MICROSOFT'S June 2026 Patch Tuesday released a record 208 CVEs, significantly surpassing the previous monthly record of 177 CVEs. Noteworthy vulnerabilities include CVE-2026-41091, actively exploited and affecting Microsoft Defender; CVE-2026-45657, a critical Windows Kernel RCE flaw; CVE-2026-47291, another critical RCE in HTTP.sys; and CVE-2026-44815, a DHCP Client Service vulnerability. Microsoft noted that the total CVE count for 2026 has already exceeded the full year of 2018.
The updates include fixes for various Microsoft products and some third-party components. With this release, there are concerns about whether this will become a new norm for CVE counts, prompting discussions among sysadmins about prioritization and patch management.