ADVISORY SUMMARY
Microsoft's June 2026 Patch Tuesday — the largest in Patch Tuesday history — addressed 206 vulnerabilities including 6 zero-days and 39 rated Critical. Highest-priority issues include CVE-2026-45657 (Windows Kernel TCP/IP RCE, CVSS 9.8), CVE-2026-47291 (Windows HTTP.sys integer overflow RCE, CVSS 9.8), CVE-2026-41091 (Microsoft Defender privilege escalation, confirmed exploited in the wild, CVSS 7.8), and three publicly named BitLocker bypasses (YellowKey CVE-2026-45585, Bitskrieg CVE-2026-50507). The Secure Boot KEK certificate lifecycle transition also began June 25, 2026, requiring urgent attention from organizations managing UEFI boot environments.
AFFECTED SYSTEMS
MITIGATION GUIDANCE
Apply June 2026 cumulative updates immediately via Windows Update / WSUS / Intune. Install servicing stack update (ADV990001) before deploying other patches. Enable TPM+PIN for BitLocker to mitigate YellowKey/Bitskrieg. Restrict internet-facing RDP and enforce NLA. Apply KB5102602 MaxHeadersCount registry setting for HTTP.sys. Verify Exchange EEMS is enabled and CVE-2026-42897 patch applied. Update Secure Boot KEK certificates per Microsoft guidance before June 2026 deadline.
DETECTION SIGNATURES
Alert on exploitation of CVE-2026-41091 (Defender link-following EoP — confirmed in-the-wild). Monitor for anomalous kernel-level process creation indicative of TCP/IP or HTTP.sys exploitation. Audit Hyper-V guest-to-host trust boundaries. Review SharePoint and Exchange Server logs for spoofing/XSS indicators. Use Microsoft Defender for Endpoint telemetry for zero-day behavioral coverage.
REFERENCES
- → https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun
- → https://arcticwolf.com/resources/blog/microsoft-patch-tuesday-security-recap-june-2026-edition/
- → https://blog.qualys.com/vulnerabilities-threat-research/2026/06/09/microsoft-and-adobe-patch-tuesday-june-2026-security-update-review