Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
BleepingComputer • • technology
Key Points:
- Microsoft's June 2026 Patch Tuesday addresses 200 security flaws, including 33 critical vulnerabilities, with 28 of these being remote code execution issues.
- The update fixes three publicly disclosed zero-day vulnerabilities: a Windows Collaborative Translation Framework elevation of privilege (GreenPlasma), an HTTP.sys denial of service flaw ("HTTP/2 Bomb"), and a Windows BitLocker security feature bypass (YellowKey).
- The HTTP/2 Bomb vulnerability allows attackers to cause denial of service by exploiting HTTP/2 header compression, and Microsoft introduced a new registry setting, MaxHeadersCount, to help mitigate this attack.
- The BitLocker bypass vulnerability affects systems using TPM-only protection and can be exploited via specially crafted files and booting into Windows Recovery Environment; Microsoft recommends enabling TPM+PIN as a mitigation.
- Other notable security updates this month come from vendors including Adobe, Cisco, Google, Fortinet, and SAP, addressing critical flaws and zero-day exploits across various products and platforms.