Microsoft June Patchday fixes critical vulnerabilities including BitLocker zero-days and Windows 11 kernel flaw
By
Dennis Schirrmacher
Toasted just enough. A reliable bake, gently seasoned.
Summary
Microsoft's June Patchday addresses critical security vulnerabilities across Azure, M365, Exchange Online, Office, and Windows, including remote code execution flaws. The update also patches two BitLocker zero-day vulnerabilities (YellowKey CVE-2026-45585 and GreenPlasma CVE-2026-50507) disclosed by researcher Nightmare Eclipse, along with a critical kernel vulnerability affecting Windows 11.
Key quotes
· 4 pulledOn the June Patchday, Microsoft classifies numerous security vulnerabilities in Azure, M365, Exchange Online, Office, and Windows as 'critical.'
In many cases, attackers can execute malicious code remotely without authentication and completely compromise systems.
Among the vulnerabilities now closed are the BitLocker zero-day vulnerabilities YellowKey (CVE-2026-45585 'medium') and GreenPlasma (CVE-2026-50507 'medium'), which a security researcher with the pseudonym Nightmare Eclipse has disclosed.
Among other things, a critical kernel vulnerability threatens Windows 11.
You might also wanna read
Anonymous researcher releases two new Windows zero-day exploits after Patch Tuesday
An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker
theregister.com·13d agoAnonymous researcher releases two new Windows zero-day exploits after Patch Tuesday
An anonymous security researcher (Nightmare-Eclipse/Chaotic Eclipse) has released two new Windows zero-day exploits — YellowKey (a BitLocker
theregister.com·13d ago
Security researcher publishes YellowKey zero-day exploit that bypasses Microsoft BitLocker encryption via USB stick
Security researcher Chaotic Eclipse (Nightmare-Eclipse) has published two new zero-day exploits targeting Microsoft systems after their prev
tomshardware.com·27d ago
Microsoft zero-day feud escalates as researcher threatens major exploit release on July 14
The ongoing feud between Microsoft and security researcher Nightmare Eclipse (aka Chaotic Eclipse) has escalated, with the researcher having
theregister.com·10d agoMicrosoft zero-day feud escalates as researcher threatens major exploit release on July 14
The ongoing feud between Microsoft and security researcher Nightmare Eclipse (aka Chaotic Eclipse) has escalated, with the researcher having
theregister.com·10d ago
Security researcher claims BitLocker bypass vulnerability may be intentional Microsoft backdoor
A security researcher known as Nightmare-Eclipse has discovered and released YellowKey, a vulnerability that allegedly bypasses Microsoft's
techspot.com·24d ago
Windows 11 January 2026 Security Update Breaks Notepad and Snipping Tool with Dual Bugs
Microsoft's January 2026 security update for Windows 11 introduced two separate bugs that broke several core applications including Notepad
winbuzzer.com·4mo ago
CVE-2025-53136: Microsoft Patches Windows Kernel Information Disclosure Vulnerability Bypassing KASLR
Microsoft patched CVE-2025-53136, a kernel information disclosure vulnerability in Windows NT OS Kernel that allowed leaking kernel base add
crowdfense.com·9mo ago