The June 2026 Patch Tuesday cumulative update for Microsoft’s Windows operating system has been released – and is, by far, the biggest one the company has ever released.
The update addresses almost 200 security vulnerabilities across Windows systems, as well as supported software, dozens of which are labeled as “critical”, meaning they could cause serious damage to the users.
Among the flaws are two vulnerabilities disclosed by Chaotic Eclipse, a mysterious researcher who conflicted with Microsoft recently over how vulnerabilities were reported, and researchers credited/compensated.
Using AI to spot security issues
By fixing almost 200 flaws, Microsoft essentially broke its own record – partly due to the use of Artificial Intelligence (AI).
The first major issue is GreenPlasma, an elevation-of-privilege vulnerability in the Windows Collaborative Translation Framework (CTF). This bug, tracked as CVE-2026-45586, and given a severity score of 7.8/10 (high), allows a local attacker to gain higher privileges on Windows systems.
The second is YellowKey, a Windows BitLocker Security Feature Bypass vulnerability tracked as CVE-2026-45585, and given a severity score of 6.8/10 (medium). The proof of concept (PoC) for this vulnerability has been made public, NVD said, which is in violation of coordinated vulnerability best practices.
As a result, Microsoft said it was considering legal action against Chaotic Eclipse if they had been found to be breaking the law. In its follow-up advisory to Patch Tuesday, the company did not credit any researchers for these two flaws, only saying that it “recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.”
Via Krebs on Security
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.