Particle.news
Get it on Google Play
Download on the App Store
4 ARTICLES
·
2h ago

Microsoft Issues June Patch Tuesday Fixes for More Than 200 Vulnerabilities

This update closes three publicly disclosed zero-days, adds hundreds of browser fixes, and introduces temporary server mitigations administrators can use until patches are rolled out.

Overview

  • Microsoft published the June Patch Tuesday updates on Tuesday, June 9, 2026, delivering roughly 200–206 fixes across Windows, Azure, Office and related products in one of its largest monthly releases.
  • The release patches three publicly disclosed zero-days: a CTFMON elevation bug (CVE-2026-45586), an HTTP.sys HTTP/2 denial-of-service dubbed the 'HTTP/2 Bomb' (CVE-2026-49160), and a BitLocker bypass tied to the 'YellowKey' disclosure (CVE-2026-50507).
  • For immediate risk reduction Microsoft published temporary on-premises mitigations such as the new MaxHeadersCount registry setting (KB5102602) and guidance to restrict MaxRequestBytes to limit oversized HTTP requests until systems are updated.
  • Microsoft and Google coordinated a large-scale Chromium/Edge remediation that covers roughly 360 browser component bugs, and Microsoft noted several cloud-only fixes that do not require customer action.
  • Security teams should prioritize deploying these patches and consider the registry mitigations where patching is delayed because many of the fixes address critical remote-code-execution and privilege-escalation flaws and researchers say AI-driven discovery is increasing monthly patch volumes.