• News/
  • darkreading-20260609214257

Blame AI: Patch Tuesday Hits Record 206 CVEs

Dark Reading
·
Jai Vijayan
·
Published Jun 9, 2026
·
Updated

Microsoft's June 2026 Patch Tuesday update with fixes for a record 206 unique CVEs is the latest sign of what is quickly becoming the new normal for organizations as AI accelerates vulnerability discovery. Three of the flaws in the mammoth update are previously disclosed zero-day bugs. They are part of a broader set of 13 vulnerabilities Microsoft flagged as "Exploitation More Likely," indicating heightened near-term risk for organizations. The update also includes 32 critical-severity vulnerabilities, five of which carry CVSS scores of 9.0 or higher on the 10-point scale. As has been the case recently, a high percentage of vulnerabilities in the release are either remote code execution (RCE) vulnerabilities or elevation of privilege (EoP) bugs. Other, relatively less common vulnerability types include those that enable denial-of-service conditions, data theft, and security features bypass. Security researchers pointed to the three previously disclosed vulnerabilities as issues meriting immediate attention. The three flaws include CVE-2026-45586 (CVSS: 7.8), an EoP bug in Windows Collaborative Translation Framework (CTFMON) that attackers can exploit to gain SYSTEM level privileges; CVE-2026-49160 (CVSS: 7.5), a denial-of-service bug in Windows.sys; and CVE-2026-50507 (CVSS: 6.8), which enables bypass of Microsoft's BitLocker security feature. Amol Sarwate, head of security research at Cohesity, flagged two near-maximum severity vulnerabilities in this month's release as top ...

Read full article

Affected Software

7 affected components
Microsoft Collaborative Translation Framework (CTFMON)
Microsoft Windows.sys
Microsoft BitLocker
Microsoft HTTP.sys
Microsoft DHCP Client service
Microsoft Graphics Component
Microsoft Deployment Services
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the main focus of the article about Microsoft's Patch Tuesday?

The article discusses Microsoft's June 2026 Patch Tuesday update, which addresses a record 206 unique CVEs due to accelerated vulnerability discovery influenced by AI.

2

What are CVEs and why are they important?

CVEs, or Common Vulnerabilities and Exposures, are crucial as they identify and catalog security vulnerabilities in software, helping organizations prioritize patching.

3

How many zero-day vulnerabilities are included in the June 2026 update?

The update includes three previously disclosed zero-day vulnerabilities that require urgent attention.

4

Which Microsoft products are affected by the vulnerabilities addressed in this update?

Affected products include Microsoft Collaborative Translation Framework, Windows.sys, BitLocker, HTTP.sys, DHCP Client service, Graphics Component, and Deployment Services.

5

What does the record number of CVEs in this update signify about security trends?

The record number of CVEs reflects a concerning trend of increasing vulnerability discovery rates influenced by advancements in AI technologies.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203