[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fH05tDxVJp6aj3omC-lXrJj58GWhA1WtnfLMygC5tnBI":3},{"article":4,"iocs":45},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":32,"category":33,"article_tags":37},"bb634170-b487-424e-a527-e5d8d294b42f","Microsoft and Adobe Patch Tuesday, June 2026 Security Update Review","microsoft-and-adobe-patch-tuesday-june-2026-security-update-review-db8f53","Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, delivering security updates for vulnerabilities that could significantly impact enterprise environments if left unaddressed. Microsoft Patch Tuesday for June 2026 This month’s release addresses 206 vulnerabilities, including 33 critical and 167 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed three publicly disclosed zero-day vulnerabilities. There were also a massive 360 Microsoft […]","Microsoft's June 2026 Patch Tuesday addresses 206 vulnerabilities, including 33 critical and 167 important issues, with three publicly disclosed zero-days patched. Adobe also released 11 advisories for 123 vulnerabilities, 47 of which are critical. The updates cover a range of products and potential impacts, including remote code execution and privilege escalation.","Microsoft and Adobe release June 2026 security updates addressing 206 and 123 vulnerabilities respectively.","Table of ContentsMicrosoft Patch Tuesday forJune2026Adobe Patch for June 2026Zero-dayVulnerabilities Patched in June Patch Tuesday EditionCritical Severity Vulnerabilities Patched inJunePatch Tuesday EditionOther Microsoft Vulnerability HighlightsMicrosoft Release SummaryEVALUATE Vendor-Suggested Mitigation with Policy Audit (PA)Qualys Monthly Webinar Series Every Patch Tuesday presents a race between defenders applying fixes and attackers seeking opportunities. Microsoft’s June 2026 release is no exception, delivering security updates for vulnerabilities that could significantly impact enterprise environments if left unaddressed. Microsoft Patch Tuesday for June 2026 This month’s release addresses 206 vulnerabilities, including 33 critical and 167 important-severity vulnerabilities. In this month’s updates, Microsoft has addressed three publicly disclosed zero-day vulnerabilities. There were also a massive 360 Microsoft Edge\u002FChromium vulnerabilities that were fixed by Google this month, which were excluded from this Patch Tuesday roundup. Microsoft Patch Tuesday, June edition, includes updates for vulnerabilities in Microsoft Windows DNS, Windows Media, Windows NTFS, Windows Hyper-V, Windows BitLocker, Windows Bluetooth Port Driver, Windows Bluetooth Service, Windows Boot Manager, Microsoft Copilot, Microsoft Exchange Server, and more. This month’s release includes fixes for several high-severity issues that could potentially enable remote code execution, privilege escalation, or denial-of-service attacks. As always, timely patch deployment is crucial to reduce exposure and ensure systems remain resilient against exploitation attempts. The June 2026 Microsoft vulnerabilities are classified as follows: Vulnerability CategoryQuantitySeveritiesSpoofing Vulnerability27Important: 27Denial of Service Vulnerability7Important: 7Elevation of Privilege Vulnerability65Critical: 4Important: 61Information Disclosure Vulnerability30Critical: 1Important: 29Remote Code Execution Vulnerability55Critical: 28Important: 23Security Feature Bypass Vulnerability19Important: 19 Adobe Patch for June 2026 Adobe has released 11 security advisories to address 123 vulnerabilities in Adobe Experience Manager, Adobe Experience Manager Forms, Adobe InDesign, Adobe InCopy, Adobe Substance 3D Sampler, Content Credentials SDK, Adobe Dreamweaver, Adobe Acrobat Reader, Adobe ColdFusion, Adobe Format Plugins, and Adobe Campaign Classic. 47 of these vulnerabilities are rated critical. Successful exploitation of these vulnerabilities may lead to privilege escalation, Security feature bypass, arbitrary file system read, application denial-of-service, and arbitrary code execution. Zero-day Vulnerabilities Patched in June Patch Tuesday Edition CVE-2026-49160: HTTP.sys Denial of Service Vulnerability Uncontrolled resource consumption in HTTP\u002F2 could allow an unauthenticated attacker to deny service over a network. CVE-2026-45586: Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability A link-following vulnerability in the Windows Collaborative Translation Framework could allow an authenticated attacker to elevate privileges locally. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-50507: Windows BitLocker Security Feature Bypass Vulnerability A protection mechanism failure in Windows BitLocker may allow an unauthenticated attacker to bypass a security feature with a physical attack. Critical Severity Vulnerabilities Patched in June Patch Tuesday Edition CVE-2026-45461, CVE-2026-45463, CVE-2026-45472, & CVE-2026-45474: Microsoft Office Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Microsoft Office could allow an unauthenticated attacker to execute code remotely. CVE-2026-26142: Nuance PowerScribe Remote Code Execution Vulnerability Deserialization of untrusted data in Nuance PowerScribe may allow an unauthenticated attacker to execute code over a network. CVE-2025-10263: ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel] An attacker could exploit the vulnerability by triggering a specific timing condition during a memory permission change, causing a memory write to be applied using outdated permissions. Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-33828: Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability Successful exploitation of the vulnerability may allow an attacker to gain SYSTEM privileges. CVE-2026-45456, CVE-2026-47635, & CVE-2026-45458: Microsoft Outlook and Word Remote Code Execution Vulnerability A type confusion vulnerability in Microsoft Office may allow an unauthenticated attacker to execute arbitrary code remotely. CVE-2026-45460: Microsoft Office Information Disclosure Vulnerability An out-of-bounds read vulnerability in Microsoft Office could allow an unauthenticated attacker to disclose information locally. CVE-2026-45607, CVE-2026-47652, & CVE-2026-45641: Windows Hyper-V Remote Code Execution Vulnerability An out-of-bounds read vulnerability in Windows Hyper-V could allow an unauthenticated attacker to execute code remotely. CVE-2026-45648: Windows Active Directory Domain Services Remote Code Execution Vulnerability A stack-based buffer overflow vulnerability in Active Directory Domain Services may allow an authenticated attacker to execute code remotely. CVE-2026-45657: Windows Kernel Remote Code Execution Vulnerability A use-after-free vulnerability in the Windows Kernel could allow an unauthenticated attacker to execute code remotely. CVE-2026-47288: Windows Kerberos Key Distribution Center (KDC) Remote Code Execution Vulnerability An integer overflow vulnerability in Windows Kerberos may allow an authenticated attacker to execute code over an adjacent network. CVE-2026-47289, CVE-2026-47654, CVE-2026-42992, CVE-2026-44799, CVE-2026-44801, CVE-2026-42985, & CVE-2026-48563: Remote Desktop Client Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Remote Desktop Client may allow an unauthenticated attacker to execute code over a network. CVE-2026-32193: Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability A path traversal vulnerability in Microsoft Azure Kubernetes Service may allow an authenticated attacker to execute code locally. CVE-2026-45476: Microsoft Azure Network Adapter Elevation of Privilege Vulnerability A use-after-free vulnerability in the Linux MANA Driver allows an authenticated attacker to elevate local privileges. CVE-2026-48574: Windows Media Remote Code Execution Vulnerability A heap-based buffer overflow vulnerability in Windows Media may allow an unauthenticated attacker to execute code locally. CVE-2026-44810: Microsoft Cryptographic Services Elevation of Privilege Vulnerability An improper authentication vulnerability in Windows Cryptographic Services could allow an unauthorized attacker to elevate privileges locally. CVE-2026-44815: DHCP Client Service Remote Code Execution Vulnerability A stack-based buffer overflow vulnerability in Windows DHCP Client could allow an unauthenticated attacker to execute code over a network. CVE-2026-42987: Windows Deployment Services (WDS) Remote Code Execution Vulnerability A use-after-free in Windows Deployment Services could allow an unauthenticated attacker to execute code over a network. CVE-2026-44803 & CVE-2026-44812: Windows Graphics Component Remote Code Execution Vulnerability An integer overflow vulnerability in Windows Win32K – GRFX could allow an unauthenticated attacker to execute code locally. CVE-2026-47291: HTTP.sys Remote Code Execution Vulnerability An integer overflow vulnerability in Windows HTTP.sys may allow an unauthenticated attacker to execute code over a network. Other Microsoft Vulnerability Highlights CVE-2026-45658 is a security feature bypass vulnerability in Windows BitLo","https:\u002F\u002Fblog.qualys.com\u002Fvulnerabilities-threat-research\u002F2026\u002F06\u002F09\u002Fmicrosoft-and-adobe-patch-tuesday-june-2026-security-update-review","https:\u002F\u002Fik.imagekit.io\u002Fqualys\u002Fwp-content\u002Fuploads\u002F2026\u002F06\u002FMicrosoft-Patch-Tuesday-June-2026.png","2026-06-09T20:52:07+00:00","2026-06-09T22:00:06.405153+00:00",9,[18,21,23,26,28,30],{"name":19,"type":20},"Microsoft","vendor",{"name":22,"type":20},"Adobe",{"name":24,"type":25},"Microsoft Office","product",{"name":27,"type":25},"Nuance PowerScribe",{"name":29,"type":25},"Windows BitLocker",{"name":31,"type":25},"Microsoft Copilot","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":32,"icon":34,"name":35,"slug":36},null,"Vulnerabilities","vulnerabilities",[38,40],{"category":39},{"id":32,"icon":34,"name":35,"slug":36},{"category":41},{"id":42,"icon":34,"name":43,"slug":44},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[46,50,53,56,59,61,63,65],{"type":47,"value":48,"context":49},"cve","CVE-2026-49160","HTTP.sys Denial of Service Vulnerability",{"type":47,"value":51,"context":52},"CVE-2026-45586","Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability",{"type":47,"value":54,"context":55},"CVE-2026-50507","Windows BitLocker Security Feature Bypass Vulnerability",{"type":47,"value":57,"context":58},"CVE-2026-45461","Microsoft Office Remote Code Execution Vulnerability",{"type":47,"value":60,"context":58},"CVE-2026-45463",{"type":47,"value":62,"context":58},"CVE-2026-45472",{"type":47,"value":64,"context":58},"CVE-2026-45474",{"type":47,"value":66,"context":67},"CVE-2026-26142","Nuance PowerScribe Remote Code Execution Vulnerability"]