CVE-2026-45655
published 2026-06-09CVE-2026-45655: Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
PriorityP428medium5.3CVSS 3.1
AVPACLPRNUINSCCHINAN
EPSS
0.33%
24.8th percentile
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1607 | < 10.0.14393.9234 | 10.0.14393.9234 |
| microsoft | windows_10_1809 | < 10.0.17763.8880 | 10.0.17763.8880 |
| microsoft | windows_10_21h2 | < 10.0.19044.7417 | 10.0.19044.7417 |
| microsoft | windows_10_22h2 | < 10.0.19045.7417 | 10.0.19045.7417 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.9234 | 10.0.14393.9234 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.8880 | 10.0.17763.8880 |
| microsoft | windows_10_version_21h2 | >= 10.0.19044.0 < 10.0.19044.7417 | 10.0.19044.7417 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.7417 | 10.0.19045.7417 |
| microsoft | windows_11_23h2 | < 10.0.22631.7219 | 10.0.22631.7219 |
| microsoft | windows_11_24h2 | < 10.0.26100.8655 | 10.0.26100.8655 |
| microsoft | windows_11_25h2 | < 10.0.26200.8655 | 10.0.26200.8655 |
| microsoft | windows_11_26h1 | < 10.0.28000.2269 | 10.0.28000.2269 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.7219 | 10.0.22631.7219 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.8655 | 10.0.26100.8655 |
| microsoft | windows_11_version_25h2 | >= 10.0.26200.0 < 10.0.26200.8655 | 10.0.26200.8655 |
| microsoft | windows_11_version_26h1 | >= 10.0.28000.0 < 10.0.28000.2269 | 10.0.28000.2269 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.26132 | 6.2.9200.26132 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.23228 | 6.3.9600.23228 |
| microsoft | windows_server_2016 | < 10.0.14393.9234 | 10.0.14393.9234 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.9234 | 10.0.14393.9234 |
| microsoft | windows_server_2019 | < 10.0.17763.8880 | 10.0.17763.8880 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.8880 | 10.0.17763.8880 |
| microsoft | windows_server_2022 | < 10.0.20348.5256 | 10.0.20348.5256 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.5256 | 10.0.20348.5256 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
ghsa_unreviewed·2026-06-09
CVE-2026-45655 [MEDIUM] CWE-693 Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
VulDB
Microsoft Windows up to Server 2025 BitLocker protection mechanism
vuldb·2026-06-09·CVSS 5.3
CVE-2026-45655 [MEDIUM] Microsoft Windows up to Server 2025 BitLocker protection mechanism
A vulnerability labeled as problematic has been found in Microsoft Windows. This issue affects some unknown processing of the component BitLocker. Executing a manipulation can lead to protection mechanism failure.
This vulnerability is handled as CVE-2026-45655. The physical device can be targeted for the attack. There is not any exploit available.
The affected component should be upgraded.
No detection rules found.
No public exploits indexed.
Hackernews
Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
blogs_hackernews·2026-06-10·CVSS 9.1
CVE-2025-10263 [CRITICAL] Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs
Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release.
Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security feature bypass, seven denial-of-service, and three tampering vulnerabilities.
The patches also include two non-Microsoft CVEs, a privilege escalation vulner
Sans Isc
Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
blogs_sans_isc·2026-06-09·CVSS 8.8
CVE-2026-49160 [HIGH] Microsoft June 2026 Patch Tuesday, (Tue, Jun 9th)
Microsoft June 2026 Patch Tuesday
Published: 2026-06-09. Last Updated: 2026-06-09 17:34:29 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
Microsoft today released patches for 204 vulnerabilities. 38 of these vulnerabilities are considered critical, and three have been disclosed before today. Six of the vulnerabilities affect Microsoft cloud solutions and do not require any user action. In addition, Microsoft incorporated 360 different vulnerabilities affecting Chromium into its Edge browser.
This is certainly a busier-than-usual patch Tuesday. In particular, the large number of patched Chromium/Edge vulnerabilities underscores the impact of AI tools on vulnerability discovery.
Some noteworthy vulnerabilities:
CVE-2026-49160: This vulnerability was made public a week ago. As implem
Rapid7
Patch Tuesday - June 2026
blogs_rapid7·2026-06-09·CVSS 7.8
CVE-2026-33825 [HIGH] Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday . Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month’s Patch Tuesday, however several of last month’s vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update G
Bleepingcomputer
Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
blogs_bleepingcomputer·2026-06-09·CVSS 7.8
CVE-2026-45586 [HIGH] Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
## Microsoft June 2026 Patch Tuesday fixes 3 zero-day, 200 flaws
## Lawrence Abrams
65 Elevation of Privilege Vulnerabilities
19 Security Feature Bypass Vulnerabilities
55 Remote Code Execution Vulnerabilities
30 Information Disclosure Vulnerabilities
7 Denial of Service Vulnerabilities
27 Spoofing Vulnerabilities
When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today.
Therefore, the number of flaws does not include flaws in Mariner, Azure HorizonDB, Microsoft Copilot, Copilot Chat, M365 Copilot, Microsoft Exchange Online, and Microsoft Graph that were fixed by Microsoft earlier this month.
There were also a massive 360 Microsoft Edge/Chromium flaws that were fixed by Google this month, which were excluded from this Patch
2026-06-09
Published