Microsoft published the June 2026 Security Updates on June 9. Plan Windows, Server, IIS, RDS, Hyper-V, domain controller, and admin workstation patching with verification.
CISA added SolarWinds Serv-U CVE-2026-28318 to KEV on June 5, 2026. Update to Serv-U 15.5.4 Hotfix 1 or the current fixed SolarWinds build.
MiniPlasma is a newly public Windows local privilege escalation issue tied to cldflt.sys and CVE-2020-17103. Here is what admins should monitor while Microsoft investigates.
CISA KEV patch guide for Microsoft Defender CVE-2026-41091 and CVE-2026-45498 on Windows Server, hosting, RDS, Hyper-V, and admin machines.
Update Azure Local Disconnected Operations to ALDO 2604 or later for CVE-2026-42822, then verify backups, identity health, and privileged access.
Windows Secure Boot certificates from 2011 begin expiring in June 2026. Patch, reboot, verify, and stage server rollout safely.
Install the June 2026 Exchange Server updates for CVE-2026-42897, keep mitigations in place during rollout, and verify OWA, mail flow, logs, and backups.
Patch Windows Netlogon CVE-2026-41089 and Windows DNS Client CVE-2026-41096 across servers, hosting machines, domain controllers, and admin workstations.
Patch Microsoft Defender CVE-2026-33825 on Windows workstations and servers, verify platform version, and prioritize admin and hosting machines.
Patch guidance for Windows Shell CVE-2026-32202 on Windows Server, IIS, RDS, Hyper-V, domain controllers, and admin workstations.
