Skip to content
Auto-CTI
Back to all deep dives
TENABLE BLOG

Microsoft's June 2026 Patch Tuesday Addresses 198 CVEs (CVE-2026-49160, CVE-2026-50507)

KEV CRITICAL patch-tuesday remote-desktop zero-day rce

Strategic summary

Microsoft addressed 198 vulnerabilities in its June 2026 Patch Tuesday, the largest release ever. This includes 32 critical and 166 important CVEs, along with three zero-day vulnerabilities. A wide range of products are affected, such as Windows components, Microsoft Office, Exchange Server, and Azure services. Organizations in the manufacturing sector should immediately apply critical patches to reduce their attack surface.

Key findings

  • The June 2026 Patch Tuesday is the largest in the program's history, covering 198 CVEs.
  • 32 CVEs are rated critical, posing significant risks for remote code execution and privilege escalation.
  • Three zero-day vulnerabilities (details undisclosed) were actively exploited and require immediate attention.
  • Core components like Windows Kernel, Office, Exchange, and Hyper-V are affected, widely used in production environments.
  • Companies in the DACH region should prioritize critical patches, especially for manufacturing systems.

Relevance for you

Largest Patch Tuesday release with 32 critical vulnerabilities and three zero-days including Remote Desktop Client RCE; requires prioritization for Windows Server and RDP-based remote access systems.

Full text

[Microsoft’s June 2026 Patch Tuesday Addresses 198 CVEs ( CVE-2026-49160, CVE-202]

Manage cyber risk with one platform to find, prioritize and eliminate exposures across your attack surface.

Explore By Use Case

Tenable is the one clear leader in Exposure Management

Accelerate your exposure management strategy with practical resources and tools.

Explore By Use Case

Tenable is the one clear leader in Exposure Management

Accelerate your exposure management strategy with practical resources and tools.

7-minute read Jun 9 2026

1. 32 Critical 2. 166 Important 3. 0 Moderate 4. 0 Low

**Microsoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days.**

Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs that were already addressed by Microsoft via servicing and do not require additional customer action to resolve as well as 2 CVEs that were disclosed by other CNAs (CVE-2025-10263 and CVE-2026-8863). This Patch Tuesday release is the largest release since the Patch Tuesday program began, smashing the previous record of 167 CVEs in the October 2025 Patch Tuesday release.

  • Active Directory Domain Services
  • Copilot Chat (Microsoft Edge)
  • Function Discovery Service (fdwsd.dll)
  • GitHub Copilot and Visual Studio Code
  • Microsoft Azure Attestation service and Device Health Attestation Service
  • Microsoft Azure Kubernetes Service
  • Microsoft Defender for Endpoint
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Live Share Canvas SDK
  • Microsoft Teams for Android
  • Microsoft UxTheme Library (uxtheme.dll)
  • UI Automation Manager (uiamanager.dll)
  • Universal Plug and Play (upnp.dll)
  • Windows Administrator Protection
  • Windows Ancillary Function Driver for WinSock
  • Windows Application Identity (AppID) Subsystem
  • Windows Bluetooth Port Driver
  • Windows Collaborative Translation Framework
  • Windows Common Log File System Driver
  • Windows DWM Core Library
  • Windows Hotpatch Monitoring Service
  • Windows Mark of the Web (MOTW)
  • Windows NT OS Kernel
  • Windows Network Controller (NC) Host Agent
  • Windows Program Compatibility Assistant Service
  • Windows Projected File System Filter Driver
  • Windows Universal Disk Format File System Driver (UDFS)
  • Windows Win32K - GRFX

Elevation of Privilege (EoP) vulnerabilities accounted for 31.8% of the vulnerabilities patched this month, followed by remote code execution (RCE) vulnerabilities at 27.3%.

CVE-2026-50507 | Windows BitLocker Security Feature Bypass Vulnerability

CVE-2026-50507 is a security feature bypass vulnerability affecting Windows BitLocker. It received a CVSSv3 score of 6.8 and is rated as important. It was publicly disclosed prior to a patch being available and assessed as “Exploitation More Likely” according to Microsoft's Exploitability Index.

According to Microsoft, an attacker with physical access to the system could bypass the BitLocker Device Encryption feature in order to gain access to the device's encrypted data. This vulnerability appears to be the flaw known as Bitskrieg and a collaboration between Chaotic Eclipse (Nightmare Eclipse) and Jonas L.

CVE-2026-49160 | HTTP.sys Denial of Service Vulnerability

CVE-2026-49160 is a denial of service (DoS) vulnerability affecting HTTP.sys. It received a CVSSv3 score of 7.5 and is rated as important. It was assessed as “Exploitation More Likely” and publicly disclosed prior to a patch being available. According to the advisory, this DoS affects HTTP/2. The advisory notes that this update adds a MaxHeadersCount registry setting which can be used to limit the number of headers included in HTTP/2 and HTTP/3 requests.

Dubbed HTTP/2 Bomb by researchers at Calif, which is credited by Microsoft for reporting the DoS, their blog describes the technical details and provides a proof-of-concept which can be used to test web servers against this vulnerability. As noted in the blog post, at the time it was released, Microsoft had not yet released patches.

CVE-2026-45586 | Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability

CVE-2026-45586 is an EoP vulnerability affecting Windows Collaborative Translation Framework (CTFMON), a process that supports voice and handwriting recognition. It was assigned a CVSSv3 score of 7.8 and rated as important. This EoP flaw was one of three zero-days disclosed prior to patches being made available. Successful exploitation would grant an attacker SYSTEM privileges and Microsoft has assessed this vulnerability as “Exploitation More Likely.”

CVE-2026-42909, CVE-2026-42913, CVE-2026-42985, CVE-2026-42992, CVE-2026-42993, CVE-2026-44799, CVE-2026-44801, CVE-2026-47289, CVE-2026-47653, CVE-2026-47654 and CVE-2026-48563 | Remote Desktop Client Remote Code Execution Vulnerability

While no public details have been released about these vulnerabilities as of June 9, Microsoft has assessed CVE-2026-42985 as “Exploitation More Likely” while the other CVEs were classified as either “Exploitation Unlikely” or “Exploitation Less Likely.” Patches are available for supported versions of Windows and Windows Server.

Out Of Band Updates

While these updates were released prior to the Patch Tuesday release on June 9, they were outside the window for the May release and are noted here as they are significant.

CVE-2026-41091 | Microsoft Defender Elevation of Privilege Vulnerability

CVE-2026-41091 is an EoP vulnerability in Microsoft Defender. It received a CVSSv3 score of 7.8 and is rated important. An unprivileged attacker could exploit this vulnerability by writing a specially crafted file to a privileged location. Successful exploitation would result in Microsoft Defender writing the file back to the privileged location, gaining privileges as SYSTEM.

According to reports, CVE-2026-41091 is RedSun, a zero-day vulnerability disclosed by a researcher named Chaotic Eclipse or Nightmare Eclipse on April 15, 2026. This researcher has also published several additional zero-days recently, including BlueHammer (CVE-2026-33825), GreenPlasma, MiniPlasma and collaborated on Bitskrieg (CVE-2026-50507). It has since been exploited in the wild and added to the Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities (CISA KEV) catalog on May 20.

CVE-2026-45585 | Windows BitLocker Security Feature Bypass Vulnerability

CVE-2026-45585 is a security feature bypass vulnerability affecting Windows BitLocker. It received a CVSSv3 score of 6.8 and is rated as important. This vulnerability is known as YellowKey, named by the researcher known as Chaotic Eclipse or Nightmare Eclipse.

A proof-of-concept (PoC) was made public on May 13, prompting Microsoft to publish the original advisory and CVE identifier on May 19th, offering mitigation guidance.

Exploitation does require physical access to the device, however Microsoft has assessed this vulnerability as “Exploitation More Likely.”

A list of all the plugins released for Microsoft’s June 2026 Patch Tuesday update can be found here. As always, we recommend patching systems as soon as possible and regularly scanning your environment to identify those systems yet to be patched.

_**Learn more about**__**Tenable One**__**, the Exposure Management Platform for the modern attack surface.**_

The Research Special Operations (RSO) team serves as Tenable’s Forward Logistics Element in the threat landscape, providing customers with the analyses and contextualized exposure intelligence required to manage risks to critical business assets. With over 150 years of collective expertise, this han... Read more

What the Miasma campaign reveals about the new supply chain threat model and…

Oracle June 2026 Critical Security Patch Update Addresses 243 CVEs (CVE-2026…

Improving precision in CTEM: How continuous controls validation in Tenable One…

  • Tenable Nessus Network Monitor
  • Tenable Security Center Plus
  • Tenable Vulnerability Management

Your exposure ends here

Your exposure ends here

Your exposure ends here

Your exposure ends here

Your exposure ends here

Your exposure ends here

The world’s leading AI-powered exposure management platform.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable One.

A representative will be in touch soon.

**Debug:** Form ID: 7469

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: one-eval-form-wrapper

Confirmation Class: one-eval-confirmform-modal

Tenable One Cloud Exposure

Close cloud exposure with the actionable cloud security platform.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable One Cloud Exposure.

A representative will be in touch soon.

**Debug:** Form ID: 10155

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: tenable-cs-form-wrapper

Confirmation Class: tenable-cs-confirmform-modal

Identify and prioritize vulnerabilities based on risk to your business. Managed on premises.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable Security Center.

A representative will be in touch soon.

**Debug:** Form ID: 3504

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: tenable-sc-eval-form-wrapper

Confirmation Class: tenable-sc-eval-confirmform-modal

Streamline security and IT collaboration and shorten the mean time to remediate with automation.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable Patch Management.

A representative will be in touch soon.

**Debug:** Form ID: 13149

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: patch-mgmt-form-wrapper

Confirmation Class: patch-mgmt-confirmform-modal

Know, expose and close IT and container vulnerabilities.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable Enclave Security.

A representative will be in touch soon.

**Debug:** Form ID: 12543

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: enclave-form-wrapper

Confirmation Class: enclave-confirmform-modal

Tenable One Attack Surface Management

Gain visibility into your internet-connected assets to eliminate blind spots and unknown sources of risk.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable One Attack Surface Management.

A representative will be in touch soon.

**Debug:** Form ID: 6937

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: asm-eval-form-wrapper

Confirmation Class: asm-eval-confirmform-modal

Tenable One AI Exposure

See, secure, and manage how your teams use AI platforms.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable One AI Exposure.

A representative will be in touch soon.

**Debug:** Form ID: 14854

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: ai-exposure-form-wrapper

Confirmation Class: ai-exposure-confirmform-modal

Tenable One OT Exposure

Close OT exposure with the unified security solution for converged OT/IT environments.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

Thank you for your interest in Tenable One OT Exposure.

A representative will be in touch soon.

**Debug:** Form ID: 3879

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: ot-eval-form-wrapper

Confirmation Class: ot-eval-confirmform-modal

Tenable One Identity Exposure

Close identity exposure with the essential solution for the identity-intelligent enterprise.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

By submitting your information on this page, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thank you for your interest in Tenable One Identity Exposure.

A representative will be in touch soon.

**Debug:** Form ID: 4178

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: ad-eval-form-wrapper

Confirmation Class: ad-eval-confirmform-modal

See Tenable in action

Want to see how Tenable can help your team find and fix critical cyber weaknesses that put your business at risk? Complete this form to get a custom quote or demo.

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

You should receive a confirmation email shortly and one of our representatives will be in touch.

**Debug:** Form ID: 13427

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: why-compare-form-form-wrapper

Confirmation Class: why-compare-form-confirmform-modal

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.

You should receive a confirmation email shortly and one of our Sales Development Representatives will be in touch. Route any questions to [SLCGP@tenable.com](mailto:SLCGP@tenable.com).

**Debug:** Form ID: 10616

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments c-form--compact

Form Wrapper ID: slcgp-form-wrapper

Confirmation Class: slcgp-confirmform-modal

Cybersecurity news you can use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Thank you for subscribing!

**Debug:** Form ID: 3971

Form Class: c-form form-panel__global-form c-form--mkto js-mkto-no-css js-form-hanging-label c-form--hide-comments

Form Wrapper ID: blog-subscribe-form-wrapper

Confirmation Class: blog-subscribe-confirmform-modal

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Web App Scanning.

Step 1 of 4

Step 2 of 4

Step 3 of 4

Step 4 of 4

Create My Trial in

By registering for this trial license, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thanks!

You will receive an email confirmation in the next few minutes with next steps.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

1 Year$3,700 2 Years$7,215 3 Years$10,545

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

Thank you for your interest in Tenable Vulnerability Management.

A representative will be in touch soon.

**Debug:** Form ID: 3174

Form Class: c-form c-form--mkto js-mkto-no-css js-form-hanging-label

Form Wrapper ID: vm-form-wrapper

Confirmation Class: vm-confirmform-modal

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. **Sign up now.**

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management.

Step 1 of 4

Step 2 of 4

Step 3 of 4

Step 4 of 4

Create My Trial in

By registering for this trial license, Tenable may send you email communications regarding its products and services. You may opt out of receiving these communications at any time by using the unsubscribe link located in the footer of the emails delivered to you. You can also manage your Tenable email preferences by visiting the Subscription Management Page.

Thanks!

You will receive an email confirmation in the next few minutes with next steps.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. **Purchase your annual subscription today.**

Comments (Limited to 255 characters):

  • [x] I would like to receive marketing communications from Tenable regarding its products and services.

Thank you for your interest in Tenable Web App Scanning.

A representative will be in touch soon.

**Debug:** Form ID: 3258

Form Class: c-form c-form--mkto js-mkto-no-css js-form-hanging-label

Form Wrapper ID: was-form-wrapper

Confirmation Class: was-confirmform-modal

Try Tenable Nessus Professional free

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Fill out the form below to continue with a Nessus Pro trial.

Buy Tenable Nessus Professional

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Buy a multi-year license and save more.

1 Year$4,790 2 Years$9,331(Save $249) 3 Years$13,638(Save $732)

Add support and training

24x365 Access to phone, email, community, and chat support. More info.

*VAT incl.

Try Tenable Nessus Expert free

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Buy a multi-year license and save more.

1 Year$6,790*Save 2 Years$13,208*(Save $372) 3 Years$19,304*(Save $1,066)

Add support and training

Nessus Fundamentals + Nessus Advanced$385

1 Year Access to the Nessus Fundamentals and Nessus Advanced On-Demand Video Courses for 1 person. More info.

With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues.

Advanced Support Plan Features

Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts.

Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year.

Tenable Community Support Portal

All named support contacts can open support cases within the Tenable Community. Users can also access the Knowledge Base, documentation, license information, technical support numbers, etc.; utilize live chat, ask questions to the Community, and learn about tips and tricks from other Community members.

P1-Critical: < 2 hr

P2-High: < 4 hr

P3-Medium: < 12 hr

P4-Informational: < 24 hr

Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software. Support contacts must speak English and conduct support requests in English. Support contacts must provide information reasonably requested by Tenable for the purpose of reproducing any Error or otherwise resolving a support request.

Mentioned CVEs

Risk score

100
cvss base
75.00
kev bonus
20.00
epss bonus
0.00
poc bonus
15.00
raw before weight
110.00
industry weight
1.21
freshness factor
1.00
exploitability factor
1.00
days old
0.00
vendor mismatch penalty
0.00

Path: operational

ESC