Microsoft Windows June 2026 Patch Tuesday zero-day fixes (multiple vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft's June 2026 Patch Tuesday fixed three Windows zero-days that could yield SYSTEM access or bypass BitLocker on vulnerable systems.
Related Happenings
Microsoft June 2026 Patch Tuesday record security update bundle
Security Patch Release
H score36
First: 10.06.2026 01:07
Last: 10.06.2026 01:07
Sources 1
About this happening:
**Microsoft** released a **record Patch Tuesday bundle** for **June 2026** that patches **nearly 200 security holes** across **Windows operating systems and supported software**,...
Microsoft June 2026 Patch Tuesday record security update bundle
Security Patch ReleaseAbout this happening: **Microsoft** released a **record Patch Tuesday bundle** for **June 2026** that patches **nearly 200 security holes** across **Windows operating systems and supported software**,...
Microsoft June 2026 Patch Tuesday (200 flaws, 3 zero-days)
Security Patch Release
H score37
First: 09.06.2026 20:57
Last: 09.06.2026 20:57
Sources 1
About this happening:
**Microsoft** released its **June 2026 Patch Tuesday**, delivering security updates for **200 flaws** and **three publicly disclosed zero-days** across Windows and related compone...
Microsoft June 2026 Patch Tuesday (200 flaws, 3 zero-days)
Security Patch ReleaseAbout this happening: **Microsoft** released its **June 2026 Patch Tuesday**, delivering security updates for **200 flaws** and **three publicly disclosed zero-days** across Windows and related compone...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
H score44
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
H score46
First: 20.05.2026 10:31
Last: 20.05.2026 10:31
Sources 1
How related:
Microsoft shared mitigation measures for YellowKey to defend against potential attacks that exploit it in the wild, while also complaining that the proof-of-concept had "been made public violating coordinated vulnerability best practices."
About this happening:
**Windows BitLocker** **YellowKey** (**CVE-2026-45585**) moved from interim mitigation to patch status after **Microsoft** fixed it in **June 2026 Patch Tuesday**. The **Windows R...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/MitigationHow related: Microsoft shared mitigation measures for YellowKey to defend against potential attacks that exploit it in the wild, while also complaining that the proof-of-concept had "been made public violating coordinated vulnerability best practices."
About this happening: **Windows BitLocker** **YellowKey** (**CVE-2026-45585**) moved from interim mitigation to patch status after **Microsoft** fixed it in **June 2026 Patch Tuesday**. The **Windows R...
Latest development: 10.06.2026 12:57
On Tuesday, Microsoft fixed YellowKey (CVE-2026-45585) as part of its June 2026 Patch Tuesday updates and shared mitigation measures for the Windows Recovery Environment backdoor. The flaw affects unpatched Windows 11 and Windows Server 2022/2025 systems and can let attackers with physical access bypass BitLocker protection on targeted devices.
Microsoft May 2026 Patch Tuesday release
Security Patch Release
H score38
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Latest development: 01.06.2026 15:30
Belgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.
Timeline
-
10.06.2026 12:57 2 articles · 2h ago
Microsoft patches three Windows zero-days in June 2026 Patch Tuesday
Mitigation Patch UpdateMicrosoft patched GreenPlasma (CVE-2026-45586), MiniPlasma (CVE-2020-17103), and YellowKey (CVE-2026-45585) in June 2026 Patch Tuesday. GreenPlasma and MiniPlasma let local attackers obtain SYSTEM on fully patched Windows systems through the Collaborative Translation Framework (CTFMON) and the Cloud Files Mini Filter Driver, while YellowKey affects the Windows Recovery Environment (WinRE) and can let attackers with physical access bypass BitLocker on unpatched Windows 11 and Windows Server 2022/2025 systems.
Show sources
- Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days — www.bleepingcomputer.com — 10.06.2026 12:57
- Microsoft patches YellowKey, GreenPlasma, MiniPlasma zero-days — www.bleepingcomputer.com — 10.06.2026 12:57