Blog  /  Patching updates  /  Microsoft Patch Tuesday – June 2026

Microsoft Patch Tuesday – June 2026

Patching updates Last updated: 10 Jun 2026
Written By
Marcus White Cybersecurity Specialist, Outpost24

Today is Microsoft Patch Tuesday for June 2026. There are 206 Microsoft-issued vulnerabilities that have been addressed this time around, none of which are known to be actively exploited. Several critical remote code execution vulnerabilities have been resolved in core Windows infrastructure components.

Notable Patch Tuesday vulnerabilities for June

  • CVE-2026-45657 An attacker could exploit this vulnerability by sending specially crafted network traffic to a vulnerable Windows system. If successful, the malicious network packets could trigger a flaw in how the Windows kernel processes certain TCP/IP data, potentially allowing the attacker to run code with system-level privileges without needing to sign in or interact with a user. This should be addressed by applying the patch as soon as possible.
  • CVE-2026-47291 An attacker could exploit this vulnerability by sending specially crafted HTTP traffic to a vulnerable Windows system. If the system is running a specific configuration, this could result in the attacker being able to execute code without needing to sign in or interact with a user. This should be addressed by applying the patch as soon as possible. Alternatively, the interim mitigation published in the advisory can temporarily mask the attack surface while awaiting a patch opportunity.
  • CVE-2026-44815 An attacker could exploit this vulnerability by setting up a malicious DHCP server on the same network as an affected Windows system. If the affected system runs any applications that utilize the DhcpGetOriginalSubnetMask API, the attacker is able to trigger the flaw, resulting in code execution. This should be addressed by applying the patch as soon as possible. If immediate patching is unfeasible, audit running applications for use of the DhcpGetOriginalSubnetMask API.
  • CVE-2026-47281 An attacker could exploit this vulnerability by tricking a user into opening a crafted .code-workspace file in Visual Studio Code. This results in the attacker gaining full SYSTEM privileges on the affected machine. This should be addressed by updating Visual Studio Code to the patched version.

For more detailed information on these and other vulnerabilities, please refer to the release notes: https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun

Need help addressing the above in your own organization? Speak to an Outpost24 expert.

About the Author

Marcus White Cybersecurity Specialist, Outpost24

Marcus is an Outpost24 cybersecurity specialist based in the UK, with 8+ years experience in the tech and cyber sectors. He writes about attack surface management, application security, threat intelligence, and compliance.