Back to overview

Threat intelligence

Microsoft Security Bulletin Coverage for June 2026

by Security News

Overview

Microsoft’s June 2026 Patch Tuesday has 210 vulnerabilities, of which 67 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2026 and has produced coverage for 14 of the reported vulnerabilities.

Vulnerabilities with Detections

CVE

CVE Title

Signature

CVE-2020-17103Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityASPY 7230 Exploit-exe exe.MP_529
CVE-2026-41091Microsoft Defender Elevation of Privilege VulnerabilityASPY 7229 Exploit-exe exe.MP_528
CVE-2026-42905Windows DWM Core Library Elevation of Privilege VulnerabilityASPY 7231 Exploit-exe exe.MP_530
CVE-2026-42980NT OS Kernel Elevation of Privilege VulnerabilityASPY 7232 Exploit-exe exe.MP_531
CVE-2026-42985Remote Desktop Client Remote Code Execution VulnerabilityIPS 3036 RDP Malformed Request 2
CVE-2026-42986Microsoft Graphics Component Elevation of Privilege VulnerabilityASPY 7233 Exploit-exe exe.MP_532
CVE-2026-42989Winlogon Elevation of Privilege VulnerabilityASP 7234 Exploit-exe exe.MP_533
CVE-2026-44803Windows Graphics Component Remote Code Execution VulnerabilityASPY 688 Malformed-png png.MP_6
CVE-2026-44812Windows Graphics Component Remote Code Execution VulnerabilityASPY 687 Malformed-png png.MP_5
CVE-2026-45585Windows BitLocker Security Feature Bypass VulnerabilityASPY 686 Exploit-exe exe.MP_528
CVE-2026-45586Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege VulnerabilityASPY 685 Exploit-exe exe.MP_526
CVE-2026-45658Windows BitLocker Security Feature Bypass VulnerabilityASPY 689 Exploit-exe exe.MP_534
CVE-2026-47291HTTP.sys Remote Code Execution VulnerabilityIPS 4620 HTTP Request with Malformed Host Header 10
CVE-2026-49160HTTP.sys Denial of Service VulnerabilityIPS 4619 Windows HTTP.sys DoS (CVE-2026-49160)

 

Release Breakdown

The vulnerabilities can be classified into the following categories:

 

Jun_2026_chart_impact_1.png

 

Jun_2026_chart_severity_1.png

 

For June there are 38 critical and 170 important vulnerabilities.

 

Jun_2026_chart_Vul_count_1.pngJun_2026_chart_expl_dis_1.png

Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month. The above chart displays these metrics as seen each month.

 

Jun_2026_chart_expl_assesment_1.png

Release Detailed Breakdown

Defense in Depth Vulnerability

CVECVE Title
CVE-2026-42910Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability

Denial of Service Vulnerabilities

CVECVE Title
CVE-2026-42903Windows Kerberos Denial of Service Vulnerability
CVE-2026-42914Windows Kerberos Denial of Service Vulnerability
CVE-2026-42915Windows TCP/IP Denial of Service Vulnerability
CVE-2026-44805Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
CVE-2026-45591ASP.NET Core Denial of Service Vulnerability
CVE-2026-45606Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability
CVE-2026-49160HTTP.sys Denial of Service Vulnerability

 

Elevation of Privilege Vulnerabilities

CVECVE Title
CVE-2020-17103Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-33828Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability
CVE-2026-34335Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-40371Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability
CVE-2026-40376Visual Studio Code Elevation of Privilege Vulnerability
CVE-2026-40404Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-40409Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability
CVE-2026-41091Microsoft Defender Elevation of Privilege Vulnerability
CVE-2026-41092Microsoft Kinect Elevation of Privilege Vulnerability
CVE-2026-41108Windows DNS Client Elevation of Privilege Vulnerability
CVE-2026-42828Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-42836Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-42837Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-42902Microsoft PowerToys Elevation of Privilege Vulnerability
CVE-2026-42904Windows TCP/IP Elevation of Privilege Vulnerability
CVE-2026-42905Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-42911Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-42912Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-42916NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42977Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42978Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42979Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42980NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42983Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-42984Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-42986Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2026-42989Winlogon Elevation of Privilege Vulnerability
CVE-2026-42991Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-44802Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-44804Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-44807Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-44808Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-44809Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-44810Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2026-44811Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-44813Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-45476Microsoft Azure Network Adapter Elevation of Privilege Vulnerability
CVE-2026-45484Microsoft SharePoint Elevation of Privilege Vulnerability
CVE-2026-45487Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability
CVE-2026-45490.NET SDK Elevation of Privilege Vulnerability
CVE-2026-45504Microsoft Exchange Server Elevation of Privilege Vulnerability
CVE-2026-45586Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
CVE-2026-45592Windows Internet (wininet.dll) Elevation of Privilege Vulnerability
CVE-2026-45593Windows SDK Elevation of Privilege Vulnerability
CVE-2026-45596Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45597Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability
CVE-2026-45598Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45600Windows Kernel-Mode Driver Elevation of Privilege Vulnerability
CVE-2026-45601Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45603Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45605Windows Bluetooth Service Elevation of Privilege Vulnerability
CVE-2026-45637Microsoft DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-45638Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45640Windows Bluetooth Port Driver Elevation of Privilege Vulnerability
CVE-2026-45644Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability
CVE-2026-45647Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
CVE-2026-45653Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-47281Visual Studio Code Elevation of Privilege Vulnerability
CVE-2026-47292Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability
CVE-2026-47293Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
CVE-2026-47648Windows Storage Elevation of Privilege Vulnerability
CVE-2026-48565Windows Narrator Braille Elevation of Privilege Vulnerability
CVE-2026-48567Azure HorizonDB  Elevation of Privilege Vulnerability
CVE-2026-48578Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48583Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-50511Microsoft PC Manager Elevation of Privilege Vulnerability
CVE-2026-50512Microsoft PC Manager Elevation of Privilege Vulnerability

Information Disclosure Vulnerabilities

CVECVE Title
CVE-2026-42824M365 Copilot Information Disclosure Vulnerability
CVE-2026-42835Microsoft Teams for Android Information Disclosure Vulnerability
CVE-2026-42906Windows Shell Information Disclosure Vulnerability
CVE-2026-42907Windows Shell Information Disclosure Vulnerability
CVE-2026-42908Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-42968Windows Telephony Server Information Disclosure Vulnerability
CVE-2026-42969Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42970Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42971Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42972Windows Hyper-V Information Disclosure Vulnerability
CVE-2026-42973Windows Push Notification Information Disclosure Vulnerability
CVE-2026-44814Windows DWM Core Library Information Disclosure  Vulnerability
CVE-2026-44821Microsoft Office Information Disclosure Vulnerability
CVE-2026-44822Microsoft Excel Information Disclosure Vulnerability
CVE-2026-45455Microsoft Excel Information Disclosure Vulnerability
CVE-2026-45460Microsoft Office Information Disclosure Vulnerability
CVE-2026-45466Microsoft Word Information Disclosure Vulnerability
CVE-2026-45485Microsoft Office Information Disclosure Vulnerability
CVE-2026-45502Microsoft Exchange Server Information Disclosure Vulnerability
CVE-2026-45503Microsoft Exchange Server Information Disclosure Vulnerability
CVE-2026-45594Windows Application Identity (AppID) Information Disclosure Vulnerability
CVE-2026-45604Windows Managed Installer Information Disclosure Vulnerability
CVE-2026-45608Windows DHCP Client Information Disclosure Vulnerability
CVE-2026-45634Windows DHCP Client Information Disclosure Vulnerability
CVE-2026-45639Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-47284Visual Studio Code Information Disclosure Vulnerability
CVE-2026-47285Visual Studio Code Information Disclosure Vulnerability
CVE-2026-47644Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
CVE-2026-47655Microsoft Graph Information Disclosure Vulnerability
CVE-2026-48566Windows DWM Core Library Information Disclosure  Vulnerability
CVE-2026-48579Microsoft Exchange Online Information Disclosure Vulnerability

 

Remote Code Execution Vulnerabilities

CVECVE Title
CVE-2026-26142Nuance PowerScribe Remote Code Execution Vulnerability
CVE-2026-32193Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability
CVE-2026-42909Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42913Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42974Windows Performance Monitor Remote Code Execution Vulnerability
CVE-2026-42981Windows Performance Monitor Remote Code Execution Vulnerability
CVE-2026-42985Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42987Windows Deployment Services (WDS) Remote Code Execution
CVE-2026-42992Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42993Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44799Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44801Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44803Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44812Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44815DHCP Client Service Remote Code Execution Vulnerability
CVE-2026-44817Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44818Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44819Microsoft Office Remote Code Execution Vulnerability
CVE-2026-44820Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44823Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-44824Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45454Microsoft SharePoint Remote Code Execution Vulnerability
CVE-2026-45456Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45457Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45458Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-45461Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45463Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45469Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-45471Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45472Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45474Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45475Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45486Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45497Microsoft M365 Copilot Remote Code Execution Vulnerability
CVE-2026-45583Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2026-45599Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-45607Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-45635Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-45636Windows NTFS Remote Code Execution Vulnerability
CVE-2026-45641Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-45643Microsoft Word Remote Code Execution Vulnerability
CVE-2026-45645Microsoft Office Remote Code Execution Vulnerability
CVE-2026-45648Windows Active Directory Domain Services Remote Code Execution Vulnerability
CVE-2026-45657Windows Kernel Remote Code Execution Vulnerability
CVE-2026-47288Windows Kerberos Key Distribution Center (KDC) Remote Code Execution
CVE-2026-47289Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-47291HTTP.sys Remote Code Execution Vulnerability
CVE-2026-47298Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2026-47635Microsoft Outlook and Word Remote Code Execution Vulnerability
CVE-2026-47643Azure Stack Edge Remote Code Execution Vulnerability
CVE-2026-47652Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-47653Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-47654Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-48560Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-48563Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-48574Windows Media Remote Code Execution Vulnerability

Security Feature Bypass Vulnerabilities

CVECVE Title
CVE-2026-42829Windows Administrator Protection Secure Feature Bypass Vulnerability
CVE-2026-45459Microsoft Excel Security Feature Bypass Vulnerability
CVE-2026-45482Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
CVE-2026-45585Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-45588Secure Boot Security Feature Bypass Vulnerability
CVE-2026-45595Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2026-45654Secure Boot Security Feature Bypass Vulnerability
CVE-2026-45655Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-45656UEFI Secure Boot Security Feature Bypass Vulnerability
CVE-2026-45658Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-47656Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2026-48568Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48569Visual Studio Code Security Feature Bypass Vulnerability
CVE-2026-48570Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48573Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48575Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48576Secure Boot Security Feature Bypass Vulnerability
CVE-2026-49161Microsoft PC Manager Security Feature Bypass Vulnerability
CVE-2026-50507Windows BitLocker Security Feature Bypass Vulnerability

Spoofing Vulnerabilities

CVECVE Title
CVE-2026-33113Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-41098Azure Stack Edge Spoofing Vulnerability
CVE-2026-45453Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45462Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45464Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45465Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45467Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45468Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45479Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45481Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-45483Microsoft Office Project Server Spoofing Vulnerability
CVE-2026-45500Microsoft Exchange Server Spoofing Vulnerability
CVE-2026-45501Microsoft Exchange Server Spoofing Vulnerability
CVE-2026-45642Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability
CVE-2026-45649Office for Android Spoofing Vulnerability
CVE-2026-45650Microsoft Bing Search Spoofing Vulnerability
CVE-2026-47631Microsoft Exchange Server Spoofing Vulnerability
CVE-2026-47634Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47636Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47637Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47638Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47639Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47640Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47641Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-48562Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-50508Windows NTLM Spoofing Vulnerability

 

Tampering Vulnerability

CVECVE Title
CVE-2026-45491.NET Tampering Vulnerability
CVE-2026-45602Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
CVE-2026-47287Visual Studio Code Tampering Vulnerability

 

 

 

 

 

 

Share This Article

An Article By

Security News

The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.

Related Articles

  • Nested Deserialization to RCE in Adobe Commerce & Magento (CVE-2025-54236)
    Read More
  • Command Injection in HuangDou UTCMS (CVE-2024-9916) Enables RCE
    Read More