Microsoft’s June 2026 Patch Tuesday Fixes Critical Windows RCE Vulnerabilities

Microsoft has released the June 2026 Patch Tuesday updates for Windows 11 versions 25H2, 24H2, and 26H1. This month, the company has fixed over 200 vulnerabilities in Windows, Office, Microsoft Edge, Azure, Exchange Server, Hyper-V, Microsoft Defender, and other components.

On the quality and experiences update front, this update improves Secure Boot by adding more reliable device-targeting data to Windows quality updates. It also fixes a bug that could result in Stop errors HYPERVISOR_ERROR (0x20001) and KMODE_EXCEPTION_NOT_HANDLED (0x1E) after installing KB5089573 on some devices. This problem occurred during system restarts, virtual machine operations, or when running certain gaming apps.

208 vulnerabilities fixed with the June 2026 Patch Tuesday updates

As pointed out by the Zero Day Initiative, Microsoft has fixed 208 new security flaws this month. Specifically, 38 of them are deemed “Critical,” and the rest are rated as “Important” in severity. Let’s take a look at the most important vulnerabilities Microsoft fixed this month:

• CVE-2026-41091: This is a Microsoft Defender elevation-of-privilege vulnerability that has already been exploited in the wild. It could allow an authorized attacker to elevate privileges locally.
• CVE-2026-50507: This is a security feature bypass bug in Windows BitLocker with a CVSS score of 6.8. An attacker with physical access to the vulnerable system could bypass the BitLocker Device Encryption feature and gain access to the encrypted data.
• CVE-2026-45586: This is a Windows Collaborative Translation Framework (CTFMON) elevation-of-privilege vulnerability with a CVSS score of 7.8. It could be abused by an authorized attacker to elevate privileges locally and gain SYSTEM access.
• CVE-2026-45657: This is a Windows kernel remote code execution (RCE) vulnerability that enables unauthenticated hackers to run malicious code with system-level privileges without any user interaction. This bug could be exploited by sending malicious network packets to a vulnerable Windows machine.
• CVE-2026-47291: This Windows HTTP.sys remote code execution vulnerability carries a CVSS score of 9.8. This flaw could also be triggered without any user interaction, and it’s most likely to be exploited by attackers.
• CVE-2026-44815: This is a Windows DHCP Client remote code execution vulnerability with a CVSS score of 9.8. It could allow an unauthenticated attacker to remotely compromise a vulnerable system without any user interaction.
• CVE-2026-49160: This is an HTTP.sys denial of service vulnerability with a CVSS score of 7.5. It’s a denial-of-service flaw in HTTP/2 handling that could let an unauthenticated remote attacker disrupt affected Windows machines.

You can find below the full list of security patches Microsoft released this month:

Quality and experience updates

For Windows 11 versions 25H2 and 24H2, the KB5094126 patch brings several new features, including Shared audio, multi-app camera support, as well as enhancements for magnifier, Windows Search and performance. The Shared Audio feature lets two users with Bluetooth LE audio accessories listen to the same audio together. Users can enable this feature through the Quick Settings panel from the taskbar.

Microsoft has introduced a new “Low Latency Profile” to speed up app launches and core shell experiences, including the Start menu, Search, and Action Center. This update also lets multiple Windows apps access the users’ camera stream at the same time.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary, as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system or files and folders on a granular basis.