Article
June 2026 Patch Tuesday: Key Vulnerabilities Overview
Introduction
Microsoft’s June security update addresses 207 vulnerabilities, including several critical issues. Many of these flaws, particularly those allowing remote code execution and affecting platforms like Windows TCP/IP and Windows DHCP Client, could be exploited by attackers to compromise your business. Importantly, some of these vulnerabilities are potentially exploitable over the internet, making prompt updates essential. In this article, we provide an overview of this month’s patches and highlight the most notable security issues that require immediate attention.
Summary of June 2026 Patch Tuesday
This month’s Patch Tuesday brings attention to several critical vulnerabilities, notably in Windows TCP/IP, Windows DHCP Client, and HTTP.sys, all of which pose a significant risk due to their internet exposure. The possibility of remote code execution and elevation of privilege underscores the criticality of swift updates. With countless organizations relying on these Windows components, the current risk landscape emphasizes vulnerabilities that could allow attackers to take control over networks if not addressed immediately.
Understanding these updates is crucial in protecting enterprise environments. Below, we categorize the vulnerabilities based on their exposure to the internet.
Updates are listed according to their CVSS Score
Exposed to internet 
June 2026 Patch Tuesday
Internal Network
Exposed to the Internet
Windows HTTP.sys – Remote Code Execution
A vulnerability in HTTP.sys could allow remote code execution with high privileges via specially crafted HTTP requests. HTTP.sys is a core component that handles HTTP requests in Windows server systems, essential for web server functionality.
Windows DHCP Client – Arbitrary Code Execution
A critical vulnerability in the Windows DHCP Client that enables remote attackers to execute arbitrary code through crafted DHCP responses. This client is vital for network operations, handling IP address assignments and configurations from a DHCP server.
Windows TCP/IP – Remote Code Execution
This critical vulnerability in Windows TCP/IP allows for remote code execution due to improper handling of specific network requests. This flaw can be exploited to deliver malicious payloads or commands remotely, posing significant risks to networked systems.
Visual Studio Code – Remote Code Execution
A vulnerability in Visual Studio Code could allow remote attackers to execute code via malicious scripts or file types due to inadequate validation of input data. Visual Studio Code is a popular code editor used for web and cloud application development as well as coding in various programming languages.
Internal Network
Windows Netlogon – Stack-Based Buffer Overflow
CVE-2026-41089 is a stack-based buffer overflow vulnerability in Windows Netlogon, a service crucial for authentication and security within a Windows domain environment. This flaw can be exploited via a specially crafted network request sent to a Windows server acting as a domain controller, potentially allowing attackers to execute code over a network.
Windows Win32K – GRFX – Privilege Elevation
A vulnerability in the Windows Win32K graphics component could permit privilege elevation and potentially lead to unauthorized system control due to flaws in graphics rendering. Win32K GRFX is key to graphical rendering in Windows applications.
Microsoft Azure Attestation – Privilege Escalation
This vulnerability in the Azure Attestation service and Device Health Attestation Service permits unauthorized privilege escalation or information disclosure due to improper access control. These services are designed to verify and ensure the security and integrity of devices and systems in cloud environments.
Windows Storage – Privilege Escalation
A flaw in Windows Storage may lead to denial-of-service conditions or escalate privileges due to improper handling of storage configurations. Windows Storage involves components for disk management and configuration, crucial for system stability and data handling.
Windows TCP/IP – Denial of Service
CVE-2026-42915 involves a vulnerability in Windows TCP/IP where improper handling of certain network packets may result in denial-of-service attacks or unauthorized system access.
Windows Kerberos – Denial of Service
A flaw in Windows Kerberos could enable denial-of-service attacks or bypass authentication mechanisms due to incorrect configuration handling. Kerberos is a critical protocol for verifying identities and securing communications in networked environments.
Conclusion
Staying ahead of potential security threats is more important than ever. This month’s updates highlight serious risks tied to internet exposure and the pressing need for regular security patches. To safeguard your systems, ensure all updates are applied promptly and maintain a vigilant stance against emerging threats.
Have questions about implementing these patches or securing your IT environment? Schedule a call with At-Bay’s Advisory Services team to get started.
About CVSS
The Common Vulnerability Scoring System (CVSS) is an industry-standard framework for evaluating and communicating the severity of software vulnerabilities. It provides a numerical score that helps organizations prioritize and address security issues effectively. CVSS scores quantify the severity of a vulnerability on a scale from 0 (no severity) to 10 (critical severity). CVSS considers multiple factors, including; Exploitability, Impact, Exploit code maturity, Remediation level, Report confidence. The system enables organizations to compare and prioritize vulnerabilities based on their potential impact on IT infrastructure.