Microsoft’s June Patch Tuesday update fixes a record 206 security vulnerabilities across Windows, Office, Exchange Server, Edge, Hyper-V, and cloud services. One of those flaws is already being exploited, making this an important update cycle for both home users and IT administrators.
The actively exploited issue is a Microsoft Defender elevation of privilege vulnerability tracked as CVE-2026-41091. If abused, it can allow an attacker to gain system level privileges on a compromised machine. Microsoft has already replaced the vulnerable Malware Protection Engine through Defender’s automatic daily updates, but users should still confirm that their systems are fully updated.
This month’s patch total is unusually high. Microsoft classifies 38 of the fixed vulnerabilities as critical, while the rest are marked as high risk. The update also arrives during a sensitive period for Windows security because Microsoft is rotating Secure Boot certificates and fixing several Secure Boot related flaws.
Microsoft Defender is the most urgent fix this month
The most important vulnerability in the June update is CVE-2026-41091 in Microsoft Defender. Unlike many Patch Tuesday flaws that are fixed before attackers use them widely, this one is already being exploited in the wild.
Microsoft has patched the issue by updating the Malware Protection Engine. The safe version is 1.1.26040.8 or newer.
| Area affected | What Microsoft fixed |
|---|---|
| Total vulnerabilities | 206 |
| Critical flaws | 38 |
| Actively exploited flaw | CVE-2026-41091 in Microsoft Defender |
| Windows flaws | 118 |
| Office flaws | 54 |
| Exchange Server flaws | 8 |
| Edge and Chromium flaws | 74 Chromium issues addressed separately |
| Next Patch Tuesday | July 14, 2026 |
To check your Defender engine version on Windows 11, open Settings, go to Privacy and security, open Windows Security, then go to Settings and About. On Windows 10, start from Settings, then Update and Security, open Windows Security, and follow the same path.
If your Malware Protection Engine version is below 1.1.26040.8, you should run Windows Update and make sure Defender updates are installed.
Windows gets critical remote code execution fixes
Windows itself received fixes for 118 vulnerabilities across supported Windows 10, Windows 11, and Windows Server versions. Among them are 19 critical remote code execution flaws.
One of the most serious is CVE-2026-47288 in the Windows kernel. Microsoft says it can allow remote code execution with system privileges without authentication. That makes it especially important because attackers often look for flaws that do not require a user to sign in or perform complex steps.
Another major issue is CVE-2026-47291 in the Windows HTTP service. It can also allow code execution without authentication in affected configurations. Microsoft says systems using a specific default value for MaxRequestBytes in the registry are not vulnerable, and it has provided guidance for administrators who need to apply that protection.
The DHCP Client service also received a critical fix for CVE-2026-44815. Since the DHCP Client service runs on all PCs, this kind of vulnerability can be especially attractive to attackers.
Secure Boot and BitLocker remain major security areas
June is also important for Secure Boot because older certificates are expiring and Microsoft is moving systems toward newer signing infrastructure. Alongside that transition, Microsoft fixed 10 Secure Boot security feature bypass vulnerabilities.
These flaws could allow malicious code to load early in the startup process before normal Windows protections are fully active. That makes Secure Boot updates important, especially for business systems and managed devices.
Microsoft also updated bulletins tied to BitLocker related issues, including flaws referred to as YellowKey and GreenPlasma. BitLocker remains a key security feature for protecting data on Windows devices, but recent updates have shown how complex firmware, boot, encryption, and certificate changes can become in real world deployments.
Office, Hyper-V, Exchange, and Edge also receive major fixes
Microsoft Office received 54 vulnerability fixes this month, including 25 remote code execution issues. Nine of those are critical. In some cases, the Outlook or Office preview pane can be enough to trigger an attack path, meaning users may not need to fully open a malicious document for risk to exist.
Hyper-V also received critical fixes for vulnerabilities that could allow code to escape from a guest system and run on the host. That matters for anyone using virtualization in development, testing, security research, or enterprise environments.
Exchange Server received eight fixes, including one remote code execution issue that can be exploited in a man in the middle scenario. Exchange Online also had a critical data leak flaw that Microsoft has already fixed.
Microsoft Edge was updated separately to address 74 Chromium vulnerabilities, including a Chromium zero day. These flaws are not counted in Microsoft’s 206 vulnerability total, but Edge users should still make sure the browser is updated.
Windows users should install June’s patches quickly
This is one of the most important Patch Tuesday releases in recent memory because of the record number of fixes and the actively exploited Defender flaw. Home users should make sure Windows Update, Microsoft Defender, and Edge are fully current.
Businesses should prioritize testing and deployment, especially for systems exposed to the internet, Exchange environments, Hyper-V hosts, and managed Windows devices with Secure Boot or BitLocker policies.
Patch Tuesday updates sometimes create compatibility concerns, but delaying this month’s fixes carries its own risk. With one Defender vulnerability already under attack and dozens of critical flaws now public, the safest move is to update quickly and verify that security components are on the latest versions.
Discussion (0)
Be the first to comment.