Microsoft’s June 2026 Patch Tuesday fixes 200 flaws, including three publicly disclosed zero-day vulnerabilities in Windows Collaborative Translation Framework, HTTP.sys, and BitLocker. The update set spans critical issues across Office, SharePoint, Hyper-V, Remote Desktop Client, and Windows components, with mitigations added for the HTTP/2 “HTTP/2 Bomb” attack. #CVE-2026-45586 #CVE-2026-49160 #CVE-2026-50507 #HTTPsys #BitLocker #WindowsCollaborativeTranslationFramework #Calif #YellowKey #NightmareEclipse
Keypoints
- Microsoft patched 200 flaws in its June 2026 Patch Tuesday release.
- Three publicly disclosed zero-days were fixed, with no confirmed in-the-wild exploitation.
- CVE-2026-49160 addresses the HTTP.sys “HTTP/2 Bomb” denial-of-service issue.
- CVE-2026-50507 fixes the YellowKey BitLocker security feature bypass.
- Critical updates affect Office, SharePoint, Hyper-V, Remote Desktop Client, and Windows Kernel components.