Windows Kernel Use-After-Free Remote Code Execution Patched in Record June 2026 Patch Tuesday (CVE-2026-45657)

Scope: Windows 11 (Versions 23H2 through 26H1) and Windows Server 2022, 2025 (Including Server Core)

Severity: Red

Microsoft's June 2026 Patch Tuesday addressed a record 206 to 208 CVEs, among them CVE-2026-45657 (CVSS 9.8), a use-after-free vulnerability in the Windows Kernel that allows an unauthorized remote attacker to execute code over the network without authentication or user interaction, granting full SYSTEM-level control of any affected host reachable on the network. While Microsoft has not confirmed public exploitation of this specific flaw at time of disclosure, its network-reachable kernel-level attack surface and the fact that it shipped alongside one confirmed actively exploited Defender zero-day in the same update cycle make it a top priority for any internet-facing or broadly network-accessible server and management infrastructure. Organizations must apply the June 2026 cumulative update across all affected Windows 11 and Windows Server builds immediately, prioritizing servers and management infrastructure with broad network reachability ahead of standard desktop endpoints, and verify fixed build numbers post-reboot rather than relying solely on update deployment status.

The Uganda National CERT and Coordination Center (CERT.UG/CC) encourages users and administrators to review the recommendations and apply the necessary updates.