Articles from June 10, 2026
Browse all Windows news articles published on June 10, 2026
CVE-2026-42913: Patch RDP Client RCE Risk in Windows 11 & Server
Microsoft disclosed CVE-2026-42913 on June 9, 2026, as a high-severity Remote Desktop Client remote code execution flaw affecting Windows 11, Windows Server 2022, and Windows Server 2025, with exploit
CVE-2026-42916 Patch Priority: Windows Kernel Local Privilege Escalation
Microsoft disclosed CVE-2026-42916 on June 9, 2026 as a high-severity elevation-of-privilege flaw in the Windows NT OS Kernel affecting Windows 10, Windows 11, and multiple supported Windows Server re
CVE-2026-42909 RDP Client RCE: Patch and Lock Down Outbound Admin Connections
Microsoft disclosed CVE-2026-42909 on June 9, 2026, as an Important-rated Remote Desktop Client remote code execution vulnerability affecting supported Windows client and server releases, the standalo
CVE-2026-42980: Microsoft NT Kernel Local EoP Patch Priority (7.8, Exploitation More Likely)
Microsoft published CVE-2026-42980 on June 9, 2026 as an NT OS Kernel elevation-of-privilege vulnerability affecting supported Windows client and server releases, rating it Important with a CVSS 3.1 b
CVE-2026-42908: Windows RDP Out-of-Bounds Info Disclosure (Patch Now)
Microsoft disclosed CVE-2026-42908 on June 9, 2026, as a Windows Remote Desktop Protocol information disclosure vulnerability caused by an out-of-bounds read that could allow an unauthenticated attack
CVE-2026-42907: Why a Windows Shell Info Disclosure Patch Timing Matters
Microsoft disclosed CVE-2026-42907 on June 9, 2026, as a Windows Shell information disclosure vulnerability affecting supported Windows client and server releases, with public listings placing it at m
CVE-2026-42904: Windows TCP/IP Heap Overflow Could Grant SYSTEM Privileges
Microsoft disclosed CVE-2026-42904 on June 9, 2026, as an Important Windows TCP/IP elevation-of-privilege vulnerability caused by a heap-based buffer overflow that can let an unauthenticated attacker
CVE-2026-42903 Kerberos DoS: Patch Tuesday Guidance for Windows Domains
CVE-2026-42903 is a Microsoft-disclosed Windows Kerberos denial-of-service vulnerability published on June 9, 2026, as part of the June Patch Tuesday cycle, affecting supported Windows client and serv
CVE-2026-42837: ProjFS Filter Driver Local Privilege Escalation Fixed June 2026
Microsoft disclosed CVE-2026-42837 on June 9, 2026, as an Important-severity Windows Projected File System elevation-of-privilege vulnerability caused by a buffer over-read in the ProjFS filter driver
CVE-2026-42836: Important Windows EoP Race Condition Leading to SYSTEM
Microsoft disclosed CVE-2026-42836 on June 9, 2026, as an Important Windows Function Discovery Service elevation-of-privilege flaw in fdwsd.dll that can let a low-privileged, authorized local attacker
CVE-2026-11097 Chrome Android WebView Data Leak: Fix, CPE Gaps, Inventory Tips
CVE-2026-11097 is a medium-severity Chrome for Android WebView vulnerability published on June 4, 2026, affecting Google Chrome on Android before 149.0.7827.53 and allowing a remote attacker to leak c
CVE-2026-11035: Chrome Android Custom Tabs XML Privilege Escalation Fix (149.0.7827.53)
CVE-2026-11035 is a Google Chrome for Android Custom Tabs vulnerability, published on June 4, 2026 and fixed before version 149.0.7827.53, that allowed a local attacker to escalate privileges through