LIVE · cybersecurity feed
vulnerability

Microsoft Patch Tuesday for June 2026 — Snort rules and prominent vulnerabilities

zeroday.news·28d ago

Microsoft has released its June 2026 security update, addressing a total of 206 vulnerabilities across its product range, with 32 of these classified as "critical." The update includes fixes for numerous remote code execution (RCE) and elevation of privilege vulnerabilities affecting core Windows components, as well as products like Microsoft Office, SQL Server, and Azure Kubernetes Service.

Of the 32 critical vulnerabilities, 28 are RCE flaws. These impact a wide array of services and applications, including Windows Active Directory, Windows Kerberos Key Distribution Centre (KDC), the Windows Graphics component, the Windows Remote Desktop client, Windows Deployment Services (WDS), the DHCP Client service, Windows Hyper-V, Windows Kernel and Media, Azure Kubernetes Service (AKS), Microsoft Office, Microsoft Outlook, Microsoft Word, Microsoft SQL Server, and the Windows HTTP Protocol Stack.

Security researchers have identified several vulnerabilities as being particularly likely to be exploited. CVE-2026-42985 is a critical RCE vulnerability in the Remote Desktop Client, stemming from a heap-based buffer overflow. This flaw allows an unauthorized attacker to execute code over a network. Another critical RCE vulnerability, CVE-2026-47291, exists in the Windows HTTP Protocol Stack (http.sys) due to an integer overflow or wraparound. An unauthenticated attacker could exploit this by sending specially crafted packets to a vulnerable server. Additionally, CVE-2026-44803 and CVE-2026-44812 are critical RCE vulnerabilities in the Windows Graphics component, specifically within the Win32K – GRFX subsystem. These issues, also caused by integer overflow or wraparound, allow an unauthorized attacker to execute malicious code locally.

Microsoft has also flagged 23 critical vulnerabilities as less likely to be exploited, though they still pose significant risks. These include multiple RCE vulnerabilities in the Windows Remote Desktop Client (e.g., CVE-2026-42992, CVE-2026-44799) due to heap-based buffer overflows. Exploitation of these often requires an attacker to take additional preparatory steps, such as controlling a Remote Desktop Server to compromise a connecting client.

Several critical RCE vulnerabilities (CVE-2026-45607, CVE-2026-45641, CVE-2026-47652) have been identified in Windows Hyper-V, arising from out-of-bounds reads. These require an authenticated attacker within a guest virtual machine to send crafted file operation requests to hardware resources, potentially leading to RCE on the host server. A critical use-after-free vulnerability in the Windows Kernel (CVE-2026-45657) allows an unauthorized attacker to execute malicious code over a network by sending specially crafted network traffic, potentially enabling code execution with system-level privileges.

Further critical RCE vulnerabilities include CVE-2026-48574 in Windows Media, caused by a heap-based buffer overflow, and CVE-2026-42987 in Windows Deployment Services (WDS), a use-after-free flaw. The Windows DHCP Client is affected by CVE-2026-44815, a stack-based buffer overflow that allows an attacker to execute code over a network, particularly by targeting a DHCP Server. Microsoft Outlook and Word are impacted by RCE vulnerabilities (CVE-2026-45456, CVE-2026-45458, CVE-2026-47635) due to type confusion when rendering emails, as Outlook utilizes Word's rendering engine. Additionally, Microsoft Office has critical use-after-free flaws (CVE-2026-45461, CVE-2026-45463, CVE-2026-45472, CVE-2026-45474) that can lead to local code execution.

Elevation of privilege vulnerabilities are also present, such as CVE-2026-45476 in Microsoft Azure Network Adapter, a use-after-free flaw in the Linux MANA Driver that could allow an attacker with host environment control to read sensitive information and gain higher privileges within a guest system. CVE-2026-44810 is a critical improper authentication flaw in Windows Cryptographic Services, allowing local privilege escalation after a user logs on. Exploitation requires running a specially crafted application or convincing a user to open a malicious file, potentially leading to SYSTEM privileges.

Information disclosure vulnerabilities include CVE-2026-47644 in Copilot Chat for Microsoft Edge, an injection flaw that allows unauthorized network information disclosure. CVE-2026-26142 in Nuance Powerscribe is an RCE vulnerability due to deserialization of untrusted data.

Other critical vulnerabilities flagged as unlikely to be exploited include CVE-2026-32193 in Azure Kubernetes Service (AKS), a path traversal flaw that could allow an attacker to break out of a container and control an AKS worker node. CVE-2026-45648 is a critical RCE vulnerability in Windows Active Directory Domain Services due to a stack-based buffer overflow. The Windows Kerberos Key Distribution Center (KDC) has a critical RCE vulnerability (CVE-2026-47288) due to integer overflow or wraparound. The Remote Desktop Client also has another critical RCE vulnerability (CVE-2026-47654) from a heap-based buffer overflow. Finally, CVE-2026-33828 is a critical elevation of privilege vulnerability in Windows Device Health Attestation (DHA) due to a trust boundary violation. Microsoft Office has a critical information disclosure vulnerability (CVE-2026-45460) due to a buffer over-read flaw.

Microsoft's monthly security updates are a critical part of maintaining system security. Organizations are advised to review the released patches and apply them promptly, prioritizing those designated as critical and those affecting actively exploited vulnerabilities. Implementing general security best practices, such as network segmentation, least privilege principles, and robust endpoint detection and response, can also help mitigate the impact of any potential exploits.

vulnerabilitypatch
← Back to latest

More News

view all →
zeroday.news · 4h ago·critical

Ubiquiti Patches Critical UniFi Flaws Across Connect, Talk, Access, Protect, and OS

Ubiquiti has released security updates to address several critical vulnerabilities affecting its UniFi product line, including UniFi Connect, Talk, Access, Protect, and OS. These flaws could allow attackers to escalate privileges or execute arbitrary commands on affected devices. While no active exploitation has been reported for these specific vulnerabilities, the company has previously seen its UniFi OS and Edge OS products targeted by threat actors.

zeroday.news · 4h ago·critical

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)

CISA has issued a warning regarding a critical vulnerability (CVE-2026-55255) in the Langflow AI framework, which is being actively exploited by attackers. The flaw allows authenticated users to execute arbitrary flows belonging to other users, potentially leading to the theft of sensitive credentials and data exposure, especially in multi-tenant environments. US federal agencies have been mandated to patch this vulnerability by July 10th.

zeroday.news · 3h ago·high

China-Linked APT Expands Arsenal With New ‘Leash’ Backdoors

A China-linked advanced persistent threat (APT) group, identified as LapDogs, has reportedly enhanced its malicious toolkit. Security researchers have observed the deployment of three new backdoors: LongLeash, DogLeash, and JarLeash, which are designed to compromise small office/home office (SOHO) routers.

zeroday.news · 3h ago·high

RedWing Android Spyware Sold as a Service on Telegram

A new Android spyware called RedWing is being offered as a service on Telegram, allowing less sophisticated attackers to compromise phones and steal banking information. Researchers have identified it as a polished malware-as-a-service operation with extensive documentation and a subscription model, potentially linked to Russian threat actors. RedWing employs fake login overlays, SMS interception, call forwarding, and even screen control to harvest credentials and conduct further malicious activities.

zeroday.news · 4h ago·high

Operationalizing Day Minus Seven: The Cloud-Native ROC

The article introduces the concept of a Risk Operations Center (ROC) as a necessary evolution for cybersecurity teams facing AI-driven threats. It argues that traditional risk management models are insufficient due to the speed at which AI can discover and exploit vulnerabilities, especially in cloud environments. A ROC, powered by platforms like Qualys Enterprise TruRisk Management (ETM), aims to unify disparate security findings, hyper-prioritize risks based on exploitability and business impact, and enable autonomous remediation to keep pace with attackers.

zeroday.news · 4h ago·high

Armored Likho Hits Government, Energy Sectors With BusySnake Stealer

Cybersecurity researchers have identified a new threat actor, dubbed Armored Likho, targeting government and energy sectors in Russia, Kazakhstan, and Brazil with a sophisticated phishing campaign. The operation utilizes a custom-built Python infostealer named BusySnake, designed to steal credentials, sensitive documents, and other high-value data. The attackers employ AI-generated payloads to obscure their activities and maintain persistence through various methods, including reverse SSH tunneling.