Microsoft June 2026 Patch Tuesday: Record 206 Vulnerabilities Addressed

On June 9, 2026, Microsoft released its largest Patch Tuesday update, addressing 206 vulnerabilities, including three zero-day flaws. Among the critical vulnerabilities, 32 were rated as critical, with 28 classified as remote code execution (RCE) vulnerabilities. The update included CVE-2026-47291, an RCE flaw in HTTP.sys, rated CVSS 9.8, and CVE-2026-45586, an elevation of privilege vulnerability in Windows CTFMON. Microsoft confirmed that none of the vulnerabilities are currently exploited in the wild, but the sheer volume of flaws indicates a significant uptick in vulnerability discovery, likely driven by AI tools. The update also featured patches for vulnerabilities affecting various Microsoft products, including Windows, Office, and Azure services. Security professionals are urged to prioritize patching due to the high number of critical vulnerabilities and the potential for exploitation.

Key Points: • Microsoft's June 2026 Patch Tuesday addressed a record 206 vulnerabilities, including three zero-days. • 32 vulnerabilities were classified as critical, with significant RCE flaws like CVE-2026-47291 rated CVSS 9.8. • The increase in vulnerabilities is attributed to AI tools accelerating vulnerability discovery.