Update Your Computer Now to Fix These 206 Errors.
Microsoft’s June security update, known as Patch Tuesday, is the company’s largest ever, containing fixes for more than 200 bugs, three of which are publicly disclosed zero-day vulnerabilities.
According to Hacker News , the release fixes 206 vulnerabilities in the following categories: 63 privilege escalation vulnerabilities, 20 security feature bypass vulnerabilities, 56 remote code execution vulnerabilities, 30 information disclosure vulnerabilities, 27 spoofing vulnerabilities, seven denial of service vulnerabilities, and three unauthorized access vulnerabilities. Thirty-nine bugs are rated “critical” and include remote code execution, privilege escalation, and information disclosure vulnerabilities.
Patch Tuesday updates are typically released at 10:00 AM Pacific Time on the second Tuesday of each month, and you should receive them automatically. If the update hasn’t been released yet, check its status via Start > Settings > Windows Update and select “Check for Windows updates.” Then install all available updates.
These three publicly disclosed zero-day vulnerabilities were patched in June.
Zero-day vulnerabilities are those that were actively exploited by attackers or became publicly known before an official patch was released. In this case, three zero-day vulnerabilities were publicly disclosed, but it is unknown whether they were exploited by attackers in the wild.
The first zero-day vulnerability, designated CVE-2026-45586, is a privilege escalation vulnerability in the Windows Collaborative Translation Framework that allows an authenticated attacker to gain system privileges by improperly resolving URLs. According to BleepingComputer , this vulnerability was discovered by security researcher Nightmare Eclipse.
The second zero-day vulnerability (CVE-2026-49160) is a denial of service vulnerability in HTTP.sys, which exploits the HTTP/2 protocol, allowing attackers to consume memory and cause performance issues or crashes. Researchers at Calif.io are credited with discovering this bug.
Finally, CVE-2026-50507 is a Bitlocker bypass vulnerability in Windows that allows a local attacker to access an encrypted drive using files on a USB drive or EFI partition. The patch for this vulnerability also fixed a vulnerability publicly disclosed by the Nightmare Eclipse project last month.