Virtual Administrator’s June 2026 Patch Recommendations

Patch Recommendations

All new patches will be approved in our patch policy.

 

This month Microsoft released patches for 198 vulnerabilities with 33 rated “Critical” in severity.

Buckle up! June brings 198 patches. This is a record blowing past the previous 167 last October. Microsoft warned of this in Tom Gallagher’s May 12th blog post. Apparently AI is very good at finding vulnerabilities. Let’s hope it’s also good at finding bugs in the patches for those vulnerabilities. There are 3 zero-days this month.

  • CVE-2026-49160 is a HTTP.sys Denial of Service vulnerability affecting the HTTP/2 stack.
  • CVE-2026-50507 is a Windows BitLocker Security Feature Bypass.
  • CVE-2026-45586 is a Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege vulnerability.
  • New BitLocker problems with Windows 10, but the prior Server 2025 issue has been fixed – see Known Issues below.
  • New standalone SSU for Windows 10 1607/Server 2016.

 

Disclosed: CVE-2026-45586, CVE-2026-49160, CVE-2026-50507

Exploited: None

 

Security Update Guide

https://msrc.microsoft.com/update-guide/en-us

 

Microsoft Security Advisories

ADV990001 | Latest Servicing Stack Updates (Published:3/1/2018 | Last Updated: 6/9/2026)

https://msrc.microsoft.com/update-guide/en-us/vulnerability/ADV990001

Reason for Revision: A Servicing Stack Update has been released for some versions of Windows.

NOTE: The Windows 10 Security Stack Updates are included in the monthly Cumulative Updates.

 

Heads Up!

Windows Secure Boot certificate expiration

Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates and the Windows Server Secure playbook blog.

Windows Secure Boot certificate expiration and CA updates

https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

 

Known Issues

Microsoft fixed the BitLocker issues on Server 2025 that surface in last April but there is a new BitLocker problem with Windows 10.

Microsoft continues to list unresolved older problems under the Known Issues for new patches. So if you have not yet experienced one of these issues it is unlikely it will occur now.

“Devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key”

https://support.microsoft.com/en-us/topic/june-9-2026-kb5094127-os-builds-19045-7417-and-19044-7417-bf1073f3-e317-40ac-94c7-4c23c080c7cf

Affected platforms: Windows 10 21H2/22H2

Symptoms: Some devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key on the first restart after installing this update.

This issue only affects a limited number of systems in which ALL the following conditions are true. These conditions are unlikely to be found on personal devices not managed by IT departments.

Workaround: To temporarily work around this issue, remove the Group Policy configuration before installing the update (Recommended)

Status: We are working on a resolution and will provide more information when it is available.

 

Good resource for known issues with Windows 10/11/Server patches. Find the version and click on “Known issues”.

Windows release health

https://docs.microsoft.com/en-us/windows/release-health/

 

Monthly Rollup/Security Only/Windows 10,11/Server 2016,2019,2022,2025 KBs

Links are https://support.microsoft.com/en-us/help/####### with the KB number only.

 

Security and Quality Rollup

  • KB5094041 – Windows Server 2012 R2 (ESU)
  • KB5094042 – Windows Server 2012 (ESU)

 

Cumulative Updates

Windows 10

  • KB5094127 – Version 21H2 “November 2021 Update” (OS Build 19044) (ESU)
  • KB5094127 – Version 22H2 “November 2022 Update” (OS Build 19045) (ESU)

(Versions 1507,1511,1607,1703,1709,1803,1809,1903,1909,2004,20H2,21H1 are no longer under support)

 

Windows 11

  • KB5093998 – 23H2 (OS Build 22631)
  • KB5094126 – 24H2 (OS Build 26100)
  • KB5094126 – 25H2 (OS Build 26200)
  • KB5095051 – 26H1 (OS Build 28000)

(Version 21H2,22H2 are no longer under support)

 

Windows Server

  • KB5094122 – Server 2016 (EOS January 2027)
  • KB5094123 – Server 2019 (EOS January 2029)
  • KB5094128 – Server 2022 (OS Build 20348)
  • KB5094125 – Server 2025 (OS Build 26100)

 

June 2026 updates for Microsoft Office

https://support.microsoft.com/en-us/topic/june-2026-updates-for-microsoft-office-0a7978da-f46a-428c-9632-5b690a27e20a

 

Notable CVEs

 

CVE-2026-42985 | Remote Desktop Client Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42985

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

 

CVE-2026-44815 | DHCP Client Service Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-44815

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.

 

CVE-2026-45586 | Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45586

Improper link resolution before file access (‘link following’) in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.

 

CVE-2026-45657 | Windows Kernel Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45657

Use after free in Windows Kernel allows an unauthorized attacker to execute code over a network.

 

CVE-2026-47289 | Remote Desktop Client Remote Code Execution Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47289

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

 

CVE-2026-47654 | Remote Desktop Client Remote Code Execution Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47654

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

 

CVE-2026-49160 | HTTP.sys Denial of Service Vulnerability (Cumulative Update)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-49160

Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.

 

CVE-2026-50507 | Windows BitLocker Security Feature Bypass Vulnerability (Cumulative Update/Monthly Rollup)

https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-50507

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Latest Patch Updates

Patch Recommendations

Virtual Administrator’s May 2026 Patch Recommendations

Read More

Third Party Updates 05-14-2026

Read More

Third Party Updates 4-17-2026

Read More
Patch Recommendations

Virtual Administrator’s April 2026 Patch Recommendations

Read More
Patch Recommendations

Virtual Administrator’s March 2026 Patch Recommendations

Read More

Third Party Updates 03-13-2026

Read More