Microsoft’s June 2026 Patch Tuesday resolves 206 vulnerabilities including three CVSS 9.8 unauthenticated RCE flaws in Windows Kernel, HTTP.sys, and the DHCP Client, with PoC code publicly available for at least two zero-days. No confirmed in-the-wild exploitation is reported at disclosure, but PoC availability materially compresses weaponization timelines. Emergency patch deployment is warranted for internet-facing Windows infrastructure today.
