Microsoft’s June 2026 Patch Tuesday addresses 200 security vulnerabilities across Windows and related components. The update also fixes three publicly disclosed zero-day vulnerabilities affecting Windows privilege escalation, HTTP.sys, and BitLocker.
In addition, Microsoft classified 33 vulnerabilities as Critical, with 28 enabling remote code execution (RCE). As a result, the update is considered highly important for enterprise and individual users.
Zero-Day Vulnerabilities Fixed in June 2026 Patch Tuesday
The update resolves three zero-day flaws that were already publicly disclosed. These vulnerabilities affect key Windows components and could allow attackers to escalate privileges or bypass security protections.
Furthermore, Microsoft also fixed a newly identified “HTTP/2 Bomb” denial-of-service (DoS) attack targeting HTTP.sys. This issue could potentially disrupt services and impact system availability.
BitLocker Bypass Vulnerability Patched
In addition, Microsoft patched a BitLocker bypass vulnerability known as “YellowKey.” This flaw could allow attackers to gain unauthorized access to encrypted drives under certain conditions.
Therefore, organizations relying on BitLocker for disk encryption are strongly encouraged to install the update as soon as possible.
Security Impact and Risk
The June 2026 Patch Tuesday highlights a growing trend of complex vulnerabilities in core Windows components. For example, privilege escalation and encryption bypass flaws can significantly increase the impact of an attack.
Moreover, HTTP.sys vulnerabilities can affect network-facing services, making them attractive targets for attackers.
Key Takeaways
- Microsoft fixed 200 vulnerabilities in June 2026 Patch Tuesday
- Three publicly disclosed zero-days were patched
- 33 vulnerabilities are rated Critical, including 28 RCE flaws
- HTTP/2 Bomb DoS attack affecting HTTP.sys was resolved
- BitLocker bypass vulnerability “YellowKey” was fixed
Source
Microsoft June 2026 Patch Tuesday security update summary
No responses yet