June 2026 Patch Tuesday: 206 Vulnerabilities, Three Zero-Days Including HTTP/2 Bomb Flaw (CVE-2026-49160)
ID: 5f6ff0e9-436f-5e77-b76c-4e29c2b2de78
STIX ID: report--5f6ff0e9-436f-5e77-b76c-4e29c2b2de78
Feed Name: SOCRadar Blog
Microsoft’s June 2026 Patch Tuesday fixes 206 vulnerabilities across Windows and related products, including three publicly disclosed zero-days (CVE-2026-49160 HTTP.sys DoS tied to an HTTP/2 “bomb”, CVE-2026-45586 local Elevation of Privilege in the CTF service, and CVE-2026-50507 BitLocker bypass with PoC). The advisory highlights numerous critical and high-severity issues (several CVSS 9.x and a 10.0 in Azure HorizonDB), multiple unauthenticated network-accessible RCEs, and recommends urgent patching and mitigations for internet-facing HTTP services, DHCP infrastructure, BitLocker-protected endpoints, kernel-level components, SharePoint, Exchange, and identity infrastructure.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
