惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

GbyAI
GbyAI
Simon Willison's Weblog
Simon Willison's Weblog
Microsoft Security Blog
Microsoft Security Blog
Y
Y Combinator Blog
The GitHub Blog
The GitHub Blog
Engineering at Meta
Engineering at Meta
F
Fortinet All Blogs
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
A
About on SuperTechFans
Last Week in AI
Last Week in AI
月光博客
月光博客
有赞技术团队
有赞技术团队
P
Proofpoint News Feed
MyScale Blog
MyScale Blog
Martin Fowler
Martin Fowler
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
Check Point Blog
U
Unit 42
The Register - Security
The Register - Security
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
阮一峰的网络日志
阮一峰的网络日志
V
Visual Studio Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
D
DataBreaches.Net
WordPress大学
WordPress大学
aimingoo的专栏
aimingoo的专栏
H
Hacker News: Front Page
Recent Announcements
Recent Announcements
C
CXSECURITY Database RSS Feed - CXSecurity.com
Latest news
Latest news
小众软件
小众软件
P
Palo Alto Networks Blog
PCI Perspectives
PCI Perspectives
Security Latest
Security Latest
S
Secure Thoughts
Scott Helme
Scott Helme
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs
P
Proofpoint News Feed
M
MIT News - Artificial intelligence
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Google DeepMind News
Google DeepMind News
Recorded Future
Recorded Future
O
OpenAI News
S
Securelist
云风的 BLOG
云风的 BLOG
H
Help Net Security
T
Troy Hunt's Blog

Arctic Wolf

Home-Field Disadvantage: AiTM, QR-Code Phishing, and Infostealers at the 2026 FIFA World Cup arcticwolf.com arcticwolf.com Celebrating Arctic Wolf’s 2026 Partner of the Year Winners at Global Partner Kickoff Die Auswahl Einer Vulnerability Management-Lösung The Hidden Economics of the Agentic SOC The Hidden Economics of the Agentic SOC | Arctic Wolf Security Operations in Maschinen-Geschwindigkeit Aurora Mobile Threat Defense — Addressing Your Highest‑Trusted, Least Protected Endpoints - Arctic Wolf Aurora Mobile Threat Defense — Addressing Your Highest‑Trusted, Least Protected Endpoints - Arctic Wolf How Aurora Managed Endpoint Defense Combines Experts and Technology to Simplify Security Aurora Endpoint Sicherheitsportfolioa | Arctic Wolf From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services From Token Bingo to MAX Takeover: Kali365 Operator Expands Operation Across Microsoft Outlook, Okta, Xerox DocuShare, and Other Services arcticwolf.com arcticwolf.com Arctic Wolf Product Updates: May 2026 arcticwolf.com Arctic Wolf Product Updates: May 2026 FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch - Arctic Wolf FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch What’s New What’s Next with Arctic Wolf: May 2026 Update Cybersecurity Trends in the Age of AI arcticwolf.com Arctic Wolf、AI搭載のモバイル脅威防御ソリューションを発表、 増加するモバイル端末を標的としたサイバー攻撃から組織を保護 How Arctic Wolf Aurora Mobile Threat Defense Protects the Mobile Attack Surface How AI Is Transforming Detection Engineering 「Aurora Mobile Threat Defense」の提供が開始されました Accelerating Cloud Security Outcomes Together: Why Arctic Wolf and Wiz are Redefining What’s Possible - Arctic Wolf InfoSecurity Europe 2026 OpenAI Daybreak and the Future of Secure Software Development - Arctic Wolf OpenAI Daybreak and the Future of Secure Software Development Turning Security Telemetry Into Actionable Insights | Arctic Wolf Detecting Identity Attacks at Scale with Herd Immunity Detecting Identity Attacks at Scale with Herd Immunity | Arctic Wolf arcticwolf.com arcticwolf.com PowerShell Security | Arctic Wolf How to Gain Visibility and Reduce Exposure with Aurora Attack Surface Management arcticwolf.com Mini Shai-Hulud: Supply Chain Malware Attack arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com Arctic Wolf Introduces the Next Era of Exposure Management to Help Organizations Outpace AI-Accelerated Vulnerability Discovery Arctic Wolf Launches AI-Powered Mobile Threat Defense to Protect Organizations Against Growing Mobile-based Cyber Threats Aurora Mobile Threat Defense is Now Available Turning Visibility Into Action: Introducing Aurora Exposure Management Protecting Against IOT Security Risks | Arctic Wolf CVE-2026-0300 — Critical Buffer Overflow in PAN-OS User-ID Authentication Portal IoT Security Risks | Arctic Wolf arcticwolf.com Should Your Organization Rely on XDR? | Arctic Wolf 止まらないランサムウェア被害 - Qilinの事案から読み解く、検知、対応と経営判断 arcticwolf.com Why Cybersecurity Still Matters Even If AI Improves Secure Development | Arctic Wolf Aurora® Attack Surface Management For Healthcare arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com arcticwolf.com CVE-2026-41940: Critical Exploited Authentication Bypass Vulnerability in cPanel & WHM Why Vulnerability Prioritization Requires More Than a Score | Arctic Wolf Token Bingo: Don’t Let Your Code be the Winner EFM Philadelphia IT Symposium MN Bankers Operations and Technology Conference SecureMiami 2025 Cyber Identity Summit – Ottawa MISA Exec Summit – Victoria Arkansas IT Symposium – efmEvents Cybersecurity Summit – Boston Houston Technology Summit – elevateIT Nevada Public Sector Cybersecurity Summit SecureWorld Philadelphia Nick Schneider of Arctic Wolf named Entrepreneur Of The Year® 2026 Heartland finalist by EY US arcticwolf.com arcticwolf.com Introducing Decipio: A Community Tool to Catch Credential Theft in the Act with Defense First AI Arctic Wolf Introduces Decipio, a Community Tool to Catch Credential Theft with Defense‑First AI Proxy Server Endpoint Endpoint Detection and Response AIマルウェアの急増:その挙動、攻撃主体の特定、防御体制の備え arcticwolf.com arcticwolf.com Project Glasswing Marks a Turning Point for Cybersecurity Frontier AI Models Mark a Turning Point for Cybersecurity arcticwolf.com arcticwolf.com Building Cyber Resilience with Arctic Wolf: A Practical Approach for Security Leaders Arctic Wolf、東映デジタルラボ株式会社を Aurora Managed Endpoint Defenseで保護 Arctic Wolf Named a 2026 Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response arcticwolf.com
Microsoft Patch Tuesday Security Recap: June 2026 Edition - Arctic Wolf
Arctic Wolf Labs · 2026-06-12 · via Arctic Wolf

Arctic Wolf Security Bulletin

Arctic Wolf Security Bulletin

Arctic Wolf Security Bulletin

Threat Summary

On June 9, 2026, Microsoft released its regular Patch Tuesday security update, fixing 206 vulnerabilities (with 39 rated Critical) affecting a broad spectrum of Microsoft products including Windows kernel, Hyper-V, Remote Desktop Client, Kerberos, DHCP, BitLocker, HTTP.sys, Exchange Server, and Office. This is the largest number of vulnerabilities ever disclosed in a single security update since Microsoft begun the Patch Tuesday program 23 years ago, in October 2003.

Within this update there were ~65 Elevation of Privilege (EoP) vulnerabilities, with privilege escalation dominating this cycle. These vulnerabilities are frequently utilized by threat actors at the beginning of multi-stage attacks, chained with initial access exploits.

A total of six zero-days were addressed in this cycle. Five were publicly disclosed prior to patching, and one is activity exploited in the wild. These should be patched immediately.

Actively Exploited

CVE Title CVSS Details Exploited?
CVE-2026-42897 Microsoft Exchange Server Spoofing 8.1 Attacker sends a crafted email; if opened in Outlook Web Access, arbitrary JavaScript executes in the victim’s browser. Microsoft issued mitigations via the Exchange Emergency Mitigation Service. Yes

Publicly Disclosed Zero-Days

All five publicly disclosed zero-days trace back to a rogue security researcher operating under the alias Nightmare-Eclipse.

  • GreenPlasma (CVE-2026-45586) — CTFMON EoP
  • YellowKey (CVE-2026-45585) — BitLocker bypass
  • MiniPlasma (CVE-2020-17103) — Cloud Files EoP
  • BlueHammer, RedSun, HTTP/2 Bomb, UnDefend — patched
  • RoguePlanet — new Microsoft Defender zero-day PoC (not yet patched)
CVE Exploit Name CVSS Component Impact
CVE-2026-45586 GreenPlasma 7.8 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege → SYSTEM privileges
CVE-2026-45585 YellowKey 6.8 Windows BitLocker Security Feature Bypass → access to BitLocker-encrypted drives via WinRE
CVE-2026-50507 Bitskrieg 6.8 Windows BitLocker Security Feature Bypass → full access to encrypted data with physical access
CVE-2026-49160 HTTP/2 Bomb 7.5 HTTP.sys (HTTP/2 stack) Denial of Service → IIS server exhausted 64 GB RAM in ~45 seconds in Proof-of-Concept (PoC) tests
CVE-2020-17103 MiniPlasma 7.0 Windows Cloud Files Mini Filter Driver Elevation of Privilege → SYSTEM privileges (incomplete 2020 patch re-exploited)
RoguePlanet Windows Defender Elevation of Privilege → SYSTEM privileges (No patch issued at this time)

Recommendations

IMMEDIATE ACTIONS:

  • Inventory and identify all systems running Windows kernel, Hyper-V, Remote Desktop Client, Kerberos, DHCP, BitLocker, HTTP.sys, Exchange Server, Office, and other affected components.
  • Review vendor-specific KB articles; prioritize systems exposed to networks/internet or handling critical data.
  • Apply all June 2026 security patches immediately, namely zero-days mentioned and other immediate patching guidance actions (see below).

PATCHING GUIDANCE:

  • Remote Desktop Client (11 CVEs – 4 Critical) was the largest single-component cluster this cycle. Apply security patches for Remote Desktop Connect (RDP) enabled devices (notably for CVE-2026-44801, CVE-2026-44799, CVE-2026-42992 CVE-2026-42985).
  • Hyper-V critical out-of-bounds read vulnerabilities pertaining to CVE-2026-47652, CVE-2026-45641 and CVE-2026-45607. Apply these patches immediately on virtualized infrastructure and cloud hosts.
  • Microsoft (Office, Outlook, Word) had several critical exploits within this round-up, such as CVE-2026-45458 (Microsoft Office), CVE-2026-45456 (Microsoft Outlook) and CVE-2026-47635 (Microsoft Outlook and Word). Deploy cumulative updates as outlined by Microsoft’s June 2026 Security Update Guide.

CONFIGURATION/MONITORING:

  • Enhance monitoring/logging on domain controllers, network boundaries, email/file servers, and endpoints for abnormal behavior or exploitation attempts.
  • Cisco Talos recommends updated Snort rules to detect exploitation attempts for vulnerabilities in this cycle, notably SIDs:
    • Snort 2: Rules 66572–66577, 66581, 66589, 66590, 66594, 66595, 66601–66604
    • Snort 3: Rules 301523–301525, 301527–301529, 301531–301532

USER AWARENESS:

  • Alert users to the risks of opening unsolicited or suspicious Office/Word documents, even if received from known contacts, given the active exploitation of CVE-2026-42897.

PERSISTENT THEME AWARENESS:

A recurring pattern across multiple Patch Tuesdays continues, as attackers are investing heavily in undermining pre-OS boot integrity and full-disk encryption.

  • 8 Secure Boot Security Feature Bypass patches this month.
  • 3 BitLocker bypass vulnerabilities patched (CVE-2026-45585 YellowKey, CVE-2026-50507 Bitskrieg, CVE-2026-45658) in addition to multiple UEFI-level bypass CVEs.

LONG-TERM PREVENTION:

  • Maintain regular patch cadence with rapid deployment for Critical/Important Microsoft vulnerabilities.
  • Utilize least-privilege, strong authentication, network segmentation, and application-level controls for exposed assets.
  • Enable auto-updates on supported platforms where feasible and audit patch status via centralized management tooling (e.g., SCCM, Intune).
  • Review and validate backup and recovery procedures in case of compromise.

Temporary Workarounds

  • RDP exposure: Restrict internet-facing RDP; enforce NLA; use VPN/gateway.
  • BitLocker: Enable TPM+PIN authentication (instead of TPM-only) to mitigate YellowKey/Bitskrieg.
  • sys / HTTP/2 Bomb: Apply Microsoft’s new MaxHeadersCount registry setting (KB5102602); disable HTTP/2 where feasible on exposed IIS servers.
  • Exchange Server: Verify Exchange Emergency Mitigation Service (EEMS) is enabled; apply the CVE-2026-42897 patch urgently.
  • Hyper-V hosts: Network-segment management interfaces; audit guest-to-host trust boundaries.

References:

Share this post:

What to read next

Arctic Wolf Blog Featured Image

10 min read

Arctic Wolf Observes an Increase in Palo Alto Networks GlobalProtect Authentication Bypass Exploitation via CVE-2026-0257

June 11, 2026

Arctic Wolf Blog Featured Image

4 min read

Closing the Gap Between Vulnerability Detection and Real Risk Reduction

June 10, 2026