Beyondtrust • 1h
The 2026 Resilience Paradox: Microsoft and Adobe Critical Vulnerability Surge
The June 2026 security updates for Microsoft and Adobe address a systemic surge in vulnerabilities, highlighting a "resilience paradox" where AI-accelerated discovery outpaces human remediation. Critical risks include wormable RCEs in the Windows Kernel (CVE-2026-45657), HTTP.sys (CVE-2026-47291), and the DHCP Client (CVE-2026-44815), all rated CVSS 9.8. Adobe Campaign Classic (APSB26-66) reached a CVSS 10.0. Active exploitation of CVE-2026-41091 (Defender EoP) is confirmed. Remediation requires immediate kernel patching, specific registry modifications for HTTP.sys to mitigate unauthenticated remote execution, and urgent deployment of Adobe bulletins to prevent total environment compromise.