DMZ//THREAT INTEL
FEED ACTIVELAST SYNC: 06:12:51ZSOURCES: 14CRITICAL: 31
⚠ ACTIVE ALERTS
@GossiTheDog CRITICAL — Sampled credentials from the FortiBleed dataset and confirmed they are authentic. Many of… /// @MsftSecIntel CRITICAL — Tracking FortiBleed downstream activity. Buyers of the FortiGate credential sets are… /// @TalosSecurity CRITICAL — FortiBleed is just one piece of a broader IAB operation. The same Russian-speaking actor… /// @MalwareHunterTeam CRITICAL — The Gentlemen RaaS internal data leak (May 2026, ~16GB) confirmed operators actively… /// @CrowdStrike CRITICAL — Gentlemen RaaS affiliates are deploying GentleKiller variants that specifically target…
31Critical Threats
18Active CVEs
19IOCs Tracked
11New Advisories
INTEL FEED/ADVISORIES/MSRC June 2026 / AV26-569
TLP:WHITE
Disclosure not limited. This advisory may be distributed publicly through any channel.
OFFICIAL ADVISORY // MSRC June 2026 / AV26-569 // PUBLISHED 2026-06-09
MicrosoftCVE-2026-44801CVE-2026-44799CVE-2026-42992CVE-2026-42985CVE-2026-47652CVE-2026-45641CVE-2026-45607CVE-2026-45458CVE-2026-45456CVE-2026-47635CVE-2026-42897CVE-2026-45585CVE-2026-50507CVE-2026-45658

Microsoft June 2026 Patch Tuesday — 206 CVEs Including 6 Zero-Days; Critical RCE in HTTP.sys, Exchange Server, Hyper-V, Remote Desktop Client, and BitLocker Bypasses (CVE-2026-45458 / CVE-2026-45456 / CVE-2026-47652 et al.)

ADVISORY SUMMARY

Microsoft's June 2026 Patch Tuesday — the largest single Patch Tuesday in the program's 23-year history — addressed 206 CVEs (39 Critical, ~65 Elevation of Privilege) including 6 zero-days. Critical patches cover Remote Desktop Client (11 CVEs, 4 Critical: CVE-2026-44801, CVE-2026-44799, CVE-2026-42992, CVE-2026-42985), Hyper-V out-of-bounds read (CVE-2026-47652, CVE-2026-45641, CVE-2026-45607), HTTP.sys RCE, Microsoft Office/Outlook (CVE-2026-45458, CVE-2026-45456, CVE-2026-47635), Exchange Server spoofing (CVE-2026-42897, actively exploited), and three BitLocker bypasses (CVE-2026-45585 'YellowKey', CVE-2026-50507 'Bitskrieg', CVE-2026-45658). Simultaneously, Microsoft is rotating Secure Boot certificates expiring June 24, 2026 (Microsoft Corporation KEK CA 2011) to new 2023-dated certificates.

AFFECTED SYSTEMS

AFFECTED SYSTEM
SEVERITY
EXPLOIT
PATCH
Windows 10 (all supported versions)
MEDIUM
POC
PATCHED
Windows 11 (24H2, 25H2, 26H1)
MEDIUM
POC
PATCHED
Windows Server 2016 / 2019 / 2022 / 2025
MEDIUM
POC
PATCHED
Microsoft Exchange Server (on-premises)
HIGH
LIMITED
PATCHED
Microsoft Office / Outlook / Word
HIGH
LIMITED
PATCHED
Hyper-V
HIGH
LIMITED
PATCHED
Remote Desktop Client
HIGH
LIMITED
PATCHED
HTTP.sys / IIS
HIGH
LIMITED
PATCHED
BitLocker / Secure Boot (UEFI)
MEDIUM
POC
PATCHED

MITIGATION GUIDANCE

Apply all June 2026 cumulative updates immediately — apply servicing stack update (ADV990001) first. Prioritize: (1) RDP-exposed systems for CVE-2026-44801/44799/42992/42985; (2) Virtualized infrastructure for Hyper-V CVEs; (3) Exchange Server for CVE-2026-42897 (actively exploited); (4) Enable TPM+PIN (instead of TPM-only) for BitLocker to mitigate YellowKey/Bitskrieg. For HTTP/2 exposure, apply KB5102602 MaxHeadersCount registry setting and disable HTTP/2 on exposed IIS servers. Verify Secure Boot 2023 certificate is applied via Windows Security > Device Security.

DETECTION SIGNATURES

For Exchange CVE-2026-42897: monitor OWA for unexpected JavaScript execution in browser context; alert on crafted email delivery triggering client-side script. For RDP CVEs: restrict internet-facing RDP, enforce NLA, use VPN/gateway; alert on anomalous RDP session initiation. For BitLocker bypasses: audit physical access logs and Secure Boot policy changes. Monitor patch compliance via SCCM/Intune for all June 2026 KB rollups. Enable Microsoft Defender Exploit Guard across endpoints.

REFERENCES

  • https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun
  • https://www.cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-june-2026-monthly-rollup-av26-569
  • https://arcticwolf.com/resources/blog/microsoft-patch-tuesday-security-recap-june-2026-edition/
  • https://digital.nhs.uk/cyber-alerts/2026/cc-4785
  • https://nvd.nist.gov/vuln/detail/CVE-2026-42897
SHARE BRIEF:✕ Post on Xin Share on LinkedIn