Zero Day Initiative | Blog
Follow
The June 2026 Security Update Review
Adobe released eleven bulletins addressing 123 CVEs in various products for June. The most critical update is for Adobe Campaign Classic with a CVSS score of 10.0, followed by ColdFusion with seven critical vulnerabilities. Adobe Acrobat Reader also received twenty critical vulnerability patches, which are common targets for ransomware. Microsoft's June Patch Tuesday was the largest ever, with 208 CVEs across Windows, Office, and Azure. Three of these vulnerabilities are publicly known, and one is under active exploitation in the wild. A critical Windows Kernel Remote Code Execution vulnerability, CVE-2026-45657, is particularly concerning due to its wormable nature. Another high-severity bug, CVE-2026-47291, affects HTTP.sys and allows remote code execution unless specific registry settings are in place. Microsoft Defender also has an elevation of privilege vulnerability, CVE-2026-41091, which is being exploited. Patches for BitLocker address vulnerabilities that could allow security feature bypass. The sheer volume of patches raises questions about AI's role in their discovery and creation. System administrators should prioritize deployment of these critical updates due to the number of zero-day threats and active exploits.