Microsoft ecosystem exploited
Key Questions
What record was set in Microsoft's June Patch Tuesday?
Microsoft addressed 206 vulnerabilities including 39 critical issues, three zero-days, and critical SharePoint RCE, marking one of the largest monthly updates.
What is the RoguePlanet zero-day in Microsoft Defender?
CVE-2026-50656 is a zero-day that grants SYSTEM-level access even with real-time protection disabled, and Microsoft is actively developing a patch.
Which Microsoft products have wormable or high-impact vulnerabilities?
Windows HTTP.sys RCE (CVE-2026-47291) is likely wormable with no patch yet, while SharePoint on-prem RCE and multiple Outlook/Word preview pane flaws require urgent attention.
What zero-day bypasses BitLocker protection?
The 'GreatXML' technique bypasses BitLocker via Defender offline scan and is one of the three zero-days addressed or noted in the June updates.
Are there any end-of-support concerns for SharePoint?
SharePoint on-prem RCE (CVE-2026-45659) has a patch available but reaches end-of-support on July 14, increasing urgency for organizations still running legacy versions.
June Patch Tuesday record – 206 vulns, 39 critical, three zero-days (BitLocker bypass via GreatXML, HTTP.sys DoS, CTF EoP) and critical SharePoint RCE. Netlogon RCE active; Exchange RCE deadline passed; Windows Search URI NTLM leak. Defender RoguePlanet zero-day grants SYSTEM – CVE-2026-50656 assigned, Microsoft working on patch. 'Exploitation More Likely' rating. Works even with real-time protection off. Windows HTTP.sys RCE (CVE-2026-47291) – likely wormable, no patch. 'GreatXML' bypasses BitLocker via Defender offline scan. SharePoint on-prem RCE (CVE-2026-45659) – patch released May 21, end-of-support July 14. Critical Outlook and Word RCEs (CVSS 8.4) – preview pane triggers code execution. Microsoft 365 Copilot SearchLeak flaw (CVE-2026-42824) – patched but highlights AI attack surface. June Patch Tuesday pushed Secure Boot fixes for CVE-2026-8863. Patch immediately.