Skip to main content

Microsoft Releases June 2026 Security Updates

Scheduled updates for Microsoft products address 206 vulnerabilities

Threat ID:
CC-4796
Threat Severity:
Medium
Published:
10 June 2026 11:49 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Scheduled updates for Microsoft products address 206 vulnerabilities

Affected platforms

The following platforms are known to be affected:

Microsoft Windows

The following platforms are also known to be affected:

Multiple other Microsoft platforms. Please see Microsoft's June 2026 Security Updates guide for full details. 

Threat details

Exploitation of CVE-2026-41091 in the wild

Microsoft states that exploitation of CVE-2026-41091 has been detected. NHS England National CSOC assess that future exploitation is highly likely.

Introduction

Microsoft has released security updates to address 206 vulnerabilities in Microsoft products, including the 5 vulnerabilities highlighted below.

  • CVE-2026-41091 - a privilege escalation vulnerability with a CVSSv3 score of 7.8 arising from improper link resolution before file access in Microsoft Defender.

  • CVE-2026-45657 - a remote code execution (RCE) vulnerability with a CVSSv3 score of 9.8 arising from a flaw in how the Windows Kernel processes certain TCP/IP data when receiving specially crafted network traffic.

  • CVE-2026-47291 - a RCE Vulnerability with a CVSSv3 score of 9.8 arising from a integer overflow or wraparound in Windows HTTP.sys.

  • CVE-2026-45585/CVE-2026-50507 security bypass vulnerabilities in Windows with a CVSSv3 score of 6.8 arising from a protection mechanism failures in Windows BitLocker.

Remediation advice

Affected organisations are encouraged to review Microsoft's June 2026 Security Updates and apply the relevant updates as soon as possible.

CVE Vulnerabilities

Status Published

CVE-2026-41091

Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized attacker to elevate privileges locally.
Status Published

CVE-2026-45657

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.
Status Published

CVE-2026-47291

Integer overflow or wraparound in Windows HTTP.sys allows an unauthorized attacker to execute code over a network.
Status Published

CVE-2026-45585

Microsoft is aware of a security feature bypass vulnerability in Windows publicly referred to as "YellowKey". The proof of concept for this vulnerability has been made public violating coordinated vulnerability best practices. We are issuing this CVE to provide mitigation guidance that can be implemented to protect against this vulnerability until the security update is made available. Mitigation FAQs Should I leverage the temporary mitigation? Microsoft recommends that you consider implementing these mitigations if you are concerned your devices and data are at risk of being compromised or stolen. For example, if your organization’s employees take their work devices home or on business travel. What impact to service availability/management could be caused by implementing the mitigations? Implementing these mitigations will not impact service availability or management operations. Do customers need to revert the changes made to mitigate the vulnerability once the security update to protect against this vulnerability is available? No. The security update will maintain the mitigation's behavior once the security update is installed. I am using TPM+PIN, am I at risk of this vulnerability being exploited No, if you are using TPM+PIN the vulnerability is not exploitable.
Status Published

CVE-2026-50507

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Last edited: 10 June 2026 11:49 am