June 2026 Patch Tuesday forecast: Where are the CVEs?

June 2026 Patch Tuesday roundup: Microsoft and other vendors released updates covering numerous CVEs; Microsoft Defender received dynamic protection updates on May 19 to block actively exploited RedSun and UnDefend threats, and Microsoft reported active exploitation of CVE-2026-42897 (Outlook Web Access/XSS) which is mitigated automatically by the Exchange Emergency Mitigation Service. Administrators are advised to apply the available patches, ensure Microsoft Defender and mitigation services are enabled, and monitor for further exploit activity.