Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Staff Editor 2026-06-10
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html

Publish Date: 2026-06-10 05:38:00

Source Domain: thehackernews.com

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release.

Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, seven denial-of-service, and three tampering vulnerabilities.

The patches also include two non-Microsoft CVEs, a privilege escalation vulnerability impacting Windows Kernel (CVE-2025-10263) and a UEFI Secure Boot security feature bypass (CVE-2026-8863). They are in addition to more than 350 security flaws that Google has addressed in Chromium, which is used in Microsoft’s Edge browser.

Topping the list of fixes is CVE-2026-45657 (CVSS score: 9.8), a use-after-free flaw affecting Windows Kernel that could result in remote code execution.

“An attacker could exploit this vulnerability by sending specially crafted network traffic to a vulnerable Windows system,” Microsoft said. “If successful, the malicious network packets could trigger a flaw in how the Windows kernel processes certain TCP/IP data, potentially allowing the attacker to run code with system-level privileges without needing to sign in or interact with a user.”

Other important vulnerabilities of note are listed below –

  • CVE-2026-47291 (CVSS score: 9.8) – An integer overflow or wraparound flaw in Windows HTTP.sys that allows an unauthorized attacker to execute code over a network.
  • CVE-2026-44815 (CVSS score: 9.8) – A stack-based buffer overflow vulnerability in Windows DHCP Client that allows an unauthorized attacker to execute code over a network.

“This flaw needs no credentials or user action and can turn network traffic into a full system compromise,” Alex Vovk, CEO and co-founder of Action1, said about CVE-2026-44815. “An attacker could send specially crafted network traffic to a system…

Source

More Stories

Europe moves to secure sovereign cybersecurity and chips

Europe moves to secure sovereign cybersecurity and chips

Staff Editor 2026-06-10
What a .25M NY Cybersecurity Settlement Means for Businesses: Your 4-Step Action Plan | Fisher Phillips

What a $2.25M NY Cybersecurity Settlement Means for Businesses: Your 4-Step Action Plan | Fisher Phillips

Staff Editor 2026-06-10
Carnival (CCL) slides as investors weigh newly disclosed cybersecurity fallout and a risk-off tape ahead of key macro data

Carnival (CCL) slides as investors weigh newly disclosed cybersecurity fallout and a risk-off tape ahead of key macro data

Staff Editor 2026-06-10

Terms and Conditions - Privacy Policy