Update Your PC Now to Patch These 206 Flaws
Three of the bugs addressed on Microsoft's Patch Tuesday were zero-days.
UsenB
Emily Long Freelance Writer
Experience
Emily Long is a freelance writer based in Salt Lake City.
After graduating from Duke University, she spent several years reporting on the federal workforce for Government Executive, a publication of Atlantic Media Company, in Washington, D.C. She has nearly a decade of experience as a freelancer covering tech (including issues related to security, privacy, and streaming) as well as personal finance and travel.
In addition to Lifehacker, her work has been featured on Wirecutter, Tom’s Guide, and ZDNET. Emily has also worked as a travel guide around the U.S. and as a content editor. She has a masters in social work and is a licensed therapist in Utah.
June 10, 2026
Add as a preferred source on Google
Credit: Smith Collection/Gado/Getty Images
Key Takeaways
Microsoft's June security update, known as Patch Tuesday, is the company's largest ever, with fixes for more than 200 bugs. Three of the vulnerabilities are zero-days that have been publicly disclosed. Your device should receive the update automatically, but you can update if it hasn't.Table of Contents
Microsoft's June security update, known as Patch Tuesday, is the company's largest ever, with fixes for more than 200 bugs—three of which are zero-days that have been publicly disclosed.
The release addresses 206 flaws across the following categories, according to The Hacker News: 63 elevation-of-privilege vulnerabilities, 20 security feature bypass vulnerabilities, 56 remote-code-execution vulnerabilities, 30 information disclosure vulnerabilities, 27 spoofing vulnerabilities, seven denial of service vulnerabilities, and three tampering vulnerabilities. Thirty-nine of the bugs are rated "critical" and include remote code execution, elevation of privilege, and information disclosure flaws.
Patch Tuesday updates are typically released at 10 am PT on the second Tuesday of every month, and you should receive them automatically. You can update if it hasn't; check the status of your PC via Start > Settings > Windows Update and select Check for Windows updates. Then install any available updates.
These three publicly disclosed zero-days were patched in June
Zero-day flaws are those that have been actively exploited or publicly disclosed before an official fix is released. In this case, the three zero-days were publicly disclosed but are not known to have been exploited in the wild.
The first zero-day, labeled CVE-2026-45586, is an elevation of privilege vulerability in the Windows Collaborative Translation Framework that allows an authorized attacker to gain SYSTEM privileges via improper link resolution. According to BleepingComputer, this flaw was identified by the security researcher Nightmare Eclipse.
What do you think so far?
The second zero-day (CVE-2026-49160) is an HTTP.sys denial of service vulnerability that abuses the HTTP/2 protocol, allowing attackers to tie up memory and cause performance issues or outages. Researchers at Calif.io have been credited with discovering this bug.
Finally, CVE-2026-50507 is a Windows Bitlocker security feature bypass vulnerability that would allow a local attacker to gain access to an encrypted drive using files on a USB drive or EFI partition. The patch for this flaw also addressed a vulnerability that was publicly disclosed by Nightmare Eclipse last month.
The Download Newsletter Never miss a tech story
Jake Peterson
Get the latest tech news, reviews, and advice from Jake and the team.
The Download NewsletterNever miss a tech story. Get the latest tech news, reviews, and advice from Jake and the team.
