Microsoft Ships Nearly 200 Security Fixes in Record Patch Tuesday as 3 Flaws Already Have Exploit Code
Updated
Updated · Krebs on Security · Jun 10
Microsoft Ships Nearly 200 Security Fixes in Record Patch Tuesday as 3 Flaws Already Have Exploit Code
3 articles · Updated · Krebs on Security · Jun 10
Summary
Nearly 200 vulnerabilities were patched across Windows and supported software in Microsoft’s June Patch Tuesday, including almost three dozen rated critical and at least three with public exploit code.
AI-driven bug hunting is helping swell the tally, Tenable said, while several zero-days were tied to recent disclosures by researcher Nightmare Eclipse and one denial-of-service flaw was reported by OpenAI’s Codex.
Key fixes included CVE-2026-49160 affecting IIS web servers, a BitLocker elevation-of-privilege bug, and a Visual Studio Code zero-day that could steal GitHub tokens with a single click.
Rapid7 said the broader June total is far higher because Microsoft also patched 360 browser vulnerabilities, even though Chromium-related flaws are no longer counted in the main Patch Tuesday figure.
The surge follows recent strain inside Microsoft’s own security operations, after at least 72 public code repositories were infected last week with a Shai-Hulud worm variant.