edelosoft
software design & development
Who are we? ERT Our Services News Hire us
Update Your PC Now to Patch These 206 Flaws
Date: June 10, 2026

Microsoft’s June security update, known as Patch Tuesday, is the company’s largest ever, with fixes for more than 200 bugs—three of which are zero-days that have been publicly disclosed.

The release addresses 206 flaws across the following categories, according to The Hacker News: 63 elevation-of-privilege vulnerabilities, 20 security feature bypass vulnerabilities, 56 remote-code-execution vulnerabilities, 30 information disclosure vulnerabilities, 27 spoofing vulnerabilities, seven denial of service vulnerabilities, and three tampering vulnerabilities. Thirty-nine of the bugs are rated “critical” and include remote code execution, elevation of privilege, and information disclosure flaws.

Patch Tuesday updates are typically released at 10 am PT on the second Tuesday of every month, and you should receive them automatically. You can update if it hasn’t; check the status of your PC via Start > Settings > Windows Update and select Check for Windows updates. Then install any available updates.

These three publicly disclosed zero-days were patched in June

Zero-day flaws are those that have been actively exploited or publicly disclosed before an official fix is released. In this case, the three zero-days were publicly disclosed but are not known to have been exploited in the wild.

The first zero-day, labeled CVE-2026-45586, is an elevation of privilege vulerability in the Windows Collaborative Translation Framework that allows an authorized attacker to gain SYSTEM privileges via improper link resolution. According to BleepingComputer, this flaw was identified by the security researcher Nightmare Eclipse.

The second zero-day (CVE-2026-49160) is an HTTP.sys denial of service vulnerability that abuses the HTTP/2 protocol, allowing attackers to tie up memory and cause performance issues or outages. Researchers at Calif.io have been credited with discovering this bug.

Finally, CVE-2026-50507 is a Windows Bitlocker security feature bypass vulnerability that would allow a local attacker to gain access to an encrypted drive using files on a USB drive or EFI partition. The patch for this flaw also addressed a vulnerability that was publicly disclosed by Nightmare Eclipse last month.

Need help?

Don't hesitate to reach out to us regarding a project, custom development, or any general inquiries.
We're here to assist you.

Get in touch