ON June 10, 2026, Microsoft addressed 200 vulnerabilities in its latest Patch Tuesday updates, including three critical zero-days. Notable issues include CVE-2026-49160 (the "HTTP/2 Bomb"), which poses a denial of service risk, CVE-2026-50507 related to BitLocker bypass, and CVE-2026-45586 that allows privilege escalation. Key statistics from the updates show that 33 vulnerabilities were deemed critical, with 28 classified as remote code execution (RCE).
Other significant vulnerabilities include flaws in the Windows Graphics Component and the Remote Desktop Client, urging system administrators to prioritize patching these security threats.