Microsoft June 2026 Patch Tuesday: 32 critical bugs

Microsoft released its June 2026 security updates addressing 206 vulnerabilities across Windows, Microsoft Office, Azure and related products. Microsoft marked 32 of the flaws as critical, with 28 classified as remote code execution (RCE) issues affecting services and client applications including Active Directory, the Kerberos KDC, the Windows graphics subsystem, Remote Desktop, Windows Deployment Services, the DHCP client, Hyper-V, the Windows kernel, media components, Azure Kubernetes Service, Microsoft Office and SQL Server.

Four critical bugs identified as more likely to be exploited include CVE-2026-42985, a heap-based buffer overflow in the Remote Desktop Client that can allow unauthenticated network code execution; CVE-2026-47291, an integer overflow in the Windows HTTP Protocol Stack (http.sys) triggered by a crafted packet; and CVE-2026-44803 and CVE-2026-44812, integer overflow issues in the Win32K graphics subsystem that permit local code execution when an attacker can already run code on the machine.

Microsoft listed 23 additional critical vulnerabilities with a lower likelihood of exploitation. Those include multiple heap overflow issues in the Remote Desktop Client (for example CVE-2026-42992, CVE-2026-44799, CVE-2026-44801, CVE-2026-47289 and CVE-2026-48563) that require an attacker to prepare the target environment or control a Remote Desktop Server. Hyper-V flaws such as CVE-2026-45607, CVE-2026-45641 and CVE-2026-47652 stem from out-of-bounds reads and could let a malicious guest VM affect the host. A Windows kernel use-after-free vulnerability (CVE-2026-45657) can be triggered by specially crafted network traffic and may allow system-level code execution without user interaction. Other critical items include a Windows Media heap overflow (CVE-2026-48574), a WDS use-after-free RCE (CVE-2026-42987) and a DHCP client stack overflow exploitable against DHCP servers (CVE-2026-44815).

Office-related critical issues affect Outlook and Word rendering and preview functionality. CVE-2026-45456, CVE-2026-45458 and CVE-2026-47635 are RCEs tied to type confusion when Office accesses resources; the Outlook classic preview pane uses Word for rendering and can be an attack vector. Additional Office use-after-free flaws (CVE-2026-45461, CVE-2026-45463, CVE-2026-45472 and CVE-2026-45474) allow local code execution when exploited.

Cloud and enterprise products appear among critical entries. CVE-2026-32193 affects Azure Kubernetes Service via a path traversal in host-level services exposed to untrusted containers. CVE-2026-45648 is a stack-based buffer overflow in Active Directory Domain Services. CVE-2026-47288 impacts the Kerberos KDC via integer overflow on adjacent networks. An elevation-of-privilege issue in Azure Network Adapter (CVE-2026-45476) involves a Linux MANA driver use-after-free that could expose guest memory to an attacker with host access. CVE-2026-47644 is an information disclosure issue in Copilot Chat for Microsoft Edge.

Cisco Talos published a Snort ruleset to detect attempts to exploit several of the disclosed bugs. Snort 2 rule IDs included in the release are 66572–66577, 66581, 66589, 66590, 66594, 66595 and 66601–66604. Snort 3 rule IDs available are 301523–301525, 301527–301529, 301531 and 301532. Cisco Security Firewall customers should apply the latest SRU to receive protections. Users of the open-source Snort Subscriber Ruleset can obtain the updated rule pack from Snort.org. Talos noted that additional rules may be published and existing rules could change as new information becomes available.

Microsoft’s security update page lists full details and mitigations for each CVE, and the bulletin includes dozens of other important vulnerabilities such as elevation-of-privilege issues in DWM, the kernel and Winlogon, SharePoint spoofing flaws, BitLocker bypasses and an http.sys denial-of-service bug (CVE-2026-49160). System administrators and security teams can consult Microsoft’s advisory and Talos’ rule packs for technical details and detection options.