Microsoft's June 2026 Patch Tuesday expanded the scope to 206 flaws with 6 zero-day vulnerabilities (previously unknown security gaps that hackers can exploit), exceeding the three zero-days mentioned in the original report. However, a subsequent May 2026 patch cycle addressed 120 flaws with no zero-days, suggesting the vulnerability landscape has shifted. Security researchers at Dark Reading continue to warn that zero-day exploits are persisting even after patches are released, indicating ongoing threats beyond Microsoft's immediate fixes.
Microsoft released an unusually large number of security patches to fix serious problems in its software. The company patched 206 different security flaws in total, which is a record-breaking number for the tech giant. Among these flaws were three zero-day vulnerabilities, which are security problems that Microsoft didn't know about before hackers started exploiting them.
Three of the zero-days that Microsoft fixed were called YellowKey, GreenPlasma, and MiniPlasma. These names refer to different types of security weaknesses in Microsoft products. Zero-day vulnerabilities are particularly dangerous because they catch companies by surprise—hackers find and use them before the company has time to create a fix.
One of the most critical problems fixed by Microsoft involved Exchange Server, a tool that many businesses use to manage email. This vulnerability allowed attackers to send emails that appeared to come from any email address they wanted, even if they didn't actually own that address. This type of attack is called spoofing and can trick people into trusting fake emails. The Exchange Server flaw also had a path traversal problem, meaning attackers could potentially access files and information they shouldn't be able to reach on a computer system.
Beyond Microsoft's patches, other major technology companies also fixed serious security problems. ServiceNow, a popular business software company, patched vulnerabilities that hackers had already used to attack some of its customers. Additionally, a security flaw was discovered in Langflow, an artificial intelligence development platform. This flaw involved a path traversal weakness that attackers were actively using in real attacks against users.
Path traversal flaws are a common type of security problem that allows hackers to navigate through computer folders and access files they shouldn't be able to see. These vulnerabilities are dangerous because they can give criminals access to sensitive company information or personal data.
The large number of patches from Microsoft reflects how important it is for companies to regularly update their software. Security experts recommend that businesses and individual users install these patches as quickly as possible to protect themselves from hackers. The fact that these zero-day vulnerabilities were already being exploited by attackers makes it even more urgent for people to apply the fixes. Companies that manage many computers for other businesses were especially focused on rolling out these patches to protect their customers from potential attacks.