Microsoft Security Updates – 21 June 2026

Microsoft has released security updates to address several vulnerabilities affecting multiple Microsoft products.

The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform spoofing attacks, obtain sensitive information, or execute arbitrary code on the affected systems.

Sample of the addressed vulnerabilities:

1. Azure Active Directory Elevation of Privilege Vulnerability (CVE-2026-45480):

  • CVSS: 10
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Gain Privileges

2. M365 Copilot Information Disclosure Vulnerability (CVE-2026-54130):

  • CVSS: 9.8
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Obtain information

Sample of the affected products:

  • Microsoft Exchange Online.
  • Microsoft Malware Protection Engine.
  • Azure Active Directory.
  • Microsoft 365 Copilot.
  • Microsoft Dynamics 365.
  • Dynamics 365 Customer Voice.
  • Azure Synapse.
  • Azure AI Bot Service.
Vulnerabilities
  • CVE-2026-47646
  • CVE-2026-47645
  • CVE-2026-48582
  • CVE-2026-48584
  • CVE-2026-47647
  • CVE-2026-54130
  • CVE-2026-42895
  • CVE-2026-45480
  • CVE-2026-32174
  • CVE-2026-32208
  • CVE-2026-47633
  • CVE-2026-50656
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Microsoft MSRC

References