惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
GRAHAM CLULEY
T
Tenable Blog
Know Your Adversary
Know Your Adversary
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Privacy International News Feed
S
Security Affairs
NISL@THU
NISL@THU
O
OpenAI News
Attack and Defense Labs
Attack and Defense Labs
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
Webroot Blog
Webroot Blog
Schneier on Security
Schneier on Security
S
SegmentFault 最新的问题
S
Schneier on Security
G
Google Developers Blog
V
V2EX
C
Check Point Blog
U
Unit 42
Google DeepMind News
Google DeepMind News
T
Threatpost
阮一峰的网络日志
阮一峰的网络日志
T
The Exploit Database - CXSecurity.com
Recent Announcements
Recent Announcements
M
MIT News - Artificial intelligence
S
Secure Thoughts
博客园 - 司徒正美
Recorded Future
Recorded Future
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
K
Kaspersky official blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
AI
AI
博客园 - 聂微东
N
News and Events Feed by Topic
SecWiki News
SecWiki News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
V
Vulnerabilities – Threatpost
P
Palo Alto Networks Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Engineering at Meta
Engineering at Meta
Recent Commits to openclaw:main
Recent Commits to openclaw:main
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
酷 壳 – CoolShell
酷 壳 – CoolShell
WordPress大学
WordPress大学
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
Project Zero
Project Zero
W
WeLiveSecurity
博客园 - Franky

Blog

CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike CrowdStrike Why AI Projects Stall and How CIOs Can Respond | CrowdStrike CrowdStrike Leads 2026 Frost Radar for Cloud Runtime Security CrowdStrike Expands Identity Leadership with OpenID and IDPro CrowdStrike 2026 Report: China Fuels Attacks on Tech CrowdStrike and Zscaler Bring Continuous Identity Security to Zero Trust Access 3 Principles to Safely Scale Agentic AI | CrowdStrike ISO 42001:2023 and the New Reality of Cloud AI Data Risk How to Stop AI-Driven Data Loss | CrowdStrike CrowdStrike and NVIDIA Bring Enterprise-Grade Security to AI Factory CrowdStrike and NVIDIA Collaboration Scales AI-Native Agents Secure Shadow AI at the Control Plane with Falcon for IT CrowdStrike Named Leader in 2026 Gartner Magic Quadrant for Endpoint Protection Shadow AI: The Hidden Risk Expanding Across the Enterprise CrowdStrike Named a Leader in Identity Threat Detection and Response Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet Measuring AI-Enabled Success: 3 Trackable KPIs New Claude Integration Brings Audit Data to Falcon Platform How to Protect Identities and Sessions from Infostealers Now Live: CrowdStrike 2026 Financial Services Threat Landscape Report Falcon AIDR Detects Threats at Prompt Layer in Kubernetes AI Apps May 2026 Patch Tuesday: Updates and Analysis | CrowdStrike AI Threat Detection with Automated Leads | CrowdStrike CrowdStrike Named a Leader in Gartner Magic Quadrant for Cyberthreat Intelligence CrowdStrike Launches Falcon OverWatch for Defender CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns Tune In: The Future of AI-Powered Vulnerability Discovery Defending Against CORDIAL SPIDER and SNARKY SPIDER CrowdStrike Expands ChatGPT Enterprise Integration CrowdStrike Named a Leader in 2026 Frost & Sullivan Radar for CNAPP CrowdStrike Expands Real-Time CDR to Google Cloud CrowdStrike Falcon Cloud Security Delivers 264% ROI CrowdStrike Falcon Platform Achieves 441% ROI in Three Years CrowdStrike Introduces Shadow AI Visibility Service How Defenders Must Respond to Frontier AI | CrowdStrike Frontier AI for Defenders: CrowdStrike and OpenAI TAC April 2026 Patch Tuesday: Updates and Analysis | CrowdStrike How CrowdStrike Accelerates Exposure Evaluation Against Threats | Blog STARDUST CHOLLIMA Likely Compromises Axios npm Package Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Detecting CVE-2026-20929: Kerberos Relay Attack via DNS CNAME Abuse How Charlotte AI Agentworks Fuels Security's Agentic Ecosystem CrowdStrike Flex for Services Expands Access to Elite Security Expertise Falcon Data Security Secures Data Wherever It Lives and Moves CrowdStrike Advances CNAPP with Adversary-Informed Risk Prioritization CrowdStrike Services and Agentic MDR Put Agentic SOC in Reach
June 2026 Patch Tuesday: Updates and Analysis | CrowdStrike
Falcon Exposure Management Team · 2026-06-09 · via Blog

Microsoft has addressed 206 vulnerabilities in its June 2026 security update release. This month's patches include fixes for three publicly disclosed zero-day vulnerabilities and 37 Critical vulnerabilities, along with 166 additional vulnerabilities of varying severity levels.

This month's leading risk types by exploitation technique are elevation of privilege with 65 patches (32%), remote code execution (RCE) with 55 patches (27%), and information disclosure with 29 (13%).

Microsoft Windows received the most patches this month with 120, followed by Extended Security Updates (ESU) with 103, and Microsoft Office with 54.

Publicly Disclosed Elevation of Privilege Vulnerability in Windows Collaborative Translation Framework

CVE-2026-45586 is an Important elevation of privilege vulnerability affecting Windows Collaborative Translation Framework (CTFMON) and has a CVSS score of 7.8. CTFMON is a core Windows component that manages text input, handwriting recognition, and language services. A link following flaw (CWE-59) allows a low-privileged local attacker to elevate privileges with no user interaction and low attack complexity. Successful exploitation could grant an attacker SYSTEM privileges.

This vulnerability was publicly disclosed, though there is no evidence of exploitation in the wild. Microsoft assesses exploitation as more likely.

Table 1. Publicly disclosed zero-day vulnerability in Microsoft Windows Collaborative Translation Framework (CTFMON)
SeverityCVSS ScoreCVEDescriptionAction Required?
Important7.8CVE-2026-45586Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege VulnerabilityYes

Publicly Disclosed Security Feature Bypass Vulnerability in Windows BitLocker

CVE-2026-50507 is an Important security feature bypass vulnerability affecting Windows BitLocker and has a CVSS score of 6.8. A missing authentication for a critical function flaw (CWE-306) allows an unauthenticated attacker with physical access to bypass BitLocker Device Encryption and gain access to encrypted data on the system storage device. While physical access is required, the attack requires no privileges or user interaction and has low attack complexity.

This vulnerability was publicly disclosed and proof-of-concept exploit code exists, though there is no evidence of exploitation in the wild. Microsoft assesses exploitation as more likely.

Table 2. Publicly disclosed zero-day security feature bypass vulnerability in Windows BitLocker
SeverityCVSS ScoreCVEDescriptionAction Required?
Important6.8CVE-2026-50507Windows BitLocker Security Feature Bypass VulnerabilityYes

Publicly Disclosed and Critical Vulnerabilities in HTTP.sys

HTTP.sys is the kernel-mode HTTP server driver in Windows that handles HTTP and HTTPS requests directly at the OS level, used by IIS and other Windows web services; vulnerabilities here can be exploited remotely against any Windows server exposing web services without requiring authentication.

CVE-2026-49160 is a publicly disclosed Important denial of service vulnerability affecting HTTP.sys and has a CVSS score of 7.5. An uncontrolled resource consumption flaw (CWE-400) in HTTP/2 allows unauthenticated remote attackers to deny service with no user interaction and low attack complexity. As part of the available fix, Microsoft has introduced a new MaxHeadersCount registry setting that allows administrators to limit the number of headers accepted in HTTP/2 and HTTP/3 requests. There is no evidence of exploitation in the wild, though Microsoft assesses exploitation as more likely.

CVE-2026-47291 is a Critical RCE vulnerability affecting HTTP.sys with a CVSS score of 9.8. Integer overflow and heap-based buffer overflow flaws (CWE-190, CWE-122) allow unauthenticated remote attackers to execute code with no user interaction and low attack complexity. An attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack to trigger the vulnerability. Systems using the default MaxRequestBytes registry value of 16,384 bytes (16 KB) are not impacted. As a pre-patch mitigation, administrators can ensure this value is set to no higher than 65,534 bytes to avoid exposure.

Table 3. Publicly disclosed zero-day vulnerability and Critical vulnerability in HTTP.sys
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical9.8CVE-2026-47291HTTP.sys Remote Code Execution VulnerabilityYes
Important7.5CVE-2026-49160HTTP.sys Denial of Service VulnerabilityYes

Critical Vulnerability in Windows Kernel

CVE-2026-45657 is a Critical RCE vulnerability affecting the Windows kernel and has a CVSS score of 9.8. Use-after-free and heap-based buffer overflow flaws (CWE-416, CWE-122) allow unauthenticated remote attackers to execute code with no user interaction and low attack complexity. An attacker could send specially crafted network traffic to trigger a flaw in how the Windows kernel processes TCP/IP data, potentially enabling code execution with SYSTEM-level privileges without requiring authentication or user interaction.

Table 4. Critical vulnerability in Windows kernel
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical9.8CVE-2026-45657Windows Kernel Remote Code Execution VulnerabilityYes

Critical Vulnerability in Nuance PowerScribe

CVE-2026-26142 is a Critical RCE vulnerability affecting Nuance PowerScribe and has a CVSS score of 9.8. Nuance PowerScribe is a radiology reporting and workflow platform widely used in healthcare environments. This deserialization of untrusted data flaw (CWE-502) allows unauthenticated remote attackers to execute code and compromise sensitive medical data and clinical infrastructure with no user interaction and low attack complexity.

Table 5. Critical vulnerability in Microsoft Nuance PowerScribe
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical9.8CVE-2026-26142Nuance PowerScribe Remote Code Execution VulnerabilityYes

Critical Vulnerability in DHCP Client Service

CVE-2026-44815 is a Critical RCE vulnerability affecting the Windows DHCP Client Service and has a CVSS score of 9.8. A stack-based buffer overflow flaw (CWE-121) allows unauthenticated remote attackers to execute code with no user interaction and low attack complexity. An attacker could exploit this by operating a rogue DHCP server on the network and responding to DHCP requests from vulnerable clients with specially crafted data. Exploitation is contingent on the target calling the DhcpGetOriginalSubnetMask API; as a pre-patch mitigation, administrators should audit and, where possible, restrict applications that call this API.

Table 6. Critical vulnerability in Windows DHCP Client Service
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical9.8CVE-2026-44815DHCP Client Service Remote Code Execution VulnerabilityYes

Critical Vulnerability in Windows Active Directory Domain Services

CVE-2026-45648 is a Critical RCE vulnerability affecting Windows Active Directory Domain Services and has a CVSS score of 8.8. A stack-based buffer overflow flaw (CWE-121) allows any domain-authenticated attacker to execute code over a network with no user interaction and low attack complexity. An attacker with access to the NSPI RPC interface could provide crafted inputs that trigger an out-of-bounds write in the directory service process, leading to memory corruption and RCE. Standard domain credentials are sufficient to trigger this vulnerability.

Table 7. Critical vulnerability in Windows Active Directory Domain Services
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.8CVE-2026-45648Windows Active Directory Domain Services Remote Code Execution VulnerabilityYes

Critical Vulnerability in Azure Kubernetes Service

CVE-2026-32193 is a Critical RCE vulnerability affecting Azure Kubernetes Service (AKS) and has a CVSS score of 8.8. A path traversal flaw (CWE-22) allows a low-privileged local attacker to execute code with no user interaction and low attack complexity. An attacker that can run an untrusted container configured with hostNetwork could send specially crafted requests to a host-level service not intended for unauthenticated access, potentially break out of the container, and gain control of the AKS worker node. Successful exploitation has a changed scope, meaning impact could extend beyond the container to resources managed by a different security authority.

Table 8. Critical vulnerability in Microsoft Azure Kubernetes Service
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.8CVE-2026-32193Azure Kubernetes Service (AKS) Remote Code Execution VulnerabilityYes

Critical Remote Code Execution Vulnerabilities in Remote Desktop Client

Seven Critical RCE vulnerabilities affecting the Remote Desktop Client were patched this month, with CVSS scores ranging from 7.5 to 8.8. All seven share a common exploitation theme: An attacker with control of a malicious Remote Desktop server could execute code on a victim's machine when the victim connects using a vulnerable Remote Desktop Client.

CVE-2026-47289, CVE-2026-42992, and CVE-2026-44799 stem from heap-based buffer overflow flaws (CWE-122). CVE-2026-47289 has low attack complexity and exploits the connection process by presenting a specially crafted RDP certificate; when the client processes the malformed certificate, the attacker could execute code on the user's device with the same privileges as the connecting user. CVE-2026-42992 and CVE-2026-44799 have high attack complexity, requiring an attacker to take additional preparatory actions before exploitation.

CVE-2026-42985, CVE-2026-44801, CVE-2026-47654, and CVE-2026-48563 stem from use-after-free flaws (CWE-416). In all four cases, an attacker with control of a Remote Desktop server could trigger RCE on a victim's machine upon connection. CVE-2026-47654 and CVE-2026-48563 additionally require an attacker to win a race condition, while CVE-2026-44801 requires additional preparatory actions prior to exploitation.

Table 9. Critical vulnerabilities in Remote Desktop Client
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.8CVE-2026-42985Remote Desktop Client Remote Code Execution VulnerabilityYes
Critical8.8CVE-2026-47289Remote Desktop Client Remote Code Execution VulnerabilityYes
Critical7.5CVE-2026-42992Remote Desktop Client Remote Code Execution VulnerabilityYes
Critical7.5CVE-2026-44799Remote Desktop Client Remote Code Execution VulnerabilityYes
Critical7.5CVE-2026-44801Remote Desktop Client Remote Code Execution VulnerabilityYes
Critical7.5CVE-2026-47654Remote Desktop Client Remote Code Execution VulnerabilityYes
Critical7.5CVE-2026-48563Remote Desktop Client Remote Code Execution VulnerabilityYes

Critical Vulnerability in Microsoft Cryptographic Services

CVE-2026-44810 is a Critical elevation of privilege vulnerability affecting Microsoft Cryptographic Services and has a CVSS score of 8.4. This improper authentication flaw (CWE-287) allows an unauthenticated local attacker to elevate privileges with no user interaction and low attack complexity. An attacker could exploit this either by logging on to the system and running a specially crafted application, or by convincing a local user to open a malicious file. Successful exploitation could grant an attacker SYSTEM privileges.

Table 10. Critical vulnerability in Microsoft Cryptographic Services
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.4CVE-2026-44810Microsoft Cryptographic Services Elevation of Privilege VulnerabilityYes

Critical Vulnerabilities in Microsoft Office 

CVE-2026-45461, CVE-2026-45463, CVE-2026-45472, and CVE-2026-45474 are Critical RCE vulnerabilities in Microsoft Office, all with a CVSS score of 8.4. These vulnerabilities allow unauthorized attackers to execute arbitrary code locally through use-after-free flaws (CVE-2026-45461, CVE-2026-45472, CVE-2026-45474) and an integer underflow flaw (CVE-2026-45463). 

CVE-2026-45460 is a Critical information disclosure vulnerability affecting Microsoft Office and has a CVSS score of 4.7. A buffer over-read flaw (CWE-126) could allow an unauthorized attacker to disclose information locally. An attacker that successfully exploited this vulnerability could potentially read small portions of heap memory.

The Preview Pane is an attack vector for all five vulnerabilities.

Table 11. Critical vulnerabilities in Microsoft Office
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.4CVE-2026-45461Microsoft Office Remote Code Execution VulnerabilityYes
Critical8.4CVE-2026-45463Microsoft Office Remote Code Execution VulnerabilityYes
Critical8.4CVE-2026-45472Microsoft Office Remote Code Execution VulnerabilityYes
Critical8.4CVE-2026-45474Microsoft Office Remote Code Execution VulnerabilityYes
Critical4.7CVE-2026-45460Microsoft Office Information Disclosure VulnerabilityYes

Critical Vulnerabilities in Windows Hyper-V

CVE-2026-45607 and CVE-2026-45641 are Critical RCE vulnerabilities affecting Windows Hyper-V, both with a CVSS score of 8.4. Both share a common exploitation path: An authenticated attacker on a guest VM could send specially crafted file operation requests to hardware resources on the VM, resulting in RCE on the host server. CVE-2026-45607 stems from an out-of-bounds read flaw (CWE-125), while CVE-2026-45641 stems from a type confusion flaw (CWE-843). Both require no user interaction and have low attack complexity.

CVE-2026-47652 is a Critical RCE vulnerability affecting Windows Hyper-V and has a CVSS score of 8.2, stemming from a heap-based buffer overflow flaw (CWE-122). An attacker could issue a specially crafted hypercall with a maliciously large or malformed payload size from within a virtualized environment, triggering a buffer overflow in the hypervisor during memory operations. Unlike the other two, this vulnerability requires high privileges to exploit.

Table 12. Critical vulnerabilities in Windows Hyper-V
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.4CVE-2026-45607Windows Hyper-V Remote Code Execution VulnerabilityYes
Critical8.4CVE-2026-45641Windows Hyper-V Remote Code Execution VulnerabilityYes
Critical8.2CVE-2026-47652Windows Hyper-V Remote Code Execution VulnerabilityYes

Critical Vulnerabilities in Microsoft Outlook and Word

CVE-2026-45456, CVE-2026-45458, and CVE-2026-47635 are Critical RCE vulnerabilities affecting Microsoft Outlook and Word, all with a CVSS score of 8.4. These vulnerabilities allow unauthorized attackers to execute arbitrary code locally through a type confusion flaw (CVE-2026-45456), a use-after-free flaw (CVE-2026-45458), and a heap-based buffer overflow flaw (CVE-2026-47635). The Preview Pane is an attack vector for all three vulnerabilities.

Table 13. Critical vulnerabilities in Microsoft Outlook and Word
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.4CVE-2026-45456Microsoft Outlook and Word Remote Code Execution VulnerabilityYes
Critical8.4CVE-2026-45458Microsoft Outlook and Word Remote Code Execution VulnerabilityYes
Critical8.4CVE-2026-47635Microsoft Outlook and Word Remote Code Execution VulnerabilityYes

Critical Vulnerability in Windows Deployment Services

CVE-2026-42987 is a Critical RCE vulnerability affecting Windows Deployment Services (WDS) and has a CVSS score of 8.1. This use-after-free flaw (CWE-416) could allow an unauthorized remote attacker to execute arbitrary code over a network. Successful exploitation requires an attacker to win a race condition.

An attacker could exploit this vulnerability by sending specially crafted network requests to a Windows Server system with the WDS role enabled that is listening for TFTP traffic. By triggering an error in how the server handles simultaneous requests, an unauthenticated remote attacker could cause the service to use invalid memory, potentially allowing code execution on the affected server.

Table 14. Critical vulnerability in Windows Deployment Services
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical8.1CVE-2026-42987Windows Deployment Services (WDS) Remote Code Execution VulnerabilityYes

Critical Vulnerability in Windows Device Health Attestation

CVE-2026-33828 is a Critical elevation of privilege vulnerability affecting Windows Device Health Attestation (DHA) and has a CVSS score of 7.8. DHA is a Windows security feature that verifies the integrity of a device's boot process and security configuration. This trust boundary violation flaw (CWE-501) allows a low-privileged local attacker to undermine the trustworthiness of attestation reports and elevate privileges to gain SYSTEM-level control with no user interaction and low attack complexity.

Table 15. Critical vulnerability in Windows Device Health Attestation
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical7.8CVE-2026-33828Windows Device Health Attestation (DHA) Elevation of Privilege VulnerabilityYes

Critical Vulnerability in Windows Media

CVE-2026-48574 is a Critical RCE vulnerability affecting Windows Media and has a CVSS score of 7.8. This heap-based buffer overflow flaw (CWE-122) allows an attacker to execute arbitrary code on a target system by convincing a user to interact with a specially crafted file. Despite the RCE classification, the attack vector is local, meaning the attacker must rely on user interaction to trigger the vulnerability rather than reaching the target directly over a network.

Table 16. Critical vulnerability in Windows Media
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical7.8CVE-2026-48574Windows Media Remote Code Execution VulnerabilityYes

Critical Vulnerabilities in Windows Graphics Component

CVE-2026-44803 and CVE-2026-44812 are Critical RCE vulnerabilities affecting the Windows Graphics Component, both with a CVSS score of 7.8. Both stem from integer overflow flaws (CWE-190) in Windows Win32K - GRFX and require user interaction to exploit. An attacker could trigger code execution by convincing a user to view a specially crafted file in the Windows File Explorer Preview Pane or by opening the file directly. Despite the RCE classification, the attack vector is local, meaning the attacker must rely on user interaction rather than reaching the target directly over a network.

Table 17. Critical vulnerabilities in Windows Graphics Component
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical7.8CVE-2026-44803Windows Graphics Component Remote Code Execution VulnerabilityYes
Critical7.8CVE-2026-44812Windows Graphics Component Remote Code Execution VulnerabilityYes

Critical Vulnerability in Windows Kerberos Key Distribution Center

CVE-2026-47288 is a Critical RCE vulnerability affecting the Windows Kerberos Key Distribution Center (KDC) and has a CVSS score of 7.1. The KDC is the authentication service that runs on every Active Directory domain controller; it’s responsible for issuing Kerberos tickets across the domain. A vulnerability here could allow attackers to target the most sensitive servers in an enterprise environment. This integer overflow or wraparound flaw (CWE-190) in Windows Kerberos could allow an authorized attacker to execute code over an adjacent network. Successful exploitation requires an attacker to prepare the target environment to improve exploit reliability.

An attacker already authenticated to the domain could send specially crafted authentication-related data to a domain controller, causing the affected Windows component to incorrectly handle memory. This could allow the attacker to disrupt the service or gain higher privileges on the domain controller without any user interaction.

Table 18. Critical vulnerability in Windows Kerberos Key Distribution Center
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical7.1CVE-2026-47288Windows Kerberos Key Distribution Center (KDC) Remote Code Execution VulnerabilityYes

Critical Vulnerability in Azure HorizonDB

CVE-2026-48567 is a Critical elevation of privilege vulnerability affecting Azure HorizonDB and has a CVSS score of 10.0. Azure HorizonDB is a cloud-native distributed database service; an authentication bypass here could allow attackers to gain unauthorized control over database resources and potentially the data they host. 

Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention.

Table 19. Critical vulnerability in Azure HorizonDB
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical10.0CVE-2026-48567Azure HorizonDB Elevation of Privilege VulnerabilityNo

Critical Vulnerability in Microsoft Exchange Online

CVE-2026-48579 is a Critical information disclosure vulnerability affecting Microsoft Exchange Online and has a CVSS score of 9.1. An improper authorization flaw (CWE-285) allows unauthenticated remote attackers to disclose sensitive information over a network with no user interaction and low attack complexity, with high confidentiality and integrity impact.

Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention.

Table 20. Critical vulnerability in Microsoft Exchange Online
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical9.1CVE-2026-48579Microsoft Exchange Online Information Disclosure VulnerabilityNo

Critical Vulnerabilities in Microsoft M365 Copilot

CVE-2026-45497 and CVE-2026-42824 are Critical vulnerabilities affecting Microsoft M365 Copilot, with CVSS scores of 7.7 and 6.5, respectively. Both stem from command injection flaws (CWE-77).

CVE-2026-45497 is an RCE vulnerability that allows low-privileged remote attackers to execute code over a network with high attack complexity and a changed scope. CVE-2026-42824 is an information disclosure vulnerability that allows unauthenticated remote attackers to disclose sensitive information over a network, requiring user interaction to exploit.

Microsoft has proactively remediated these vulnerabilities within its cloud infrastructure without requiring any customer intervention.

Table 21. Critical vulnerabilities in Microsoft M365 Copilot
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical7.7CVE-2026-45497Microsoft M365 Copilot Remote Code Execution VulnerabilityNo
Critical6.5CVE-2026-42824Microsoft M365 Copilot Information Disclosure VulnerabilityNo

Critical Vulnerability in Copilot Chat (Microsoft Edge)

CVE-2026-47644 is a Critical information disclosure vulnerability affecting Copilot Chat in Microsoft Edge and has a CVSS score of 6.5. An injection flaw (CWE-74) allows unauthenticated remote attackers to disclose sensitive information over a network. User interaction is required for exploitation.

Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention.

Table 22. Critical vulnerability in Copilot Chat (Microsoft Edge)
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical6.5CVE-2026-47644Copilot Chat (Microsoft Edge) Information Disclosure VulnerabilityNo

Critical Vulnerability in Microsoft Graph

CVE-2026-47655 is a Critical information disclosure vulnerability affecting Microsoft Graph and has a CVSS score of 6.5. Microsoft Graph is the API platform that connects Microsoft 365 services and data; an information disclosure vulnerability here could expose sensitive organizational data across connected Microsoft cloud services. This exposure of sensitive information flaw (CWE-200) allows low-privileged remote attackers to disclose sensitive information over a network with no user interaction required.

Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention.

Table 23. Critical vulnerability in Microsoft Graph
SeverityCVSS ScoreCVEDescriptionAction Required?
Critical6.5CVE-2026-47655Microsoft Graph Information Disclosure VulnerabilityNo

Patch Tuesday Dashboard in the Falcon Platform

For a visual overview of the systems impacted by this month’s vulnerabilities, you can use our Patch Tuesday dashboard. This can be found in the CrowdStrike Falcon® platform within the Exposure Management > Vulnerability Management > Dashboards page. The preset dashboards show the most recent three months of Patch Tuesday vulnerabilities.

New AI-Powered Capabilities in Falcon Exposure Management 

With CrowdStrike Falcon® Exposure Management, you can automatically classify and prioritize assets, show attack paths targeting client-side exploitation of devices, and integrate with CrowdStrike Falcon® Next-Gen SIEM. Learn more in this blog post:

Falcon Exposure Management’s AI-Powered Risk Prioritization Shows Organizations What to Fix First

Not All Relevant Vulnerabilities Have Patches: Consider Mitigation Strategies

As we have learned with other notable vulnerabilities, such as Log4j, not every highly exploitable vulnerability can be easily patched. As is the case for the ProxyNotShell vulnerabilities, it’s critically important to develop a response plan for how to defend your environments when no patching protocol exists. 

Regular review of your patching strategy should still be a part of your program, but you should also look more holistically at your organization's methods for cybersecurity and improve your overall security posture.

Learn More

The CrowdStrike Falcon platform regularly collects and analyzes trillions of endpoint events every day from millions of sensors deployed across 176 countries. Watch this demo to see the Falcon platform in action.

Learn more about how CrowdStrike Falcon® Exposure Management can help you quickly and easily discover and prioritize vulnerabilities and other types of exposures here.

About CVSS Scores

The Common Vulnerability Scoring System (CVSS) is a free and open industry standard that CrowdStrike and many other cybersecurity organizations use to assess and communicate software vulnerabilities’ severity and characteristics. The CVSS Base Score ranges from 0.0 to 10.0, and the National Vulnerability Database (NVD) adds a severity rating for CVSS scores. Learn more about vulnerability scoring in this article.

Additional Resources