Microsoft's June 2026 Patch Tuesday sets a record with 206 vulnerabilities fixed, including three publicly disclosed zero-days and critical flaws in HVAC/UPS infrastructure. Active exploitation continues for multiple unpatched vulnerabilities, while ServiceNow and other enterprise platforms face ongoing security incidents.

Microsoft Patches Record 206 Flaws Including Three Zero-Days — Microsoft released fixes for 206 vulnerabilities (39 critical, 167 important) on June 2026 Patch Tuesday, including three publicly disclosed zero-days: YellowKey, GreenPlasma, and MiniPlasma that enable SYSTEM privilege escalation and BitLocker access. Read more →
RoguePlanet Windows Zero-Day Exploit Released Post-Patch — A new Microsoft Defender zero-day named RoguePlanet exploiting a race condition was released hours after Patch Tuesday, enabling local privilege escalation to SYSTEM on fully patched Windows systems. Read more →
Critical HVAC and UPS Vulnerabilities Threaten Data Center Infrastructure — Claroty researchers disclosed critical vulnerabilities in Vertiv UPS network cards and Trane Tracer SC+ HVAC controllers that could allow attackers to disrupt data center operations. Read more →
ServiceNow Patches Vulnerability Actively Exploited Against Customers — ServiceNow patched an unauthenticated API endpoint flaw on June 5 that attackers exploited to gain unauthorized access to customer instances; the vulnerability had been known since April 7. Read more →
Ivanti Sentry Max-Severity RCE Flaw Patched — Ivanti released patches for two critical vulnerabilities in Sentry secure mobile gateway, including a maximum-severity flaw enabling remote attackers to execute code with root privileges. Read more →
Arista EOS Vulnerability Actively Exploited, No Patch Planned — Arista announced no patch is planned for an actively exploited EOS vulnerability; organizations are advised to apply vendor mitigations or discontinue vulnerable devices. Read more →
Six Proto6 Vulnerabilities in protobuf.js Enable RCE and DoS — Six vulnerabilities in protobuf.js (JavaScript/TypeScript Protocol Buffers implementation) could enable remote code execution and denial-of-service attacks through malicious protobuf schemas or payloads. Read more →
CISA Adds Three Actively Exploited Vulnerabilities to KEV Catalog — CISA added CVE-2026-7473 (Arista EOS), CVE-2026-11645 (Google Chromium V8), and CVE-2026-20245 (Cisco Catalyst SD-WAN Manager) to its Known Exploited Vulnerabilities catalog based on active exploitation evidence. Read more →