Articles from June 9, 2026
Browse all Windows news articles published on June 9, 2026
CVE-2026-11012 Chrome Android Serial Use-After-Free & CPE Mismatch Risks
On June 4, 2026, Chrome published CVE-2026-11012, a use-after-free flaw in Chrome for Android’s Serial component fixed before version 149.0.7827.53 that could let an attacker who had already compromis
CVE-2026-45600: Important Windows Kernel Driver LPE—Patch June 2026 Now
Microsoft disclosed CVE-2026-45600 on June 9, 2026, as an Important-rated Windows Kernel-Mode Driver elevation-of-privilege vulnerability in its June Patch Tuesday release, affecting Windows systems t
CVE-2026-47631 Exchange Spoofing: Why Sparse Details Still Mean Real Risk
Microsoft has listed CVE-2026-47631 as a Microsoft Exchange Server spoofing vulnerability in its Security Update Guide, and the advisory’s available framing centers on confidence in the vulnerability’
Patch CVE-2026-45596: Local Elevation of Privilege in Windows AFD (afd.sys)
Microsoft disclosed CVE-2026-45596 on June 9, 2026, as a Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability, putting another kernel-adjacent networking component into t
CVE-2026-45583 Exchange RCE: Patch, Verify, and Reduce Internet Exposure
Microsoft’s June 9, 2026 advisory for CVE-2026-45583 identifies a Microsoft Exchange Server remote code execution vulnerability, putting on-premises mail infrastructure back in the familiar position o
CVE-2026-45636: Windows NTFS VHD RCE—Why “Remote” Means Local Patch Now
Microsoft disclosed CVE-2026-45636 on June 9, 2026, as an Important-severity Windows NTFS remote code execution vulnerability caused by heap-based buffer overflow and improper input validation, affect
CVE-2026-45504: Urgent Microsoft Exchange EoP Patch Tuesday Guidance
CVE-2026-45504 is a Microsoft Exchange Server elevation-of-privilege vulnerability disclosed in Microsoft’s June 9, 2026 Patch Tuesday release, rated Important, and listed among a cluster of Exchange
CVE-2026-45503 Exchange Info Disclosure: Patch Quickly, Assess Real Risk
Microsoft has published CVE-2026-45503 as a Microsoft Exchange Server information disclosure vulnerability in the Security Update Guide, with the public record emphasizing confidence in the vulnerabil
CVE-2026-45598 AFD.sys Fix: Local EoP Risk in Windows WinSock Ancillary Driver
Microsoft disclosed CVE-2026-45598 on June 9, 2026, as an Important-rated Windows Ancillary Function Driver for WinSock elevation-of-privilege vulnerability that allows an authorized local attacker to
Hunting Entra ID Assistive Agent Abuse: Correlate Exchange, Graph, Entra Logs
Microsoft Entra ID agent logs are becoming a practical threat-hunting source in June 2026 because assistive AI agents can use delegated OAuth access to act for signed-in users, making malicious Graph
CVE-2026-45502: Why Microsoft “Confirmed” Report Confidence Matters for Exchange
Microsoft published CVE-2026-45502 on June 9, 2026, as a Microsoft Exchange Server information disclosure vulnerability in the MSRC Security Update Guide, assigning Microsoft as the CNA and presenting
CVE-2026-45601: Patch Now for Windows WinSock AFD SYSTEM Privilege Escalation
Microsoft disclosed CVE-2026-45601 on June 9, 2026, as an Important Windows Ancillary Function Driver for WinSock elevation-of-privilege flaw that can let a locally authenticated attacker gain SYSTEM