Microsoft’s June 2026 Patch Tuesday addresses 206 vulnerabilities, the largest release in the program’s history, with two unauthenticated zero-interaction RCEs in HTTP.sys and the Windows Kernel rated CVSS 9.8 carrying wormable propagation potential structurally comparable to EternalBlue. Any internet-facing Windows Server with IIS enabled is at immediate risk of full system compromise without requiring an attacker to authenticate or trick a user into any action. Exchange Server, BitLocker, CTFMON, Office, ESU-enrolled endpoints, and Nuance PowerScribe in healthcare environments round out a patch surface that demands emergency treatment this cycle.