilities become public and how much warning defenders receive.
- Microsoft’s long-term challenge is to repair researcher trust without normalizing public exploit drops that put customers in the middle.
References
- Primary source: PC Perspective
Published: 2026-06-10T18:20:10.363409
Loading…
pcper.com - Related coverage: windowscentral.com
- Related coverage: computerweekly.com
Microsoft smashes record for biggest ever Patch Tuesday update | Computer Weekly
Microsoft has not only broken but obliterated the record for the largest ever Patch Tuesday drop, with its June 2026 update addressing approximately 200 flaws, and three zero-days.www.computerweekly.com
- Related coverage: cybernews.com
Loading…
cybernews.com - Related coverage: arstechnica.com
Loading…
arstechnica.com - Related coverage: absolute.com
Patch Tuesday June 2026: 211 Fixes, Critical CVEs | Absolute Security Blog
Microsoft Patch Tuesday June 2026 delivers 211 fixes and 37 critical vulnerabilities. Learn key risks, CVEs, and how to prioritize enterprise patching.
www.absolute.com
- Related coverage: ap7i.com
Microsoft's June 2026 Patch Tuesday: A Record 200 Flaws, 3 Zero-Days
The largest Patch Tuesday ever shipped: roughly 200 vulnerabilities, 33 Critical, three publicly disclosed zero-days, and a CVSS 9.8 in Nuance PowerScribe that radiology shops should not sit on. The Secure Boot certificate deadline is 17 days out — this is the last Patch Tuesday before it.ap7i.com
- Related coverage: bruno.digital
Loading…
bruno.digital - Related coverage: darkreading.com
Loading…
www.darkreading.com - Related coverage: helpnetsecurity.com
Loading…
www.helpnetsecurity.com - Related coverage: scworld.com
Patch Tuesday: No zero days among 137 Microsoft CVEs, 4 Word RCEs
The May 2026 Microsoft security update included no zero days for the first time since June 2024.www.scworld.com
- Related coverage: cyberscoop.com
Microsoft breaks Patch Tuesday record with 206 vulnerabilities
Fears and warnings about a roaring flood of error-riddled software have materialized. And the disease is spreading.
cyberscoop.com
- Related coverage: tomsguide.com
Loading…
www.tomsguide.com - Related coverage: itpro.com
Microsoft patches six zero-days targeting Windows, Word, and more – here’s what you need to know
Patch Tuesday update targets large number of vulnerabilities already being used by attackers
www.itpro.com
- Related coverage: sra.io
Loading…
sra.io - Related coverage: labs.cloudsecurityalliance.org