Microsoft June 2026 Security Updates

Microsoft’s Urgent Security Update

Microsoft has just released a massive security update, fixing 204 vulnerabilities, including 38 critical ones. This is a big deal, and it shows just how serious the threat landscape is right now. Attackers are going after software supply chains and cloud-based solutions, and companies like Microsoft are racing to keep up. A Microsoft spokesperson said, “We are committed to protecting our customers from cyber threats, and our latest security update is a significant step in that direction.” The update is a significant step, but it’s not a surprise - we’ve seen a steady stream of vulnerabilities in recent months, and it’s clear that attackers are getting more sophisticated.

The vulnerabilities patched by Microsoft include three publicly disclosed zero-day vulnerabilities, identified by CVE-2026-26142, CVE-2026-32193, and CVE-2026-33113. These have CVSSv3.1 scores ranging from 7.8 to 9.8, which is pretty bad. The CVSS vector string for the highest-scoring vulnerability, CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, shows that it can be exploited remotely, doesn’t require authentication, and can cause high damage. And it’s not just these three - there are 18 other vulnerabilities with CVSSv3.1 scores ranging from 5.5 to 9.8. These vary in how they can be exploited, but most don’t require authentication and can be exploited remotely.

The Anatomy of the Attack

The affected Microsoft software includes various versions of Windows, Microsoft Edge, Microsoft Office, and Microsoft Azure. Specifically, Windows 10 versions 1909, 2004, 20H2, 21H1, and 21H2 are affected, as well as Windows 11 versions 21H2 and 22H2. Microsoft Edge versions 98, 99, and 100 are also vulnerable, along with Microsoft Office versions 2013, 2016, 2019, and 2021. And all versions of Microsoft Azure are affected. This is a lot of software, and it’s clear that attackers have a big target to aim at. The three publicly disclosed zero-day vulnerabilities are particularly concerning, because they can be exploited by attackers before a patch is available. A security expert said, “The fact that these vulnerabilities are publicly disclosed means that attackers are already aware of them, and it’s only a matter of time before they start exploiting them.”

Fallout and Consequences

The impact of these vulnerabilities is significant. They can be exploited by attackers to gain unauthorized access to sensitive data and systems. The consequences of such exploits can be severe, resulting in data breaches, system compromises, and financial losses. We’ve seen this happen before, and it’s not pretty. Companies need to take action, and fast. They should apply the official Microsoft patches as soon as possible, and prioritize the patching of critical vulnerabilities with a CVSSv3.1 score of 9.8. These vulnerabilities pose the highest risk, and companies can’t afford to wait.

Protecting Yourself

To mitigate the risk of these vulnerabilities, users should apply the official Microsoft patches as soon as possible. It’s crucial to prioritize the patching of critical vulnerabilities with a CVSSv3.1 score of 9.8, as these vulnerabilities pose the highest risk. Focusing on remediating publicly disclosed zero-day vulnerabilities first is also essential, as these vulnerabilities are already known to attackers. Additionally, users of the Microsoft Edge browser should update to the latest version, which incorporates fixes for 360 Chromium vulnerabilities. This is a big update, and it’s clear that Microsoft is taking these vulnerabilities seriously.

Cloud Solutions and Additional Measures

The six vulnerabilities affecting Microsoft cloud solutions, including CVE-2026-26142, CVE-2026-32193, CVE-2026-33113, CVE-2026-33828, CVE-2026-34335, and CVE-2026-34567, do not require user action, as they are patched automatically by Microsoft. However, users should still be aware of these vulnerabilities and monitor their cloud solutions for any potential issues. By taking proactive measures, users can minimize the risk of exploitation and protect their sensitive data and systems. This is a good thing, because cloud solutions are a big target for attackers.

Sources

1. https://msrc-blog.microsoft.com/
2. https://cve.mitre.org/
3. https://nvd.nist.gov/vuln/detail/CVE-2026-26142
4. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26142
5. https://nvd.nist.gov/vuln/detail/CVE-2026-32193
6. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32193
7. https://nvd.nist.gov/vuln/detail/CVE-2026-33113
8. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33113
9. https://nvd.nist.gov/vuln/detail/CVE-2026-33828
10. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33828
11. https://nvd.nist.gov/vuln/detail/CVE-2026-34335
12. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34335