⚡ TL;DR | Go Straight to the June 2026 Patch Tuesday Audit Report
Patch Tuesday is once again upon us. As always, our team has put together the monthly Patch Tuesday Report to help you manage your update progress. The audit report gives you a quick and clear overview of your Windows machines and their patching status. The June 2026 edition of Patch Tuesday brings us 229 fixes, with 33 rated as critical. We’ve listed the most important changes below.–
Windows HTTP.sys Remote Code Execution Vulnerability
CVE-2026-47291 is the one to patch first this month. HTTP.sys is the kernel-mode driver that sits underneath IIS and a long list of other Windows services, so a flaw here reaches a lot further than a single application. With a CVSS score of 9.8, this is an unauthenticated remote code execution bug that an attacker can trigger over the network without any privileges and without any user interaction.
In practice that means a specially crafted request sent to a vulnerable, internet-facing Windows web server could let an attacker run code in the context of the kernel. The combination of network reach, no authentication, and no clicks required is exactly the profile that tends to get weaponized quickly, and it gives this one real wormable potential. If you run any public-facing IIS or HTTP.sys-backed service, treat this as your top priority.
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44803 and CVE-2026-44812 are two critical remote code execution flaws in the Windows Graphics Component, both rated 7.8 and both assessed by Microsoft as more likely to be exploited. They share the same shape: an attacker crafts a malicious file or image, and code runs the moment the target opens it.
Exploitation is local and requires user interaction, so these rely on the usual delivery methods, a phishing attachment, a download, or a booby-trapped document, rather than a direct network hit. The graphics-rendering stack is a perennial favorite for attackers precisely because rendering an image is something users do without a second thought, which makes prompt patching the only reliable defense here.
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-47634 and CVE-2026-45481 are two spoofing vulnerabilities in on-premises Microsoft SharePoint Server, each rated 7.3 and flagged as more likely to be exploited. Both are network-accessible and require only low privileges plus some user interaction to pull off.
Run the Patch Tuesday June 2026 Audit
To help manage your update progress, we’ve created the Patch Tuesday Audit that checks if the assets in your network are on the latest patch updates. The report has been color-coded to see which machines are up-to-date and which ones still need to be updated. As always, system administrators are urged to update their environment as soon as possible to ensure all endpoints are secured.
The Lansweeper Patch Tuesday report is automatically added to your Lansweeper Site. Lansweeper Sites is included in all our licenses without any additional cost and allows you to federate all your installations into one single view so all you need to do is look at one report, automatically added every patch Tuesday!
Patch Tuesday June 2026 CVE Codes & Titles
| CVE | Title |
| CVE-2025-10263 | ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel] |
| CVE-2026-10722 | cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow |
| CVE-2026-10879 | DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders |
| CVE-2026-11463 | USCiLab Cereal Shared Pointer type confusion |
| CVE-2026-26142 | Nuance PowerScribe Remote Code Execution Vulnerability |
| CVE-2026-27145 | Inefficient candidate hostname parsing in crypto/x509 |
| CVE-2026-32193 | Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability |
| CVE-2026-33113 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-33828 | Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability |
| CVE-2026-34335 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-37460 | Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. |
| CVE-2026-40371 | Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability |
| CVE-2026-40376 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2026-40404 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| CVE-2026-40409 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| CVE-2026-40930 | LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body |
| CVE-2026-41092 | Microsoft Kinect Elevation of Privilege Vulnerability |
| CVE-2026-41098 | Azure Stack Edge Spoofing Vulnerability |
| CVE-2026-41108 | Windows DNS Client Elevation of Privilege Vulnerability |
| CVE-2026-42504 | Quadratic complexity in WordDecoder.DecodeHeader in mime |
| CVE-2026-42507 | Arbitrary inputs are included in errors without any escaping in net/textproto |
| CVE-2026-42828 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2026-42829 | Windows Administrator Protection Secure Feature Bypass Vulnerability |
| CVE-2026-42835 | Microsoft Teams for Android Information Disclosure Vulnerability |
| CVE-2026-42836 | Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability |
| CVE-2026-42837 | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2026-42902 | Microsoft PowerToys Elevation of Privilege Vulnerability |
| CVE-2026-42903 | Windows Kerberos Denial of Service Vulnerability |
| CVE-2026-42904 | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-42905 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-42906 | Windows Shell Information Disclosure Vulnerability |
| CVE-2026-42907 | Windows Shell Information Disclosure Vulnerability |
| CVE-2026-42908 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2026-42909 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-42910 | Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability |
| CVE-2026-42911 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-42912 | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2026-42913 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-42914 | Windows Kerberos Denial of Service Vulnerability |
| CVE-2026-42915 | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2026-42916 | NT OS Kernel Elevation of Privilege Vulnerability |
| CVE-2026-42968 | Windows Telephony Server Information Disclosure Vulnerability |
| CVE-2026-42969 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2026-42970 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2026-42971 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2026-42972 | Windows Hyper-V Information Disclosure Vulnerability |
| CVE-2026-42973 | Windows Push Notification Information Disclosure Vulnerability |
| CVE-2026-42974 | Windows Performance Monitor Remote Code Execution Vulnerability |
| CVE-2026-42977 | Windows Push Notifications Elevation of Privilege Vulnerability |
| CVE-2026-42978 | Windows Push Notifications Elevation of Privilege Vulnerability |
| CVE-2026-42979 | Windows Push Notifications Elevation of Privilege Vulnerability |
| CVE-2026-42980 | NT OS Kernel Elevation of Privilege Vulnerability |
| CVE-2026-42981 | Windows Performance Monitor Remote Code Execution Vulnerability |
| CVE-2026-42983 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-42984 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-42985 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-42986 | Microsoft Graphics Component Elevation of Privilege Vulnerability |
| CVE-2026-42987 | Windows Deployment Services (WDS) Remote Code Execution |
| CVE-2026-42989 | Winlogon Elevation of Privilege Vulnerability |
| CVE-2026-42991 | Windows Push Notifications Elevation of Privilege Vulnerability |
| CVE-2026-42992 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-42993 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-43958 | Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service |
| CVE-2026-44799 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-44801 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-44802 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-44803 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2026-44804 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-44805 | Windows Network Controller (NC) Host Agent Denial of Service Vulnerability |
| CVE-2026-44807 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-44808 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-44809 | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2026-44810 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| CVE-2026-44811 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-44812 | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2026-44813 | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-44814 | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2026-44815 | DHCP Client Service Remote Code Execution Vulnerability |
| CVE-2026-44817 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-44818 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-44819 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-44820 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-44821 | Microsoft Office Information Disclosure Vulnerability |
| CVE-2026-44822 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2026-44823 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-44824 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45453 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45454 | Microsoft SharePoint Remote Code Execution Vulnerability |
| CVE-2026-45455 | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2026-45456 | Microsoft Outlook and Word Remote Code Execution Vulnerability |
| CVE-2026-45457 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-45458 | Microsoft Outlook and Word Remote Code Execution Vulnerability |
| CVE-2026-45459 | Microsoft Excel Security Feature Bypass Vulnerability |
| CVE-2026-45460 | Microsoft Office Information Disclosure Vulnerability |
| CVE-2026-45461 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45462 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45463 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45464 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45465 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45466 | Microsoft Word Information Disclosure Vulnerability |
| CVE-2026-45467 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45468 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45469 | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-45471 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-45472 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45474 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45475 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45476 | Microsoft Azure Network Adapter Elevation of Privilege Vulnerability |
| CVE-2026-45479 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45481 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-45482 | Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability |
| CVE-2026-45483 | Microsoft Office Project Server Spoofing Vulnerability |
| CVE-2026-45484 | Microsoft SharePoint Elevation of Privilege Vulnerability |
| CVE-2026-45485 | Microsoft Office Information Disclosure Vulnerability |
| CVE-2026-45486 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-45487 | Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability |
| CVE-2026-45490 | .NET SDK Elevation of Privilege Vulnerability |
| CVE-2026-45491 | .NET Tampering Vulnerability |
| CVE-2026-45500 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2026-45501 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2026-45502 | Microsoft Exchange Server Information Disclosure Vulnerability |
| CVE-2026-45503 | Microsoft Exchange Server Information Disclosure Vulnerability |
| CVE-2026-45504 | Microsoft Exchange Server Elevation of Privilege Vulnerability |
| CVE-2026-45583 | Microsoft Exchange Server Remote Code Execution Vulnerability |
| CVE-2026-45586 | Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability |
| CVE-2026-45588 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-45591 | ASP.NET Core Denial of Service Vulnerability |
| CVE-2026-45592 | Windows Internet (wininet.dll) Elevation of Privilege Vulnerability |
| CVE-2026-45593 | Windows SDK Elevation of Privilege Vulnerability |
| CVE-2026-45594 | Windows Application Identity (AppID) Information Disclosure Vulnerability |
| CVE-2026-45595 | Windows Mark of the Web Security Feature Bypass Vulnerability |
| CVE-2026-45596 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-45597 | Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability |
| CVE-2026-45598 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-45599 | Windows UPnP Device Host Remote Code Execution Vulnerability |
| CVE-2026-45600 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability |
| CVE-2026-45601 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-45602 | Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability |
| CVE-2026-45603 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-45604 | Windows Managed Installer Information Disclosure Vulnerability |
| CVE-2026-45605 | Windows Bluetooth Service Elevation of Privilege Vulnerability |
| CVE-2026-45606 | Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability |
| CVE-2026-45607 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-45608 | Windows DHCP Client Information Disclosure Vulnerability |
| CVE-2026-45634 | Windows DHCP Client Information Disclosure Vulnerability |
| CVE-2026-45635 | Windows UPnP Device Host Remote Code Execution Vulnerability |
| CVE-2026-45636 | Windows NTFS Remote Code Execution Vulnerability |
| CVE-2026-45637 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-45638 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-45639 | Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability |
| CVE-2026-45640 | Windows Bluetooth Port Driver Elevation of Privilege Vulnerability |
| CVE-2026-45641 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-45642 | Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability |
| CVE-2026-45643 | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-45644 | Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability |
| CVE-2026-45645 | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-45647 | Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability |
| CVE-2026-45648 | Windows Active Directory Domain Services Remote Code Execution Vulnerability |
| CVE-2026-45649 | Office for Android Spoofing Vulnerability |
| CVE-2026-45650 | Microsoft Bing Search Spoofing Vulnerability |
| CVE-2026-45653 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-45654 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-45655 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2026-45656 | UEFI Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-45657 | Windows Kernel Remote Code Execution Vulnerability |
| CVE-2026-45658 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2026-46250 | MIPS: Work around LLVM bug when gp is used as global register variable |
| CVE-2026-46272 | coresight: tmc-etr: Fix race condition between sysfs and perf mode |
| CVE-2026-46273 | ibmveth: Disable GSO for packets with small MSS |
| CVE-2026-47281 | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2026-47284 | Visual Studio Code Information Disclosure Vulnerability |
| CVE-2026-47287 | Visual Studio Code Tampering Vulnerability |
| CVE-2026-47288 | Windows Kerberos Key Distribution Center (KDC) Remote Code Execution |
| CVE-2026-47289 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-47291 | HTTP.sys Remote Code Execution Vulnerability |
| CVE-2026-47292 | Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability |
| CVE-2026-47293 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability |
| CVE-2026-47298 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-47631 | Microsoft Exchange Server Spoofing Vulnerability |
| CVE-2026-47634 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-47635 | Microsoft Outlook and Word Remote Code Execution Vulnerability |
| CVE-2026-47636 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-47637 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-47638 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-47639 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-47640 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-47641 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-47643 | Azure Stack Edge Remote Code Execution Vulnerability |
| CVE-2026-47648 | Windows Storage Elevation of Privilege Vulnerability |
| CVE-2026-47652 | Windows Hyper-V Remote Code Execution Vulnerability |
| CVE-2026-47653 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-47654 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-47656 | Windows Boot Manager Security Feature Bypass Vulnerability |
| CVE-2026-48560 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-48562 | Microsoft SharePoint Server Spoofing Vulnerability |
| CVE-2026-48563 | Remote Desktop Client Remote Code Execution Vulnerability |
| CVE-2026-48565 | Windows Narrator Braille Elevation of Privilege Vulnerability |
| CVE-2026-48566 | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2026-48568 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-48569 | Visual Studio Code Security Feature Bypass Vulnerability |
| CVE-2026-48570 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-48573 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-48574 | Windows Media Remote Code Execution Vulnerability |
| CVE-2026-48575 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-48576 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-48578 | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-48583 | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-49160 | HTTP.sys Denial of Service Vulnerability |
| CVE-2026-49161 | Microsoft PC Manager Security Feature Bypass Vulnerability |
| CVE-2026-49975 | Apache HTTP Server: mod_http2 denial of service |
| CVE-2026-50031 | ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. |
| CVE-2026-50219 | libexpat before 2.8.2 lacks handler call depth tracking, leading to a use-after-free |
| CVE-2026-50256 | xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch |
| CVE-2026-50257 | xorg-x11-server: use-after-free in misyncdestroyfence() |
| CVE-2026-50258 | xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels |
| CVE-2026-50259 | xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing |
| CVE-2026-50260 | xorg-x11-server: use-after-free in freecounter() |
| CVE-2026-50261 | xorg-x11-server: use-after-free in syncchangecounter() |
| CVE-2026-50262 | xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes |
| CVE-2026-50263 | xorg-x11-server: use-after-free information disclosure in createsaverwindow() |
| CVE-2026-50265 | Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 |
| CVE-2026-50292 | In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution |
| CVE-2026-50507 | Windows BitLocker Security Feature Bypass Vulnerability |
| CVE-2026-50508 | Windows NTLM Spoofing Vulnerability |
| CVE-2026-50511 | Microsoft PC Manager Elevation of Privilege Vulnerability |
| CVE-2026-50512 | Microsoft PC Manager Elevation of Privilege Vulnerability |
| CVE-2026-7774 | tarfile.data_filter path traversal bypass allows writing outside the extraction directory |
| CVE-2026-8643 | pip can extract console_scripts and gui_scripts outside installation directory |
| CVE-2026-8863 | UEFI Secure Boot Security Feature Bypass Vulnerability |