Microsoft's June 2026 security update: Over 200 vulnerabilities fixed to thwart major cyber risks

To help system administrators and users gain a thorough understanding and avoid missing any threats, the more than 200 vulnerabilities addressed in this Patch Tuesday update have been analyzed and classified.

Based on technical data from BleepingComputer and reports from Cisco Talos, below is the complete list of CVE IDs organized by major categories within the Microsoft ecosystem.

Which publicly disclosed zero-day vulnerabilities are included in this release?

The most dangerous group of zero-day vulnerabilities this month includes three flaws whose information was widely exposed to the public before an official patch was available. They focus on breaking core security boundaries of the operating system, ranging from system privileges to data encryption mechanisms. Fortunately, at the time of publication, Microsoft had not recorded any real-world exploitation of these weaknesses.

Below is the detailed list of CVEs in this category:

• CVE-2026-45586 (GreenPlasma): Elevation of privilege flaw to SYSTEM level within the Windows Collaborative Translation Framework (CTFMON).

• CVE-2026-49160 (HTTP/2 Bomb): Denial of Service (DoS) vulnerability achieved by manipulating the header cache of the HTTP.sys protocol.

• CVE-2026-50507 (YellowKey): Security feature bypass flaw in Windows BitLocker encryption via physical attack through the WinRE recovery environment.

What does the Remote Code Execution (RCE) vulnerability group on Windows systems consist of?

This segment accounts for a massive portion of the release, containing 55 vulnerabilities, many of which are classified as critical. Attackers can exploit these weaknesses to execute malicious code remotely over a network without requiring any user interaction. Experts have broken this group down based on the predicted likelihood of exploitation in the wild.

The detailed list includes the following CVEs:

More Likely to be Exploited:

• CVE-2026-42985: Heap-based buffer overflow vulnerability within the Remote Desktop Client architecture.

• CVE-2026-47291: Integer overflow or wraparound vulnerability located in the Windows HTTP Protocol Stack (http.sys).

• CVE-2026-44803 & CVE-2026-44812: Integer overflow or wraparound vulnerabilities in the Win32K – GRFX subsystem.

Less Likely to be Exploited:

• CVE-2026-42992, CVE-2026-44799, CVE-2026-44801, CVE-2026-47289, CVE-2026-48563, CVE-2026-47654: Critical heap-based buffer overflow vulnerabilities in the Remote Desktop Client.

• CVE-2026-45607, CVE-2026-45641, CVE-2026-47652: Critical out-of-bounds read vulnerabilities in the Windows Hyper-V virtualization environment.

• CVE-2026-45657: Critical use-after-free vulnerability in the Windows Kernel.

• CVE-2026-42987: Use-after-free flaw in the Windows Deployment Services (WDS).

• CVE-2026-44815: Stack-based buffer overflow vulnerability in the Windows DHCP Client.

• CVE-2026-45648: Critical stack-based buffer overflow flaw in Windows Active Directory Domain Services.

• CVE-2026-47288: Integer overflow vulnerability in the Windows Kerberos Key Distribution Center (KDC).

• CVE-2026-26142: Remote code execution vulnerability due to the deserialization of untrusted data in Nuance Powerscribe.

Which vulnerabilities affect the Microsoft Office suite and Outlook?

Familiar office productivity applications face several risks of local code execution and internal data exposure. The most concerning aspect is that these flaws can automatically trigger the moment a user merely opens an email via the preview pane. Addressing this group entirely helps secure the communication streams of organizations.

The specific flaws affecting Office and Outlook include the following:

Type Confusion Group:

• CVE-2026-45456, CVE-2026-45458, CVE-2026-47635: Critical remote code execution vulnerabilities that occur when Outlook (classic) uses Word's rendering functionality to display emails in the preview pane.

Use-After-Free Group:

• CVE-2026-45461, CVE-2026-45463, CVE-2026-45472, CVE-2026-45474: Critical memory corruption flaws in Microsoft Office that allow local malicious code execution.

Memory Leak / Disclosure Group:

• CVE-2026-45460: Critical buffer over-read vulnerability causing local information disclosure in Office.

• CVE-2026-44821, CVE-2026-44819, CVE-2026-44824, CVE-2026-45485, CVE-2026-45645: Other information disclosure and code execution flaws within the Office subsystem.

What flaws impact Azure cloud services, Copilot AI systems, and networks?

Cloud infrastructure and next-generation artificial intelligence tools also face a series of dangerous privilege and authorization flaws. Attackers can exploit network configurations to escape container security boundaries and seize control of host worker nodes. Patching these flaws is essential to ensure the integrity of online operations.

The specific CVE IDs are categorized as follows:

Azure Virtualization and Cloud Environments:

• CVE-2026-32193: Path traversal vulnerability in Azure Kubernetes Service (AKS), allowing container escape to control the worker node.

• CVE-2026-48567: Critical elevation of privilege flaw via spoofing-based authentication bypass in Azure HorizonDB.

• CVE-2026-45476: Critical use-after-free elevation of privilege flaw in the Linux MANA Driver of the Microsoft Azure Network Adapter.

• CVE-2026-47643 & CVE-2026-41098: Remote code execution and spoofing vulnerabilities in the Azure Stack Edge platform.

Copilot AI Systems and Connectivity Services:

• CVE-2026-47644: Critical information disclosure vulnerability via improper neutralization of special elements (injection) in the Copilot Chat extension (Microsoft Edge).

• CVE-2026-45497 & CVE-2026-42824: Remote code execution vulnerabilities due to command injection in the Microsoft M365 Copilot assistant.

• CVE-2026-48579: Critical information disclosure flaw caused by improper authorization in Microsoft Exchange Online.

• CVE-2026-47655: Critical information disclosure vulnerability exposing sensitive data over the network via Microsoft Graph.

How do elevation of privilege flaws and other subsystems affect Windows?

Beyond the primary domains, this security update cleans up a massive array of scattered flaws within core system libraries. These vulnerabilities mainly help local attackers break trust boundaries to gain higher device permissions. Security experts recommend that organizations prioritize addressing these high-risk codes early. The specific CVE IDs are detailed below:

• CVE-2026-44810: Critical improper authentication flaw in Windows Cryptographic Services, allowing attackers to gain SYSTEM privileges after tricking a user into opening a malicious file.

• CVE-2026-33828: Critical elevation of privilege vulnerability due to a trust boundary violation in Windows Device Health Attestation (DHA).

• CVE-2026-42905: Elevation of privilege vulnerability within the Windows DWM Core Library.

• CVE-2026-42980: Elevation of privilege vulnerability directly inside the NT OS Kernel.

• CVE-2026-42986: Unauthorized privilege escalation flaw in the Microsoft Graphics Component.

• CVE-2026-42989: Elevation of privilege flaw appearing in the user login management system (Winlogon).

• CVE-2026-45481 & CVE-2026-47634: High-risk spoofing vulnerabilities affecting Microsoft SharePoint Server.

• CVE-2026-45658: An additional security feature bypass vulnerability related to Windows BitLocker encryption.

The detailed classification list provided above reflects the sweeping scope of Microsoft's June 2026 update, touching every layer of infrastructure from hardware and operating system kernels to cloud applications and artificial intelligence. Understanding these CVE IDs by category enables organizations to cross-reference them easily, evaluate their impact, and orchestrate patch deployments seamlessly to close all vulnerabilities before under-the-radar exploitation waves begin.