Microsoft June Patch Tuesday has set a new record, releasing fixes for 206 security vulnerabilities on 9 June 2026, including 32 rated critical and three publicly disclosed zero-days that attackers could use against any unpatched PC. Install it now.
The headline figure requires a brief explanation. Security provider Tenable counted 198 Microsoft-specific CVEs (Common Vulnerabilities and Exposures), excluding six bugs addressed separately around the same time and two CVEs issued by non-Microsoft CVE Numbering Authorities. Add those back in and you reach 206. Either way, the tally is a record.
What the Microsoft June Patch Tuesday Zero-Days Mean for You
None of the three zero-days have been actively exploited in the wild, but each was publicly disclosed before Microsoft issued a fix, meaning detailed information was available to attackers. The three vulnerabilities affect Windows BitLocker (CVE-2026-50507), the HTTP.sys driver (CVE-2026-49160), and the Windows Collaborative Translation Framework, also known as CTFMON (CVE-2026-45586), according to the HTMD Blog.
The BitLocker flaw lets an attacker with physical access to an unpatched machine capture encrypted data from the hard drive. BleepingComputer reports that the risk is highest on devices configured with a specific BitLocker Group Policy that includes PCR7 in the TPM validation profile, alongside certain Secure Boot and Windows Boot Manager settings tied to the newer Windows UEFI CA 2023 certificate. The HTTP.sys bug can enable a denial-of-service attack, making it particularly relevant for organisations running web-facing servers. The CTFMON flaw relates to how Windows resolves a link to a file and could allow privilege escalation.
Two of the 32 critical vulnerabilities carry a CVSS score of 9.8, the maximum practical severity: CVE-2026-45657 (Windows Kernel Remote Code Execution) and CVE-2026-47291 (HTTP.sys Remote Code Execution). Both allow remote, unauthenticated attackers to execute arbitrary code without any user interaction, according to the Zero Day Initiative. Separately, a Windows DWM Core Library information disclosure bug, CVE-2026-48566, was also patched; it does not enable remote code execution but can expose data from the Desktop Window Manager, as detailed by Windows Forum.
How AI Is Driving a New Era of Vulnerability Discovery
The record-breaking count is not a coincidence. Tech companies are increasingly deploying AI models to find and fix bugs faster than human researchers can alone. In April 2026, Mozilla patched 271 security flaws in Firefox, assisted by an early version of Claude Mythos Preview, Anthropic’s AI. ‘The unusually high volume of disclosures reflects a broader trend in vulnerability research, where advances in AI-assisted analysis and initiatives such as Mythos are helping researchers uncover flaws at a much faster pace than before,’ patch management provider Action1 said in an advisory.
Claude Mythos Preview was announced on 7 April 2026. According to a Cloud Security Alliance whitepaper, it autonomously discovered thousands of previously unknown vulnerabilities across every major operating system and web browser, including flaws that had survived decades of human-led review. Anthropic characterised an early containment issue as reflecting ‘agentic capabilities operating without adequate goal constraints,’ rather than a patchable software defect.
Anthropic’s Project Glasswing, the restricted cybersecurity programme using Claude Mythos Preview, has helped uncover more than 10,000 high- or critical-severity vulnerabilities across systemically important software since going live. One identified weakness is a critical flaw in WolfSSL (CVE-2026-5194, CVSS score: 9.1) that could allow an attacker to forge certificates and impersonate a legitimate service, according to The Hacker News. Microsoft has stated that its monthly patch volumes will ‘continue trending larger for some time,’ driven by the surge in AI-assisted discovery.
New Windows 11 Features in the June Update
Beyond security patches, the June update brings several improvements to Windows 11. File Explorer now supports additional archive formats, including UU, CPIO, XAR, and NuGet Packages (NUPKG), and retains View and Sort preferences in folders such as Downloads and Documents. A dark-mode white flash issue has been fixed, and explorer.exe reliability has improved.
A new Low Latency Profile feature sends a quick processor signal to speed up certain actions. Windows 11 now supports shared audio devices, meaning multiple users can connect their own Bluetooth earbuds or headsets to one PC simultaneously. Webcam access has also been improved, so multiple apps can use the camera at the same time without manual switching between them. Users setting up Windows 11 fresh can now choose a custom name for their user folder rather than accepting one derived automatically from their username.
For Windows 10, the Microsoft Support document for KB5094127 (OS Builds 19045.7417 and 19044.7417) notes improvements to File Explorer search, including support for Chinese text and UTF-8-encoded files without a byte order mark. Windows 10 users must be enrolled in the Extended Security Updates (ESU) programme to receive this update.
The updates for Windows 11 are KB5094126 (versions 24H2 and 25H2) and KB5093998 (23H2); for Windows 10 it is KB5094127. All are mandatory and will download automatically, but a reboot is required for them to take effect. With two CVSS 9.8 remote-code-execution flaws and three publicly known zero-days in the mix, that reboot should not wait.