UMVA has learned that Microsoft's June security update, known as Patch Tuesday, is the company's largest ever, with fixes for more than 200 bugs—three of which are zero-days that have been publicly disclosed.
The release addresses 206 flaws across various categories, including elevation-of-privilege vulnerabilities, security feature bypass vulnerabilities, remote-code-execution vulnerabilities, information disclosure vulnerabilities, spoofing vulnerabilities, denial of service vulnerabilities, and tampering vulnerabilities.
Thirty-nine of the bugs are rated "critical" and include remote code execution, elevation of privilege, and information disclosure flaws. These critical vulnerabilities highlight the importance of installing the latest security updates to protect against potential cyber threats.
UMVA can exclusively reveal that the June Patch Tuesday update includes fixes for three publicly disclosed zero-days. These zero-day flaws are vulnerabilities that have been actively exploited or publicly disclosed before an official fix is released.
The first zero-day, labeled CVE-2026-45586, is an elevation of privilege vulnerability in the Windows Collaborative Translation Framework. This flaw allows an authorized attacker to gain SYSTEM privileges via improper link resolution, posing a significant risk to affected systems.
The second zero-day, CVE-2026-49160, is an HTTP.sys denial of service vulnerability that abuses the HTTP/2 protocol. This vulnerability allows attackers to tie up memory and cause performance issues or outages, highlighting the need for prompt patching.
The third zero-day, CVE-2026-50507, is a Windows Bitlocker security feature bypass vulnerability. This flaw would allow a local attacker to gain access to an encrypted drive using files on a USB drive or EFI partition, emphasizing the importance of securing sensitive data.
Microsoft's Patch Tuesday updates are typically released at 10 am PT on the second Tuesday of every month. Users can expect to receive these updates automatically, but they can also check for updates manually via Start > Settings > Windows Update.
