RiskEvents
MonitoringLow impactAI Refreshed

Microsoft Patches Three Windows Zero-Day Vulnerabilities Including Privilege Escalation Flaws

Occurred 10 Jun 2026·Detected 10 Jun 2026·
Global - affects all fully patched Windows systems worldwide4 reports
CyberPropertyCyberCasualty & Liability

Microsoft's June 2026 Patch Tuesday addressed two zero-day Windows privilege escalation vulnerabilities (SYSTEM-level) and a third BitLocker security feature bypass, collectively tracked as YellowKey, GreenPlasma, and MiniPlasma. A broader patch cycle also resolved a record 208 CVEs including a wormable kernel-level flaw. As of the latest reporting, no in-the-wild exploitation, no named insured losses, and no specific corporate incidents have been confirmed. The event remains at the developing/signal stage with no identified loss pathway to London market specialty books.

AI-generated from linked source reports. See our correction policy.

Impact verdict

Low impact. Loss pathway: None identified. Reporting remains limited to trade media coverage of a routine but elevated Patch Tuesday disclosure, with one corroborating mainstream source describing a record 208-CVE cycle that includes a wormable kernel flaw. No active exploitation campaign, no insured losses, no specific corporate incidents, no claims, and no reserving or capacity implications are documented. The two zero-day privilege escalations and the BitLocker bypass are notable from a cyber hygiene and threat-landscape monitoring perspective, and the wormable kernel flaw raises systemic exposure considerations, but absent evidence of in-the-wild exploitation causing insured losses, the prior low-impact assessment is preserved.

View assessment methodology

How we grade what we know -- Known · Reported · Uncertain. Methodology →

Intelligence ledger

Each line expands in place to its underlying sourced claim.

AI refreshed 15 Jun 2026, 23:03

Known23 lines

Microsoft patched two zero-day privilege escalation vulnerabilities on fully patched Windows systems
structured lineknown
No separate sourced-claim record is available for this line yet.
A third vulnerability grants access to BitLocker-protected drives
structured lineknown
No separate sourced-claim record is available for this line yet.
Patches released on a Tuesday (Patch Tuesday cycle)
structured lineknown
No separate sourced-claim record is available for this line yet.
The vulnerabilities affect all fully patched Windows systems worldwide.
scope_global_fully_patched_windowsthreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Broad exposure class but no exploitation evidence.
Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Event remains at the signal lifecycle stage with no concrete loss pathway to London market specialty books; relevance to cyber insurers is limited to general hygiene and threat landscape monitoring absent evidence of exploitation-driven losses.
signal_lifecycle_no_loss_pathwaycontext onlyvalid from 10 Jun 2026, 11:09cyber
Market relevance: Indirect cyber insurance relevance via threat landscape monitoring only
BleepingComputer · 10 Jun 2026, 09:57 · trade media
A third vulnerability granting access to BitLocker-protected drives was patched in the same cycle.
bitlocker_bypass_vulncontextual monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Indirect: data confidentiality and device-encryption exposure
a third one that grants access to BitLocker-protected drives” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Two zero-day vulnerabilities enabling SYSTEM-level privilege escalation on fully patched Windows systems were patched.
two_zeroday_privilege_escalation_vulnscontextual monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Direct relevance to cyber underwriting and patch deployment velocity
two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Microsoft issued June 2026 Patch Tuesday updates addressing Windows vulnerabilities including multiple zero-day flaws.
microsoft_patch_tuesday_june_2026_issuedcontextual monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Indirect: cyber hygiene and patch deployment context for cyber underwriters
Microsoft Patch Tuesday June 2026: Record 208 CVEs” — techtimes.com · 10 Jun 2026, 19:30 · mainstream media
On Tuesday, Microsoft patched two zero-day vulnerabilities” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Microsoft released Patch Tuesday updates addressing two zero-day vulnerabilities enabling SYSTEM-level privilege escalation on fully patched Windows systems.
ms_patch_tuesday_yellowkey_greenplasmathreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Low materiality absent confirmed exploitation; relevant to cyber underwriting hygiene monitoring.
Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Supersession history: 1 prior/revised claim rows.
A third vulnerability patched in the same cycle grants access to BitLocker-protected drives.
ms_patch_tuesday_miniplasma_bitlockerthreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Potential relevance to cyber data-exfiltration and ransomware pathways if chained, but no exploitation evidence.
a third one that grants access to BitLocker-protected drives” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Supersession history: 1 prior/revised claim rows.
A second patched zero-day, tracked as GreenPlasma, also enables SYSTEM-level privilege escalation on fully patched Windows systems.
greenplasma_system_privilege_escalationthreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: General threat-landscape awareness; no reported exploitation.
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
The third patched zero-day, tracked as MiniPlasma, grants access to BitLocker-protected drives.
miniplasma_bitlocker_accessthreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Encryption-bypass class vulnerability is notable for data-at-rest protection assumptions.
and a third one that grants access to BitLocker-protected drives.” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
One of the patched zero-days, tracked as YellowKey, enables SYSTEM-level privilege escalation on fully patched Windows systems.
yellowkey_system_privilege_escalationthreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: General threat-landscape awareness; no reported exploitation.
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Microsoft released patches on Patch Tuesday addressing three Windows zero-day vulnerabilities on fully patched Windows systems.
msft_patch_tuesday_zero_day_releasethreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Limited direct relevance; routine hygiene disclosure from a single trade media source.
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives.” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Microsoft patched three vulnerabilities on Patch Tuesday, including two zero-days enabling SYSTEM-level privilege escalation on fully patched Windows systems and a third granting access to BitLocker-protected drives.
ms_patch_tuesday_zero_day_disclosurefactvalid from 10 Jun 2026, 11:04cyber
Market relevance: indirect cyber hygiene relevance
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives.” — BleepingComputer · 10 Jun 2026, 11:09
One of the three patched vulnerabilities grants attackers access to BitLocker-protected drives.
bitlocker_access_flawfactvalid from 10 Jun 2026, 11:04cyber
Market relevance: Indirect relevance to cyber and potentially crime/fidelity coverage considerations around data confidentiality on encrypted endpoints.
a third one that grants access to BitLocker-protected drives” — BleepingComputer · 10 Jun 2026, 11:09
No named insured losses and no specific corporate incidents have been documented in connection with these zero-days.
no_insured_losses_documentedno identified loss pathwayvalid from 15 Jun 2026, 17:58Cyber
Market relevance: Direct: confirms no current loss-pathway to specialty books
systemic exposure across enterprises” — techtimes.com · 10 Jun 2026, 19:30 · mainstream media
no named insured losses” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
No insured losses, named corporate incidents, claims activity, or reserving implications have been reported in connection with these Patch Tuesday disclosures.
no_insured_losses_or_corporate_incidents_reportedloss
Market relevance: No identified London market specialty book exposure at this time
BleepingComputer · 10 Jun 2026, 09:57 · trade media
As of the latest reporting, no in-the-wild exploitation of the YellowKey, GreenPlasma, or MiniPlasma zero-days has been confirmed.
no_in_the_wild_exploitation_confirmedno identified loss pathwayvalid from 15 Jun 2026, 17:58Cyber
Market relevance: Direct: absence of exploitation underpins low current loss-pathway assessment
wormable kernel-level vulnerability requiring urgent patching” — techtimes.com · 10 Jun 2026, 19:30 · mainstream media
no confirmed in-the-wild exploitation” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
The event is classified as developing, having transitioned from signal based on corroboration across multiple sources.
lifecycle_status_developingcontextual monitoringvalid from 15 Jun 2026, 17:58Cyber
Market relevance: Context: event is on a watchlist but remains low severity
evidence_trigger: corroboration >= 2” — techtimes.com · 10 Jun 2026, 19:30 · mainstream media
The event remains at the signal stage pending evidence of exploitation or insured loss.
lifecycle_status_signalstatusCyber
Market relevance: Lifecycle stage governs alert cadence and materiality uplift.
Source · 15 Jun 2026, 12:39
The event remains at the signal stage; no escalation to incident or loss has occurred.
lifecycle_signal_stageno loss pathwayvalid from 14 Jun 2026, 16:43Cyber
Market relevance: Lifecycle remains at signal; no market-facing action warranted.
Routine patch Tuesday events typically have limited direct insurance market impact absent confirmed exploitation campaigns” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
The event lifecycle remains at the signal stage, pending evidence of active exploitation or loss activity.
lifecycle_remains_signal_stageno implication identifiedvalid from 14 Jun 2026, 07:03Cyber
Market relevance: Indicates event has not graduated to actionable market event.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
Supersession history: 1 prior/revised claim rows.

Reported11 lines

The vulnerabilities are tracked under codenames YellowKey, GreenPlasma, and MiniPlasma
structured linereported
No separate sourced-claim record is available for this line yet.
The three zero-day vulnerabilities are tracked under the codenames YellowKey, GreenPlasma, and MiniPlasma.
zeroday_codenames_reportedcontextvalid from 10 Jun 2026, 11:04Cyber
Market relevance: Low: identification context for tracking
Microsoft Patches YellowKey, GreenPlasma, MiniPlasma Zero-Days” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
The June 2026 cycle includes a wormable kernel-level vulnerability flagged as requiring urgent patching.
wormable_kernel_flaw_reportedpotential systemic exposurevalid from 10 Jun 2026, 19:30Cyber
Market relevance: Indirect: systemic exposure if exploited across enterprise estates
Wormable Kernel Flaw Demands Patching” — techtimes.com · 10 Jun 2026, 19:30 · mainstream media
The June 2026 Patch Tuesday addressed a record 208 CVEs.
patch_tuesday_record_cve_countcontextual monitoringvalid from 10 Jun 2026, 19:30Cyber
Market relevance: Indirect: elevated patch volume and systemic risk awareness
Record 208 CVEs” — techtimes.com · 10 Jun 2026, 19:30 · mainstream media
The three vulnerabilities are tracked under the codenames YellowKey, GreenPlasma, and MiniPlasma.
ms_codenames_yellowkey_greenplasma_miniplasmacontextCyber
Market relevance: Identifies the disclosure scope for vendor and threat-intel tracking.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
The vulnerabilities affect all fully patched Windows systems worldwide.
global_windows_exposure_scopecontextCyber
Market relevance: Establishes the population-at-risk baseline for potential cyber underwriting impact.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
Supersession history: 1 prior/revised claim rows.
The three vulnerabilities are tracked under the codenames YellowKey, GreenPlasma, and MiniPlasma per the source reporting.
vulnerability_codenamescontextvalid from 10 Jun 2026, 11:04
Microsoft Patches YellowKey, GreenPlasma, MiniPlasma Zero-Days” — BleepingComputer · 10 Jun 2026, 11:09
Microsoft released patches for two zero-day vulnerabilities enabling SYSTEM-level privilege escalation on fully patched Windows systems, plus a third flaw granting access to BitLocker-protected drives, tracked as YellowKey, GreenPlasma, and MiniPlasma.
msft_patches_yellowkey_greenplasma_miniplasmathreat landscape monitoringvalid from 10 Jun 2026, 11:04Cyber
Market relevance: General cyber hygiene relevance; no direct insured loss pathway identified.
Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives.” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Microsoft issued patches on Patch Tuesday for vulnerabilities tracked as YellowKey, GreenPlasma, and MiniPlasma, two of which enable SYSTEM-level privilege escalation on fully patched Windows systems, with a third granting access to BitLocker-protected drives.
msft_patch_tuesday_yellowkey_greenplasma_miniplasmafactvalid from 10 Jun 2026, 11:04
Market relevance: General cyber threat landscape hygiene; no specific line of business impact identified
On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives.” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
No named insured losses, specific corporate incidents, claims, reserving, or capacity implications have been identified in connection with the disclosed vulnerabilities.
no_named_insured_losses_or_incidentsno implication identifiedCyber
Market relevance: Directly relevant to London market loss-pathway assessment; absence supports low-impact banding.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
No insured losses, named corporate incidents, claims, or reserving activity have been reported in connection with the three zero-day vulnerabilities.
no_insured_losses_reportedlossvalid from 10 Jun 2026, 11:04Cyber
Market relevance: No concrete loss pathway to London market specialty books identified.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
Supersession history: 1 prior/revised claim rows.

Uncertain11 lines

Whether any of these zero-days have been actively exploited in the wild
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Scale of potential exposure across enterprise environments
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether any insured entities have been compromised
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Whether any of these zero-days have been actively exploited, the scale of potential enterprise exposure, and whether any insured entities have been compromised remain unconfirmed.
uncertain_exploitation_scale_insured_exposureuncertainty resolved by monitoringvalid from 15 Jun 2026, 17:58Cyber
Market relevance: Direct: key uncertainty gating loss-pathway assessment
Whether any insured entities have been compromised” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
As of latest reporting, there is no confirmed in-the-wild exploitation of the disclosed vulnerabilities.
no_confirmed_in_the_wild_exploitationcontextCyber
Market relevance: Material gating factor: without exploitation, insured-loss pathway remains theoretical.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
Supersession history: 1 prior/revised claim rows.
No named insured losses, specific corporate incidents, claims, reserving, or capacity implications have been documented.
no_insured_losses_or_incidentscontextCyber
Market relevance: Absence of insured-loss evidence keeps London market severity at the low end.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
Scale of potential enterprise exposure across fully patched Windows environments remains uncharacterized; no telemetry or asset-count figures have been published.
global_windows_exposure_scope_uncertaininformational onlyCyber
Market relevance: Exposure scope could in principle be global, but absent exploitation has no insured-loss consequence.
BleepingComputer · 10 Jun 2026, 09:57 · trade media
The scale of potential exposure across enterprise environments remains uncertain.
uncertain_enterprise_exposure_scalethreat landscape monitoringCyber
Market relevance: Uncertainty around potential aggregation across insured portfolios.
Source · 14 Jun 2026, 07:03
No named insured losses, no specific corporate incidents, and no claims, reserving, or capacity implications have been documented for this event.
no_named_insured_lossesno loss pathwayvalid from 14 Jun 2026, 16:43Cyber
Market relevance: Directly bounds the potential_impact band at low absent further evidence.
no insured losses, or specific corporate incidents” — BleepingComputer · 10 Jun 2026, 09:57 · trade media
Whether any insured entities have been compromised via the disclosed vulnerabilities is unknown.
uncertain_insured_entity_compromisestatusCyber
Market relevance: Material to whether a cyber loss pathway opens.
Source · 14 Jun 2026, 07:03
The source does not provide evidence of active in-the-wild exploitation of these zero-day vulnerabilities; exploitation status remains unconfirmed in the available reporting.
no_confirmed_active_exploitationstatus
BleepingComputer · 10 Jun 2026, 11:09

Latest developments

  • Microsoft released June 2026 Patch Tuesday updates addressing Windows vulnerabilities. BleepingComputer
  • Two SYSTEM-level zero-day privilege escalation flaws were patched. BleepingComputer
  • A BitLocker security feature bypass vulnerability was patched. BleepingComputer
  • Vulnerabilities are tracked as YellowKey, GreenPlasma, and MiniPlasma. BleepingComputer
  • Microsoft's June 2026 Patch Tuesday addressed a record 208 CVEs. techtimes.com
  • A wormable kernel-level flaw was flagged in the June 2026 cycle. techtimes.com
  • No in-the-wild exploitation of the zero-days has been confirmed. BleepingComputer
  • No insured losses or corporate incidents have been documented. BleepingComputer

Timeline

Corroboration16 Jun 2026, 09:24

A security researcher known for tensions with Microsoft disclosed a seventh Windows zero-day vulnerability hours after the June 2026 Patch Tuesday. The disclosure raises concerns about exposure of unpatched Windows systems globally. No active exploitation or confirmed breaches are reported in the source.

Source: thenextweb.com (Mainstream Media) · View source

Status Change16 Jun 2026, 06:30

Status changed to monitoring

Auto-transitioned: no updates for 6 hours

active -> monitoring

Status Change15 Jun 2026, 23:56

Status changed to active

evidence_trigger: developing_promotion

developing -> active

Corroboration15 Jun 2026, 23:56

Microsoft has released patches for three actively exploited zero-day vulnerabilities (YellowKey, GreenPlasma, MiniPlasma) enabling SYSTEM privilege escalation and BitLocker encryption bypass on fully patched Windows systems. The vulnerabilities pose significant risk to enterprise environments globally, with potential exposure for cyber insurers covering ransomware and system compromise losses.

Source: r/SecOpsDaily (Social / Community) · View source

Intelligence Refresh15 Jun 2026, 23:03
Status Change15 Jun 2026, 17:58

Status changed to developing

evidence_trigger: corroboration >= 2

signal -> developing

Corroboration15 Jun 2026, 17:58

Microsoft's June 2026 Patch Tuesday addresses a record 208 CVEs, including a wormable kernel-level vulnerability requiring urgent patching. The volume of flaws and the self-propagating nature of the kernel bug create systemic exposure across enterprises relying on Microsoft operating systems globally. This is a routine but elevated cyber security event relevant to cyber underwriters monitoring patch deployment and potential exploitation timelines.

Source: techtimes.com (Mainstream Media) · View source

Initial Detection10 Jun 2026, 11:04

Initial Detection

Microsoft issued patches for two zero-day vulnerabilities enabling SYSTEM-level privilege escalation on fully patched Windows systems, plus a third flaw granting access to BitLocker-protected drives. While the vulnerabilities are significant for cybersecurity, the source provides no evidence of active exploitation, insured losses, or specific corporate incidents. Routine patch Tuesday events typically have limited direct insurance market impact absent confirmed exploitation campaigns.

On Tuesday, Microsoft patched two zero-day vulnerabilities that let attackers gain SYSTEM privileges on fully patched Windows systems, and a third one that grants access to BitLocker-protected drives.

Source: BleepingComputer (Trade Media) · View source

Lloyd's classifications

Tracking this kind of risk? Get an email when Cyber events escalate.

Get alerts
← Back to live events