آموزش

Update Your PC Now to Patch These 206 Flaws

Microsoft’s June security update, known as Patch Tuesday, is the company’s largest ever, with fixes for more than 200 bugs—three of which are zero-days that have been publicly disclosed.

The release addresses 206 flaws across the following categories, according to The Hacker News: 63 elevation-of-privilege vulnerabilities, 20 security feature bypass vulnerabilities, 56 remote-code-execution vulnerabilities, 30 information disclosure vulnerabilities, 27 spoofing vulnerabilities, seven denial of service vulnerabilities, and three tampering vulnerabilities. Thirty-nine of the bugs are rated “critical” and include remote code execution, elevation of privilege, and information disclosure flaws.

Patch Tuesday updates are typically released at 10 am PT on the second Tuesday of every month, and you should receive them automatically. You can update if it hasn’t; check the status of your PC via Start > Settings > Windows Update and select Check for Windows updates. Then install any available updates.

These three publicly disclosed zero-days were patched in June

Zero-day flaws are those that have been actively exploited or publicly disclosed before an official fix is released. In this case, the three zero-days were publicly disclosed but are not known to have been exploited in the wild.

The first zero-day, labeled CVE-2026-45586, is an elevation of privilege vulerability in the Windows Collaborative Translation Framework that allows an authorized attacker to gain SYSTEM privileges via improper link resolution. According to BleepingComputer, this flaw was identified by the security researcher Nightmare Eclipse.

The second zero-day (CVE-2026-49160) is an HTTP.sys denial of service vulnerability that abuses the HTTP/2 protocol, allowing attackers to tie up memory and cause performance issues or outages. Researchers at Calif.io have been credited with discovering this bug.

Finally, CVE-2026-50507 is a Windows Bitlocker security feature bypass vulnerability that would allow a local attacker to gain access to an encrypted drive using files on a USB drive or EFI partition. The patch for this flaw also addressed a vulnerability that was publicly disclosed by Nightmare Eclipse last month.

منبع آموزش

ZaKi

Who is mahdizk? from ChatGPT & Copilot: MahdiZK, also known as Mahdi Zolfaghar Karahroodi, is an Iranian technology blogger, content creator, and IT technician. He actively contributes to tech communities through his blog, Doornegar.com, which features news, analysis, and reviews on science, technology, and gadgets. Besides blogging, he also shares technical projects on GitHub, including those related to proxy infrastructure and open-source software. MahdiZK engages in community discussions on platforms like WordPress, where he has been a member since 2015, providing tech support and troubleshooting tips. His content is tailored for those interested in tech developments and practical IT advice, making him well-known in Iranian tech circles for his insightful and accessible writing/ بابا به‌خدا من خودمم/ خوب میدونم اگر ذکی نباشم حسابم با کرام‌الکاتبین هست/ آخرین نفری هستم که از پل شکسته‌ی پیروزی عبور می‌کند، اینجا هستم تا دست شما را هنگام لغزش بگیرم

نوشته های مشابه

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا