Today’s Patch Tuesday Alert addresses Microsoft’s June 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.
In-the-Wild & Disclosed CVEs
A vulnerability in the Windows Collaborative Translation Framework (CTFMON) could allow an attacker to elevate their privileges to SYSTEM. While Microsoft does not explicitly state it, it would appear that this is the GreenPlasma vulnerability previously released by Chaotic Eclipse / Nightmare Eclipse. Microsoft has reported this vulnerability as Exploitation More Likely.
This CVE appears to be the HTTP/2 Bomb denial of service that was previously disclosed with public POCs on June 2nd. This same vulnerability was labelled as CVE-2026-49975 for Apache. A full write-up is available from Calif. Microsoft has reported this vulnerability as Exploitation More Likely.
This is a Windows BitLocker Security Feature Bypass vulnerability that Microsoft has stated is publicly disclosed. Microsoft has reported this vulnerability as Exploitation More Likely.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also color coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted
| Tag | CVE Count | CVEs |
| Microsoft Windows DNS | 1 | CVE-2026-41108 |
| Microsoft Office SharePoint | 21 | CVE-2026-45467, CVE-2026-45468, CVE-2026-45479, CVE-2026-45453, CVE-2026-47298, CVE-2026-47636, CVE-2026-47637, CVE-2026-47638, CVE-2026-47639, CVE-2026-47641, CVE-2026-33113, CVE-2026- 45454, CVE-2026-45462, CVE-2026-45464, CVE-2026-45465, CVE-2026-47634, CVE-2026-47640, CVE-2026-45481, CVE-2026-45484, CVE-2026-48560, CVE-2026-48562 |
| Microsoft Office Excel | 8 | CVE-2026-45469, CVE-2026-44817, CVE-2026-44818, CVE-2026-44820, CVE-2026-44823, CVE-2026-44822, CVE-2026-45455, CVE-2026-45459 |
| Microsoft Office | 14 | CVE-2026-45475, CVE-2026-45472, CVE-2026-45474, CVE-2026-45485, CVE-2026-44819, CVE-2026-44821, CVE-2026-44824, CVE-2026-45456, CVE-2026-45458, CVE-2026-45460, CVE-2026-45461, CVE-2026-45645, CVE-2026-47635, CVE-2026-45463 |
| Microsoft Office Word | 5 | CVE-2026-45471, CVE-2026-45486, CVE-2026-45466, CVE-2026-45643, CVE-2026-45457 |
| Microsoft Office Project | 1 | CVE-2026-45483 |
| Copilot Chat (Microsoft Edge) | 1 | CVE-2026-47644 |
| Microsoft Graph | 1 | CVE-2026-47655 |
| Windows Kernel | 5 | CVE-2025-10263, CVE-2026-45657, CVE-2026-48583, CVE-2026-45653, CVE-2026-42984 |
| Windows Universal Disk Format File System Driver (UDFS) | 2 | CVE-2026-40409, CVE-2026-40404 |
| Microsoft Azure Attestation service and Device Health Attestation Service | 2 | CVE-2026-33828, CVE-2026-45642 |
| Windows Ancillary Function Driver for WinSock | 7 | CVE-2026-34335, CVE-2026-45601, CVE-2026-45598, CVE-2026-45596, CVE-2026-45638, CVE-2026-45603, CVE-2026-42911 |
| Microsoft PowerToys | 1 | CVE-2026-42902 |
| Windows Program Compatibility Assistant Service | 1 | CVE-2026-45487 |
| .NET | 2 | CVE-2026-45490, CVE-2026-45491 |
| Microsoft Exchange Server | 7 | CVE-2026-45500, CVE-2026-45501, CVE-2026-45502, CVE-2026-45503, CVE-2026-45504, CVE-2026-45583, CVE-2026-47631 |
| Windows Bluetooth Service | 1 | CVE-2026-45605 |
| Windows RDP | 2 | CVE-2026-45639, CVE-2026-42908 |
| Windows Bluetooth Port Driver | 1 | CVE-2026-45640 |
| Microsoft UxTheme Library (uxtheme.dll) | 1 | CVE-2026-45606 |
| Windows Hyper-V | 2 | CVE-2026-45607, CVE-2026-47652 |
| Role: Windows Hyper-V | 2 | CVE-2026-45641, CVE-2026-42972 |
| Windows DHCP Server | 2 | CVE-2026-45634, CVE-2026-45602 |
| Active Directory Domain Services | 1 | CVE-2026-45648 |
| Office for Android | 1 | CVE-2026-45649 |
| Microsoft Bing | 1 | CVE-2026-45650 |
| Windows BitLocker | 3 | CVE-2026-45655, CVE-2026-45658, CVE-2026-50507 |
| Windows UEFI | 2 | CVE-2026-45656, CVE-2026-8863 |
| Visual Studio Code | 6 | CVE-2026-47287, CVE-2026-47292, CVE-2026-40376, CVE-2026-47281, CVE-2026-47284, CVE-2026-48569 |
| Windows Kerberos | 3 | CVE-2026-47288, CVE-2026-42903, CVE-2026-42914 |
| Remote Desktop Client | 11 | CVE-2026-47289, CVE-2026-47653, CVE-2026-47654, CVE-2026-48563, CVE-2026-42909, CVE-2026-42913, CVE-2026-42992, CVE-2026-44799, CVE-2026-44801, CVE-2026-42985, CVE-2026-42993 |
| Windows HTTP.sys | 1 | CVE-2026-47291 |
| Microsoft Kinect | 1 | CVE-2026-41092 |
| Microsoft Azure Kubernetes Service | 1 | CVE-2026-32193 |
| Azure Stack Edge | 2 | CVE-2026-41098, CVE-2026-47643 |
| Windows Secure Boot | 8 | CVE-2026-45588, CVE-2026-48568, CVE-2026-48570, CVE-2026-48573, CVE-2026-48575, CVE-2026-48576, CVE-2026-48578, CVE-2026-45654 |
| Windows Storage | 1 | CVE-2026-47648 |
| Windows DWM Core Library | 11 | CVE-2026-48566, CVE-2026-45637, CVE-2026-42905, CVE- 2026-44811, CVE-2026-44808, CVE-2026-44807, CVE-2026-42983, CVE-2026-44802, CVE-2026-44814, CVE-2026-44813, CVE-2026-44804 |
| Microsoft PC Manager | 1 | CVE-2026-49161 |
| Windows NTLM | 1 | CVE-2026-50508 |
| Nuance PowerScribe | 1 | CVE-2026-26142 |
| Microsoft Dynamics 365 (on-premises) | 1 | CVE-2026-40371 |
| Windows Projected File System Filter Driver | 2 | CVE-2026-42828, CVE-2026-42837 |
| Windows Administrator Protection | 1 | CVE-2026-42829 |
| Microsoft Teams for Android | 1 | CVE-2026-42835 |
| Linux MANA Driver | 1 | CVE-2026-45476 |
| GitHub Copilot and Visual Studio Code | 1 | CVE-2026-45482 |
| Windows Collaborative Translation Framework | 1 | CVE-2026-45586 |
| ASP.NET Core | 1 | CVE-2026-45591 |
| Windows Internet (wininet.dll) | 1 | CVE-2026-45592 |
| Windows SDK | 1 | CVE-2026-45593 |
| Windows Application Identity (AppID) Subsystem | 2 | CVE-2026-45594, CVE-2026-45604 |
| Windows Mark of the Web (MOTW) | 1 | CVE-2026-45595 |
| UI Automation Manager (uiamanager.dll) | 1 | CVE-2026-45597 |
| Universal Plug and Play (upnp.dll) | 2 | CVE-2026-45599, CVE-2026-45635 |
| Windows NTFS | 1 | CVE-2026-45636 |
| Windows Kernel-Mode Drivers | 1 | CVE-2026-45600 |
| Windows DHCP Client | 2 | CVE-2026-45608, CVE-2026-44815 |
| Microsoft Live Share Canvas SDK | 1 | CVE-2026-45644 |
| Microsoft Defender for Endpoint | 1 | CVE-2026-45647 |
| Microsoft Office Click-To-Run | 1 | CVE-2026-47293 |
| Windows Hotpatch Monitoring Service | 1 | CVE-2026-42910 |
| Windows Boot Manager | 1 | CVE-2026-47656 |
| Windows Narrator Braille | 1 | CVE-2026-48565 |
| Windows Media | 1 | CVE-2026-48574 |
| HTTP/2 | 1 | CVE-2026-49160 |
| Function Discovery Service (fdwsd.dll) | 1 | CVE-2026-42836 |
| Windows TCP/IP | 2 | CVE-2026-42904, CVE-2026-42915 |
| Windows Shell | 2 | CVE-2026-42906, CVE-2026-42907 |
| Windows NT OS Kernel | 2 | CVE-2026-42980, CVE-2026-42916 |
| Windows Telephony Service | 2 | CVE-2026-42912, CVE-2026-42968 |
| Windows Push Notifications | 8 | CVE-2026-42969, CVE-2026-42971, CVE-2026-42970, CVE-2026-42973, CVE-2026-42978, CVE-2026-42977, CVE-2026-42979, CVE-2026-42991 |
| Windows Performance Monitor | 2 | CVE-2026-42981, CVE-2026-42974 |
| Microsoft Graphics Component | 1 | CVE-2026-42986 |
| Winlogon | 1 | CVE-2026-42989 |
Windows Common Log File System Driver | 1 | CVE-2026-44809 |
| Windows Cryptographic Services | 1 | CVE-2026-44810 |
| Windows Network Controller (NC) Host Agent | 1 | CVE-2026-44805 |
| Windows Deployment Services | 1 | CVE-2026-42987 |
| Windows Win32K - GRFX | 2 | CVE-2026-44803, CVE-2026-44812 |
| Microsoft Copilot | 1 | CVE-2026-45497 |
| M365 Copilot | 1 | CVE-2026-42824 |
| Azure HorizonDB | 1 | CVE-2026-48567 |
| Microsoft Exchange Online | 1 | CVE-2026-48579 |
Other Information
At the time of publication, there were no new advisories included with the June Security Guidance.
