// #cve-2026-45657
2 articles
🏛️ Architecture
Read
Three CVSS 9.8 Windows Flaws Demand Emergency Action: Kernel RCE, Wormable HTTP.sys, and DHCP Client
CVE-2026-45657 (Windows Kernel), CVE-2026-47291 (HTTP.sys), and CVE-2026-44815 (DHCP Client) each carry CVSS 9.8 and enable unauthenticated remote code execution. All three were publicly disclosed before Microsoft's June patch, giving attackers a head start. This article provides technical detail and remediation guidance for each flaw.
#windows +10
🛡️ SecOps
Read
Microsoft June 2026 Patch Tuesday: 198 CVEs and Six Zero-Days Including Wormable CVSS 9.8 HTTP.sys Flaw
Microsoft's June 2026 Patch Tuesday addresses 198 vulnerabilities across Windows, Office, Azure, and server components — including three CVSS 9.8 critical remote code execution flaws and six publicly disclosed zero-days. HTTP.sys CVE-2026-47291 is wormable, requiring no authentication or user interaction against any Windows Server with IIS or HTTP API exposed.
#microsoft +9