- June 2026 Patch Tuesday release fixes nearly 200 Windows vulnerabilities, Microsoft’s largest release to date
- Includes GreenPlasma (CVE-2026-45586) and YellowKey (CVE-2026-45585) from Chaotic Eclipse, disclosed without coordination.
- AI-powered bug discovery expected to drive record patch volumes and continue to grow
The June 2026 Patch Tuesday cumulative update has been released for Microsoft’s Windows operating system and is by far the largest the company has ever released.
The update addresses nearly 200 security vulnerabilities in Windows systems as well as supported software, dozens of which are labeled “critical,” meaning they could cause serious harm to users.
Among the flaws are two vulnerabilities revealed by Chaotic Eclipse, a mysterious researcher who recently came into conflict with Microsoft over how the vulnerabilities were reported and how the researchers were credited/compensated.
Use AI to detect security issues
By fixing nearly 200 bugs, Microsoft essentially broke its own record, in part due to the use of Artificial Intelligence (AI).
The first major issue is GreenPlasma, an elevation of privilege vulnerability in the Windows Collaborative Translation Framework (CTF). This bug, identified as CVE-2026-45586 and with a severity score of 7.8/10 (High), allows a local attacker to gain higher privileges on Windows systems.
The second is YellowKey, a Windows BitLocker security feature bypass vulnerability tracked as CVE-2026-45585 and with a severity score of 6.8/10 (medium). The proof of concept (PoC) for this vulnerability has been made public, NVD said, which violates coordinated vulnerability best practices.
As a result, Microsoft said it was considering taking legal action against Chaotic Eclipse if they were found to be breaking the law. In its follow-up Patch Tuesday notice, the company did not credit any researchers for these two flaws, only saying that it “recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure.”
Through Krebs on security
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds.
