Patch [Fix] Tuesday: June 2026

Most months, a single vulnerability sets the tone for the release. June doesn't have one.

This month the exposure is spread across corners a patch program rarely audits. The kernel and the network stack are here, the same as always. So is a code editor, an AI coding assistant, and a bootloader. So is a nine-year-old Linux root bug. By category the release looks ordinary, heavy on elevation of privilege and remote code execution, with the rest in information disclosure, spoofing, and a handful of denial of service bugs. What stands out is how far the impact reaches. It's wide this month, and it's strange.

Call it a breadth problem more than a severity one. That changes how you triage, because the job isn't finding the single critical bug and moving on. The job is covering ground.

For the full breakdown, listen to the Patch [FIX] Tuesday podcast.

HTTP.sys remote code execution vulnerability

CVE-2026-47291 (Critical) is an integer overflow in HTTP.sys, the kernel-mode driver that handles HTTP. The advisory reads about as badly as these get. An unauthenticated attacker sends a crafted packet to a target server over the HTTP protocol stack. No credentials, no user interaction. It's a Critical, and Microsoft puts it on the exploitation-more-likely list, the pairing you want closed first.

It tops the list because of where it sits. HTTP.sys runs underneath Internet Information Services (IIS), underneath Windows Remote Management (WinRM), and underneath a long list of services you would never call web servers. It lives in the kernel. Land code there and no privilege boundary remains above you. Anyone who lived through the 2021 HTTP.sys scare will recognize the shape of this.

One caveat. Microsoft hasn't tagged this one as wormable, and an integer overflow doesn't turn into a self-propagating worm on its own. The raw capability is unnerving, and it checks the boxes an attacker looks for in a network target. Whether it ever self-spreads comes down to reliability work that no one has published.

No public exploit exists today. Patch before that changes.

How attackers may exploit this vulnerability

• An unauthenticated attacker sends a crafted packet to any service that listens on the HTTP protocol stack, with no foothold required.

• The bug runs in kernel mode, so a successful hit leaves no privilege boundary above the attacker and puts endpoint defenses in reach.

• The attack is scriptable and needs no per-target tuning, so anything exposed that answers HTTP is a candidate.

What to look out for

• Unexpected crashes or restarts of HTTP-handling services across your Windows fleet.

• Malformed or anomalous HTTP requests hitting servers and management endpoints, especially in bursts.

• New listeners or processes on hosts that answer HTTP through WinRM or IIS but were not deployed to serve web traffic.

Mitigation guidance

• Patch this first. Treat it as the top line of your remediation list this week.

• Inventory what answers HTTP. WinRM, IIS, and embedded service endpoints all sit on HTTP.sys and all need the fix.

• Reduce exposure where you can. Anything internet-reachable that speaks HTTP belongs behind same-day patching until this is closed.

HTTP.sys does not travel alone this month. Two more pre-auth network bugs belong in the same maintenance window.

CVE-2026-45657 (Critical) is a use-after-free in the Windows kernel. Crafted network traffic reaches the target with no authentication and executes as SYSTEM. Microsoft rates it exploitation less likely. Read that rating carefully. A network-reachable kernel use-after-free stays in the less-likely column only until someone works out a reliable trigger.

Then there's the DHCP pair. CVE-2026-44815 (Critical) is a DHCP client remote code execution bug. CVE-2026-45602 (Important) is a DHCP tampering bug. A Critical and an Important, both in the core of the network stack.

A half-patched fleet is still an exposed one. Don't patch HTTP.sys and skip these two for the next wave.

This is the cluster most teams have quietly written off. Microsoft is now shipping fixes for its editor and its AI assistant on the same advisory sheet as the operating system.

CVE-2026-47281 (Important) is a Visual Studio Code elevation of privilege bug. The trigger is opening a malicious .code-workspace file. The advisory is blunt about it. Don't open a workspace file you don't trust. Microsoft rates exploitation unlikely because it needs that user action. Talking someone into opening a file is one of the oldest moves there is. The result is SYSTEM on a developer's machine, which is among the worst places to hand it over.

CVE-2026-45482 (Important) is a Copilot Chat extension security feature bypass in Visual Studio Code. A path traversal opens a route to authentication bypass and impersonation.

The developer endpoint has become a primary attack surface, and that matters most for teams building SaaS and cloud platforms. Cloning a repo can now hand an attacker your AI session along with it. That pattern is going to drive real initial-access campaigns.

The other arc this month runs beneath the operating system, and it's ugly down there.

Secure Boot. This release carries ten Secure Boot, Boot Manager, and UEFI bypasses. CVE-2026-45656 (Important) is the UEFI Secure Boot security feature bypass among them. Microsoft rates exploitation less likely, but the worst case is a bootkit: untrusted code running before the operating system's defenses load at all.

CVE-2026-45658 (Important) is a Windows BitLocker security feature bypass on the more-likely list. It takes physical access to get at encrypted data. Put the two together. Secure Boot and full-disk encryption are both exposed in the same release.

CVE-2026-44803 and CVE-2026-44812 (both Critical) are Windows Graphics Component remote code execution bugs, and both sit on the more-likely-to-exploit list. They're Win32k graphics integer overflows. What sets them apart is the reach. At 33 affected products each, they carry the widest product spread of anything in the release. A graphics flaw across that many products is not a server-only patch. Workstations need it just as much.

The only working exploit code this month sits on the Linux side, not the Microsoft side. Let that shape how you sequence the two.

CVE-2026-46333 is the fresh one. Qualys found a logic flaw in the kernel's ptrace path, and the payoff is local root. An unprivileged user can read the shadow file via chage, extract SSH host keys via ssh-keysign, or run commands as root via pkexec.

Qualys shipped the advisory with working exploits, and public exploit code is already circulating. The flaw has sat in the mainline kernel for roughly nine years, the same long-dormant pattern as Copy-Fail, last month's Linux local-root bug. It ships vulnerable by default on Debian, Ubuntu, Fedora, SUSE, AlmaLinux, and CloudLinux.

Patches are out, and a mitigation exists if you can't patch a box right away. This isn't the usual local-root bug you can schedule for next quarter. Treat it as patch-now on every Linux host.

There's also a callback. Dirty Frag, which we covered on last month's episode and in the Dirty Frag response post, already grew a new variant. It's called Fragnesia, CVE-2026-46300. It sits in the same ESP networking code, and Red Hat rolled it into the Dirty Frag advisory in late May. Fixes are still landing. Mitigate one variant and the next surfaces in the same code.

That argues for one mitigation pushed across the whole Linux fleet in a single pass, rather than fixing hosts one at a time. Automox Worklets are built for exactly that. For customers, the mitigations are one click in the catalog.

For everyone else, the Automox Community Worklets are published publicly, so you can run them without an Automox subscription.

Set the patch list aside for a moment. The loudest security news this month never produced a CVE, and it's the developer-tooling section above playing out in the wild.

GitHub disclosed that an attacker reached roughly 3,800 of its internal repositories through a poisoned build of the NX Console extension for Visual Studio Code. The NX extension was poisoned because one of its developers was compromised in an earlier supply chain attack on the TanStack JavaScript packages. That attack abused a GitHub Actions workflow and lifted an OpenID Connect (OIDC) token straight out of a runner. Every link in that chain was a developer tool.

The malicious TanStack packages shipped with valid Supply-chain Levels for Software Artifacts (SLSA) attestation, so the check everyone is told to run, verifying the provenance, returned clean and flagged nothing. Provenance tells you where a package came from, not whether it's safe, and treating a passing attestation as a green light is the exact gap these packages exploited.

Red Hat got a cleaner version of the same lesson in early June, flagged by researchers at Aikido Security. A compromised GitHub account pushed malware into one of Red Hat's npm namespaces, where an npm preinstall hook harvested tokens and cloud credentials the instant anyone ran npm install.

Researchers track the campaign as Miasma. It got in through Red Hat's own GitHub Actions trust with the registry, so the remediation had nothing to do with patching a server. It meant rotating every CI secret, cloud credential, and token, and treating the build pipeline as already compromised.

None of this is a Patch Tuesday CVE. Every one of these rode in through the software your teams build with. The exposure isn't in the patch notes anymore. It's in the tools your developers live in.

The attack surface got wider and stranger this month. The response didn't. Accurate inventory tells you whether Visual Studio Code or a poisoned npm package is even on a given box. Patch velocity compresses the gap between a fix shipping and a fix landing from quarters to hours.

Configuration discipline holds the line once the patch is on, and defense in depth absorbs whatever slips past. That list hasn't changed in 20 years. It just has to cover more ground, faster, than it ever has.

• Microsoft Security Response Center – June 2026 Security Updates – Full list of June 2026 Patch Tuesday advisories, severities, and exploitability ratings

• CISA – Known Exploited Vulnerabilities Catalog – Authoritative tracker for actively exploited CVEs

• Qualys Security Advisories – Technical advisory and proof-of-concept detail for the Linux kernel ptrace local-root flaw

• Red Hat Security Updates – Red Hat advisory tracking for the Dirty Frag family and the Fragnesia variant

• Aikido Security – Red Hat npm Packages Compromised to Spread a Credential-Stealing Worm – Disclosure and analysis of the Red Hat npm namespace compromise tracked as Miasma