Vulnerability detail

Rapid7 · Jun 09, 2026

Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update Guide. Other vulnerability categories, especially Linux kernel vulnerabilities, are seeing a similar increase in AI-assisted vulnerability reports.What's the opposite of coordinated disclosure?In recent weeks, an independent vulnerability researcher going by the pseudonym Nightmare Eclipse has attracted significant attention by publishing details of six Microsoft vulnerabilities, including elevation of privilege vulnerabilities in Defender, and a Secure Boot disk encryption bypass. The researcher provided full proof-of-concept code for some, and provided  significant-but-incomplete detail around the path to exploitation for others. Microsoft has confirmed that these disclosures were not coordinated, and it is clear that the relationship between this researcher and Microsoft is less than cordial. Two of the disclosures emerged in the hours after last month’s Patch Tuesday, which provides maximum visibility, while limiting Microsoft’s ability to respond without out-of-cycle patches.At time of writing, Microsoft has provided mitigation advice and patches for CVE-2026-33825, CVE-2026-45585, CVE-2026-45498, and CVE-2026-41091, leaving only two elevation of privilege vulnerabilities...

Tenable Blog · Jun 09, 2026

32Critical166Important0Moderate0LowMicrosoft addresses 198 CVEs in the largest Patch Tuesday release, including three zero-days.Microsoft patched 198 CVEs in its June 2026 Patch Tuesday release, with 32 rated critical and 166 rated as important. Our counts omitted 6 CVEs that were already addressed by Microsoft via servicing and do not require additional customer action to resolve as well as 2 CVEs that were disclosed by other CNAs (CVE-2025-10263 and CVE-2026-8863). This Patch Tuesday release is the largest release since the Patch Tuesday program began, smashing the previous record of 167 CVEs in the October 2025 Patch Tuesday release.This month’s update includes patches for:.NETASP.NET CoreActive Directory Domain ServicesAzure HorizonDBAzure Stack EdgeCopilot Chat (Microsoft Edge)Function Discovery Service (fdwsd.dll)GitHub Copilot and Visual Studio CodeHTTP/2Linux MANA DriverM365 CopilotMicrosoft Azure Attestation service and Device Health Attestation ServiceMicrosoft Azure Kubernetes ServiceMicrosoft BingMicrosoft CopilotMicrosoft Defender for EndpointMicrosoft Dynamics 365 (on-premises)Microsoft Exchange OnlineMicrosoft Exchange ServerMicrosoft GraphMicrosoft Graphics ComponentMicrosoft KinectMicrosoft Live Share Canvas SDKMicrosoft OfficeMicrosoft Office Click-To-RunMicrosoft Office ExcelMicrosoft Office ProjectMicrosoft Office SharePointMicrosoft Office WordMicrosoft PC ManagerMicrosoft PowerToysMicrosoft Teams for AndroidMicrosoft UxTheme Library (uxtheme.dll)Microsoft Windows DNSNuance PowerScribeOffice for AndroidRemote Desktop ClientRole: Windows Hyper-VUI Automation Manager (uiamanager.dll)Universal Plug and Play (upnp.dll)Visual Studio CodeWindows Administrator ProtectionWindows Ancillary Function Driver for WinSockWindows Application Identity (AppID) SubsystemWindows BitLockerWindows Bluetooth Port DriverWindows Bluetooth ServiceWindows Boot ManagerWindows Collaborative Translation FrameworkWindows Common Log File System DriverWindows Cryptographic...

github · Created 2026-05-21 19:16:25 UTC · 6 stars

CVE-2026-41091