Collector
Giriş Yap
Microsoft patches a record 206 flaws—and one is already being exploited | Collector
Microsoft patches a record 206 flaws—and one is already being exploited
PCWorld

Microsoft patches a record 206 flaws—and one is already being exploited

Yesterday, on Patch Tuesday for June, Microsoft released security updates to address 206 vulnerabilities. This is a new record, breaking the previous record of 175 in October 2025. In addition to Windows and Office, both Exchange Server and Microsoft’s cloud services are also affected. One of the vulnerabilities is already being exploited in the wild. Microsoft classifies a total of 38 vulnerabilities as critical, while the remainder are all designated as high risk. The next Patch Tuesday is scheduled for July 14th, 2026. Windows security vulnerabilities A large number of the vulnerabilities—118 this time around—are spread across the various Windows versions (10, 11, Server) for which Microsoft still officially provides security updates. Windows Defender under fire The only security vulnerability in this massive update package that’s actively being exploited in the wild is the Elevation of Privilege (EoP) vulnerability CVE-2026-41091 in Microsoft Defender. With it, an attacker can gain system privileges—and with Microsoft thanking various individuals for reporting this vulnerability, it suggests that these attacks may be quite widespread already. Microsoft has replaced the vulnerable Malware Protection Engine via the daily automatic Defender updates. The patched engine has a version number of at least 1.1.26040.8. To check whether your PC already has this engine version in Windows 11, go to Settings → Privacy & security → Windows Security → [Open Windows Security] → Settings → About. In Windows 10, start by going to Settings → Update & Security → [Open Windows Security] and then follow the same steps as for Windows 11. Secure Boot vulnerabilities June is an important month for Windows because it’s the month when old Secure Boot certificates expire , which entails all kinds of non-trivial update work. Microsoft is also addressing 10 security vulnerabilities in the Security Feature Bypass (SFB) category, which were discovered and reported by independent researchers. Anyone able to exploit one of these could load malicious code as soon as the system starts up, before the appropriate security measures can catch it. Critical Windows vulnerabilities Among the 118 vulnerabilities in Windows fixed this month, 19 are Remote Code Execution (RCE) vulnerabilities classified as critical. CVE-2026-47288 in the Windows kernel is especially problematic, as an attacker can remotely execute injected code with system privileges without authentication. There’s also CVE-2026-47291 in the HTTP service (http.sys), where an attacker can inject and execute code without needing to authenticate. However, if a default value for MaxRequestBytes is set in the Windows registry, the system is not vulnerable. Microsoft describes how to achieve this if necessary in the security bulletin for this vulnerability , including a PowerShell script. The Denial of Service (DoS) vulnerability CVE-2026-49160 in http.sys was already publicly known beforehand. There’s also CVE-2026-44815 in the DHCP Client service, which runs on all PCs, making it an attractive target for any attacker. Here, too, an attacker can inject and execute code without having to authenticate. There’s also CVE-2026-45585 and CVE-2026-50507 , which target the “YellowKey” and “GreenPlasma” security flaws in BitLocker, which were disclosed by notorious security researcher Nightmare Eclipse. Microsoft patched the former in May, but updated the relevant bulletin in June. Microsoft Office vulnerabilities Microsoft has fixed 54 vulnerabilities in its Office products, twice as many as in May. These include 25 RCE vulnerabilities, nine of which are classified as critical. In these cases, the preview pane itself is an attack vector—a user does not need to actually open a malicious file in Office to enable a successful attack. The remaining RCE vulnerabilities can be exploited if a user opens a malicious file in a vulnerable Office product. Microsoft Hyper-V sandbox escapes Exploitation of the critical RCE vulnerabilities CVE-2026-45607 , CVE-2026-45641 , and CVE-2026-47652 could allow malicious code to escape from a guest system and execute code on the host system. Microsoft Exchange Server MITM attacks Microsoft has fixed eight vulnerabilities in Exchange Server. These include CVE-2026-45583 , an RCE vulnerability that can only be exploited in a MITM (man-in-the-middle) scenario. Only the data leak CVE-2026-48579 in Exchange Online is classified as critical, and Microsoft has already patched it. An attacker could exploit CVE-2026-48579 by tricking an Exchange administrator into opening a malicious link, which would allow them to execute code within the administrator’s web session using the administrator’s privileges. Microsoft Edge zero-day vulnerability The latest security update to Edge 149.0.4022.62 is dated June 9th and is based on Chromium 149.0.7827.103. It also addresses 74 Chromium vulnerabilities, which are not included in the total number of vulnerabilities mentioned above, nor are the over 400 Chromium vulnerabilities from the previous week. A zero-day vulnerability in the Chromium base ( CVE-2026-11645 ) is also addressed. Tip: Whether you keep your Windows up to date, you need proper antivirus protections if you want your PC to remain secure and private. Check out our picks for the best antivirus software for Windows as well as best VPN services to stay ahead of security problems.

Go to News Site
Google Play Google Play App Store App Store
‘AI-pilled’ firms spend $7,500 per employee each m
TechCrunch
‘AI-pilled’ firms spend $7,500 per employee each month on AI
 Sources: Microsoft is restricting employees from u
Techmeme
Sources: Microsoft is restricting employees from using Claude Fable 5 because of Anthropic's new 30-day data retention requirements (Tom Warren/The Verge)
 Here’s everything new for Apple Notes in iOS 27
9to5Mac
Here’s everything new for Apple Notes in iOS 27
 Quordle Hints Today: Thursday, June 11 Clues And A
Forbes Tech
Quordle Hints Today: Thursday, June 11 Clues And Answers
 Donald Trump Is Ready for Fight Night. So Are Dono
WIRED
Donald Trump Is Ready for Fight Night. So Are Donors
 I'm a certified TV calibrator, and I rate these 3
TechRadar
I'm a certified TV calibrator, and I rate these 3 models as the best-value buys you can get for a World Cup upgrade, all based on our real-world testing
PCWorld
Windows Secure Boot deadline won’t brick your PC, but don’t
PCWorld
Windows Secure Boot deadline won’t brick your PC, but don’t ignore it
 Windows’ June update finally makes your sluggish PC feel sna
PCWorld
Windows’ June update finally makes your sluggish PC feel snappier
 Best VPNs for torrenting: 5 top picks for speed, privacy, an
PCWorld
Best VPNs for torrenting: 5 top picks for speed, privacy, and security
 Most VPNs say they don’t keep logs. Here’s how X-VPN backs u
PCWorld
Most VPNs say they don’t keep logs. Here’s how X-VPN backs up the claim
 Valve kills physical Steam gift cards because you keep getti
PCWorld
Valve kills physical Steam gift cards because you keep getting scammed
 Acer’s Core Ultra 7 laptop with 16GB RAM is just $550 right
PCWorld
Acer’s Core Ultra 7 laptop with 16GB RAM is just $550 right now
 The best quiet wireless keyboard I’ve used is on sale for $1
PCWorld
The best quiet wireless keyboard I’ve used is on sale for $110 now
 Ugreen Maxidok review: The Thunderbolt 5 dock built for seri
PCWorld
Ugreen Maxidok review: The Thunderbolt 5 dock built for serious desks
 Anker’s $15 split USB-C cable fast-charges two devices at on
PCWorld
Anker’s $15 split USB-C cable fast-charges two devices at once
 Google Search knows where you live. Here’s how to claw back
PCWorld
Google Search knows where you live. Here’s how to claw back some privacy
 Could private jets predict the end of the world? This site t
PCWorld
Could private jets predict the end of the world? This site thinks so
 Robot vacuums promised hands-free cleaning. The reality is m
PCWorld
Robot vacuums promised hands-free cleaning. The reality is messier
 Lenovo IdeaPad Slim 5x review: A no-nonsense Snapdragon X2 l
PCWorld
Lenovo IdeaPad Slim 5x review: A no-nonsense Snapdragon X2 laptop
 Get officially certified in Claude AI for just $19.99
PCWorld
Get officially certified in Claude AI for just $19.99
 Ayaneo’s Pocket Play mashes a gaming handheld with a sliding
PCWorld
Ayaneo’s Pocket Play mashes a gaming handheld with a sliding phone
 Claude’s ‘too dangerous’ AI model is finally public. But the
PCWorld
Claude’s ‘too dangerous’ AI model is finally public. But there’s a catch
 AMD’s David McAfee chats with us: Ryzen, Radeon, and the les
PCWorld
AMD’s David McAfee chats with us: Ryzen, Radeon, and the lessons of AM4
 Best SSDs: From SATA to PCIe 5.0, from budget to premium
PCWorld
Best SSDs: From SATA to PCIe 5.0, from budget to premium
 ChatGPT can be hijacked without you knowing. Lockdown Mode i
PCWorld
ChatGPT can be hijacked without you knowing. Lockdown Mode is the fix
 My A/C unit came with a cruddy manual. Claude made a better
PCWorld
My A/C unit came with a cruddy manual. Claude made a better one
 Microsoft is force-installing M365 Copilot again after a bri
PCWorld
Microsoft is force-installing M365 Copilot again after a brief pause
 5 small but clever Apple AI features that actually look usef
PCWorld
5 small but clever Apple AI features that actually look useful
 The last lifeline for uBlock Origin in Chrome is almost gone
PCWorld
The last lifeline for uBlock Origin in Chrome is almost gone for good
 I can’t wait for this new Chrome security feature to take of
PCWorld
I can’t wait for this new Chrome security feature to take off
 Samsung’s Odyssey G51F is now $160. Score 1440p/180Hz for ch
PCWorld
Samsung’s Odyssey G51F is now $160. Score 1440p/180Hz for cheap
 Geekom’s A6 mini PC drops to $479, a solid workstation with
PCWorld
Geekom’s A6 mini PC drops to $479, a solid workstation with gaming chops
 RTX Spark vs. Snapdragon X2 Elite: Which chip do you want in
PCWorld
RTX Spark vs. Snapdragon X2 Elite: Which chip do you want in your AI PC?
 Privacy is the linchpin of Apple’s AI relaunch
PCWorld
Privacy is the linchpin of Apple’s AI relaunch
 Cut out ads, trackers, and phishing links on 9 devices for l
PCWorld
Cut out ads, trackers, and phishing links on 9 devices for life — $15.97 with no subscription fees
 Best PC computer deals: Top picks from desktops to all-in-on
PCWorld
Best PC computer deals: Top picks from desktops to all-in-ones
 Apple’s new Siri just works. Why can’t Copilot?
PCWorld
Apple’s new Siri just works. Why can’t Copilot?
 Watch: Intel’s Tom Petersen talks Arc G3 and handheld gaming
PCWorld
Watch: Intel’s Tom Petersen talks Arc G3 and handheld gaming at Computex
 Upgrade to a 4K OLED gaming monitor for just $599
PCWorld
Upgrade to a 4K OLED gaming monitor for just $599
 Best Chromebooks 2026: Top picks for work, school, and more
PCWorld
Best Chromebooks 2026: Top picks for work, school, and more
 Edge’s Master Password is gone. Your face now protects your
PCWorld
Edge’s Master Password is gone. Your face now protects your passwords
 Can’t afford a laptop? Acer has a screen/keyboard hack for y
PCWorld
Can’t afford a laptop? Acer has a screen/keyboard hack for your phone
 Dual-lens Baseus X1 Pro solar security camera drops to new l
PCWorld
Dual-lens Baseus X1 Pro solar security camera drops to new lowest price
 Samsung’s fast T7 portable SSD finally drops in price: $190
PCWorld
Samsung’s fast T7 portable SSD finally drops in price: $190 (was $285)
 Meet the hidden Windows 11 tool that reveals what Task Manag
PCWorld
Meet the hidden Windows 11 tool that reveals what Task Manager misses
 Protect and encrypt your files with this free app
PCWorld
Protect and encrypt your files with this free app