Microsoft this week released 206 updates affecting Windows, Office, Exchange Server, and its developer tools — including three Windows vulnerabilities already publicly disclosed. That trio includes an elevation of privilege in the Collaborative Translation Framework (CVE-2026-45586), a denial of service in HTTP.sys (CVE-2026-49160), and a BitLocker security feature bypass (CVE-2026-50507). At the moment, none appear to be under active exploitation, but all three are rated “Exploitation More Likely.”
Even without an exploited zero-day, the June 2026 Patch Tuesday release requires Patch Now recommendations for Windows, Office, and Exchange. The latter is back in the patch picture with a consolidated security update that Microsoft recommends installing “as soon as possible.”
The Readiness team suggests testing start with domain controllers, Hyper-V hosts, anything self-hosting on HTTP.sys, and Outlook-heavy desktops — in that order. To help navigate these changes, here’s a useful infographic detailing the risks of deploying the updates to each platform.
(More information about recent Patch Tuesday releases is available here.)
Known issues
