Microsoft’s June 2026 Patch Tuesday just dropped, and this one is worth paying attention to.
This month’s update is the largest single Patch Tuesday release in the program’s history, addressing 200 security vulnerabilities across Windows, Office, Azure, Exchange Server, and Remote Desktop Services. For context, the previous record was 167 vulnerabilities. This is not a normal month.
It includes 33 critical flaws and three publicly disclosed zero-days, and buried inside it is a hard deadline most businesses have no idea is coming. This is not a routine update, and for SMBs running Windows, the window to act is shorter than usual.
What Is Actually in This Update
The numbers break down like this:
- 200 total vulnerabilities patched, a new record
- 33 rated Critical, 28 of which are remote code execution flaws
- 3 publicly disclosed zero-days, meaning attackers already have the details
Remote code execution means an attacker could run malicious code on your machine without ever physically touching it. (A fun feature nobody asked for.)
One of the zero-days getting the most attention is CVE-2026-45586, a flaw that allows an attacker to obtain full SYSTEM-level privileges on a Windows 10 or 11 machine. SYSTEM privileges means complete control. Most SMBs run Windows 10 or 11 on every device in the office.
The Deadline Nobody Is Talking About
A Secure Boot certificate expiration is arriving June 26, seventeen days from now, and this is the last Patch Tuesday before it hits. Secure Boot prevents malicious software from loading before your operating system starts. When the certificate expires, unpatched systems lose that protection entirely. Most businesses have no idea this deadline exists. (Which is probably fine, everything is fine.)
What to Do Right Now
If you manage your own IT, every device needs to be updated before June 26. A few things to check:
- Confirm automatic updates are turned on and actually completing
- Look for devices with updates stuck or silently failing in the background
- Prioritize anything running Windows 10 or 11
If you work with a managed IT provider, this should already be in motion. If you are not sure whether it is, that is worth a conversation today.
At GiaSpace, patching is part of what we monitor and manage for every client. You should not have to track Patch Tuesday deadlines to keep your business secure.
→ Schedule Your Free Security Assessment with Rob
→ Learn More About Our Managed Security Services
Published: Jun 11, 2026
Need IT Support for Your Florida Business?
GiaSpace provides proactive managed IT services, cybersecurity, and local tech support across Florida — with teams in Gainesville, Fort Lauderdale, Jacksonville, and Ocala.
Managed IT Services FloridaCybersecurity Services FLGainesville IT ServicesFort Lauderdale IT Services
