TLDR; June 2026 was the biggest Patch Tuesday Microsoft has ever shipped 208 CVEs. One of them, CVE-2026-44815 (This is as bad as Etner blue, Wanna cry isse), is a CVSS 9.8 “DHCP Client Service Remote Code Execution.” I pulled the patched dhcpcore.dll, diffed it against last month’s build and the whole bug fits on one screen: a function called GetOriginalSubnetMask does a memcpy into a 4-byte buffer using a length field that came off the wire from a DHCP server, with no check that the length is actually 4.