Microsoft's June 2026 Patch Tuesday Smashes Record With Over 200 Security Fixes
As I touched on just yesterday with Google patching 74 security holes in Chrome, these increasing numbers can largely be attributed to AI. AI tools have proven to be a major factor for both the the discovery of vulnerabilities as well as the development of new exploits based on them. This isn't to say that AI has supplanted traditional development tools, since Google even listed a number of non-AI tools it used to discover Chrome vulnerabilities. AI tools have unquestionably increased the pace at which both sides of cybersecurity operate, though.
Per BleepingComputer's coverage of June 2026's Patch Tuesday, the 206 vulnerabilities patched include 33 Critical vulnerabilities, 28 of which correspond to RCE (remote code execution) exploits. Four critical CVEs offer improper elevation of privilege, and 1 CVE is an information disclosure flaw. Stepping back to the full list, a full 65 Elevation of Privilege CVEs actually outnumber a total 55 RCE CVEs. There are also 30 Information Disclosure CVEs, 27 Spoofing CVEs, 19 Security Feature Bypass CVEs, and 7 Denial of Service CVEs.
In total, of the 206 CVEs addressed this Patch Tuesday, five are zero-day vulnerabilities. With this update, all of Nightmare-Eclipse's initial bombshell Windows vulnerabilities have been patched, which is sure to be a relief for both Microsoft and Windows users at large. His original GitHub account has also been banned, but he has reportedly created a new account, so we likely haven't seen the last of him.

I did find something else interesting when reviewing the official list of 206 CVEs patched, though. Of the 206 CVEs, 42 are marked as "Exploitation Unlikely," and another 142 are marked as "Exploitation Less Likely." Only 15 are marked as "More Likely," and 4 are marked "N/A" in terms of exploitation likelihood.
This makes the overwhelming majority of these patches pre-emptive rather than responsive on Microsoft's part, but that's a good thing when it comes to cybersecurity. It does make for some amusing patch notes, though—who would have thought that Microsoft would be patching an Elevation of Privilege vulnerability for the Kinect of all things in 2026?