By rssfeeds-admin Unlike several recent cycles, Microsoft reports no zero‑days exploited in the wild or publicly disclosed ahead of the release, but the breadth of attack surface from DNS and Netlogon to Office and Wi‑Fi drivers means defenders cannot afford to treat this month as low risk.
| Vulnerability Type | Count |
|---|---|
| Elevation of Privilege | 61 |
| Security Feature Bypass | 6 |
| Remote Code Execution (RCE) | 31 |
| Information Disclosure | 14 |
| Denial of Service (DoS) | 8 |
| Spoofing | 13 |
Multiple Remote Code Execution Vulnerabilities
While there are no exploited zero‑day bugs this month, the most serious issues are clustered around network‑exposed and document‑driven RCE vulnerabilities that could enable full compromise if left unpatched.
High‑value targets include Microsoft Dynamics 365 on‑premises (CVE‑2026‑42898, CVE‑2026‑42833), multiple Microsoft Office and Word RCEs (for example CVE‑2026‑42831, CVE‑2026‑40363, CVE‑2026‑40358, several Word‑specific CVEs), Windows DNS Client (CVE‑2026‑41096), Netlogon (CVE‑2026‑41089), Windows Graphics/Win32k (CVE‑2026‑40403), Windows GDI (CVE‑2026‑35421), Windows Native Wi‑Fi Miniport (CVE‑2026‑32161), and Microsoft SharePoint Server (CVE‑2026‑40365 and related CVEs).
Many of these live in components routinely exposed to untrusted content network traffic, Office documents, or browser‑like rendering paths, making them prime candidates for phishing and lateral‑movement campaigns.
Windows Core Networking, Kernel, and Virtualization Flaws
On the platform side, multiple vulnerabilities hit Windows networking and kernel‑mode components, raising the stakes for domain‑joined and internet‑facing systems.
Windows DNS Client RCE (CVE‑2026‑41096) and Netlogon RCE (CVE‑2026‑41089) stand out: successful exploitation could allow unauthenticated or low‑privileged attackers to execute code in highly sensitive parts of the Windows authentication and name resolution stack, echoing the impact category of historical bugs like SigRed and Zerologon.
Additional RCE and elevation‑of‑privilege vulnerabilities are scattered across TCP/IP, the Volume Manager Extension driver, kernel‑mode drivers, Win32k, GDI, and the Cloud Files and Telephony subsystems, increasing the potential for chainable exploits.
Windows Hyper‑V (CVE‑2026‑40402, rated Critical) also receives a privilege‑escalation fix, which is particularly important for multi‑tenant and private cloud environments where a guest‑to‑host escape could have an outsized blast radius.
Multiple Secure Boot and security‑feature bypass bugs, including in TCP/IP and Secure Boot itself, underline that attackers continue to probe Microsoft’s defensive controls rather than only its application logic.
Copilot, VS Code, and Azure Flaws
This Patch Tuesday also highlights how deeply AI and cloud‑connected development have been embedded into the enterprise attack surface.
Microsoft patches spoofing and security‑feature bypass issues in M365 Copilot for Desktop and Android, GitHub Copilot with Visual Studio, and Azure Machine Learning notebooks, raising concerns about prompt‑driven social engineering, data exfiltration, or malicious content injection via trusted AI interfaces.
While these flaws are rated Important rather than Critical, compromise of AI assistants that sit close to source code, documents, and chat histories could magnify the impact of otherwise “medium‑risk” bugs.
Developer tooling is another recurring theme. Visual Studio Code receives a cluster of fixes covering elevation of privilege, information disclosure, RCE, and security feature bypass (CVE‑2026‑41613 through CVE‑2026‑41610 and CVE‑2026‑41109), while .NET and ASP.NET Core patches address elevation of privilege, tampering, and denial‑of‑service conditions.
Azure Monitor Agent, Logic Apps, Connected Machine Agent, Windows Admin Center (including Azure Portal integration), and Dynamics 365 Business Central all feature in this month’s bulletin, confirming that Azure‑centric and hybrid‑cloud operators need to treat May’s updates as high priority.
Given the scale of changes, security teams should start by prioritizing internet‑facing and high‑value services: patch Microsoft Dynamics 365 on‑prem, SharePoint, and Office/Word RCEs, followed by Windows DNS Client, Netlogon, Windows GDI/Win32k graphics components, and the Native Wi‑Fi Miniport driver.
Organizations with significant virtualized workloads should schedule maintenance windows for Hyper‑V updates, and those relying on Copilot, Teams, and Azure‑based automation should not overlook AI‑ and workflow‑related fixes, even when severity is marked as Important.
Vulnerability Details
| CVE ID | Impact | Title |
| CVE-2026-42899 | Denial of Service | ASP.NET Core Denial of Service Vulnerability |
| CVE-2026-42898 | Remote Code Execution | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
| CVE-2026-42896 | Elevation of Privilege | Windows DWM Core Library Elevation of Privilege Vulnerability |
| CVE-2026-42893 | Tampering | Microsoft Outlook for iOS Tampering Vulnerability |
| CVE-2026-42833 | Remote Code Execution | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
| CVE-2026-42832 | Spoofing | Microsoft Office Spoofing Vulnerability |
| CVE-2026-42831 | Remote Code Execution | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-42830 | Elevation of Privilege | Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability |
| CVE-2026-42825 | Elevation of Privilege | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2026-42823 | Elevation of Privilege | Azure Logic Apps Elevation of Privilege Vulnerability |
| CVE-2026-41614 | Spoofing | M365 Copilot for Desktop Spoofing Vulnerability |
| CVE-2026-41613 | Elevation of Privilege | Visual Studio Code Elevation of Privilege Vulnerability |
| CVE-2026-41612 | Information Disclosure | Visual Studio Code Information Disclosure Vulnerability |
| CVE-2026-41611 | Remote Code Execution | Visual Studio Code Remote Code Execution Vulnerability |
| CVE-2026-41610 | Security Feature Bypass | Visual Studio Code Security Feature Bypass Vulnerability |
| CVE-2026-41109 | Security Feature Bypass | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability |
| CVE-2026-41103 | Elevation of Privilege | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability |
| CVE-2026-41102 | Spoofing | Microsoft PowerPoint for Android Spoofing Vulnerability |
| CVE-2026-41101 | Spoofing | Microsoft Word for Android Spoofing Vulnerability |
| CVE-2026-41100 | Spoofing | Microsoft 365 Copilot for Android Spoofing Vulnerability |
| CVE-2026-41097 | Security Feature Bypass | Secure Boot Security Feature Bypass Vulnerability |
| CVE-2026-41096 | Remote Code Execution | Windows DNS Client Remote Code Execution Vulnerability |
| CVE-2026-41095 | Elevation of Privilege | Data Deduplication Elevation of Privilege Vulnerability |
| CVE-2026-41094 | Remote Code Execution | Microsoft Data Formulator Remote Code Execution Vulnerability |
| CVE-2026-41089 | Remote Code Execution | Windows Netlogon Remote Code Execution Vulnerability |
| CVE-2026-41088 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-41086 | Elevation of Privilege | Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability |
| CVE-2026-40421 | Information Disclosure | Microsoft Word Information Disclosure Vulnerability |
| CVE-2026-40420 | Elevation of Privilege | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability |
| CVE-2026-40419 | Elevation of Privilege | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability |
| CVE-2026-40418 | Elevation of Privilege | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability |
| CVE-2026-40417 | Elevation of Privilege | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability |
| CVE-2026-40415 | Remote Code Execution | Windows TCP/IP Remote Code Execution Vulnerability |
| CVE-2026-40414 | Denial of Service | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2026-40413 | Denial of Service | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2026-40410 | Elevation of Privilege | Windows SMB Client Elevation of Privilege Vulnerability |
| CVE-2026-40408 | Elevation of Privilege | Windows WAN ARP Driver Elevation of Privilege Vulnerability |
| CVE-2026-40407 | Elevation of Privilege | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2026-40406 | Information Disclosure | Windows TCP/IP Information Disclosure Vulnerability |
| CVE-2026-40405 | Denial of Service | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2026-40403 | Remote Code Execution | Windows Graphics Component Remote Code Execution Vulnerability |
| CVE-2026-40402 | Elevation of Privilege | Windows Hyper-V Elevation of Privilege Vulnerability |
| CVE-2026-40401 | Denial of Service | Windows TCP/IP Denial of Service Vulnerability |
| CVE-2026-40399 | Elevation of Privilege | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-40398 | Elevation of Privilege | Windows Remote Desktop Services Elevation of Privilege Vulnerability |
| CVE-2026-40397 | Elevation of Privilege | Windows Common Log File System Driver Elevation of Privilege Vulnerability |
| CVE-2026-40382 | Elevation of Privilege | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2026-40381 | Elevation of Privilege | Azure Connected Machine Agent Elevation of Privilege Vulnerability |
| CVE-2026-40380 | Remote Code Execution | Windows Volume Manager Extension Driver Remote Code Execution Vulnerability |
| CVE-2026-40377 | Elevation of Privilege | Microsoft Cryptographic Services Elevation of Privilege Vulnerability |
| CVE-2026-40374 | Information Disclosure | Microsoft Power Automate Desktop Information Disclosure Vulnerability |
| CVE-2026-40370 | Remote Code Execution | SQL Server Remote Code Execution Vulnerability |
| CVE-2026-40369 | Elevation of Privilege | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-40368 | Remote Code Execution | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-40367 | Remote Code Execution | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-40366 | Remote Code Execution | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-40365 | Remote Code Execution | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-40364 | Remote Code Execution | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-40363 | Remote Code Execution | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-40362 | Remote Code Execution | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-40361 | Remote Code Execution | Microsoft Word Remote Code Execution Vulnerability |
| CVE-2026-40360 | Information Disclosure | Microsoft Excel Information Disclosure Vulnerability |
| CVE-2026-40359 | Remote Code Execution | Microsoft Excel Remote Code Execution Vulnerability |
| CVE-2026-40358 | Remote Code Execution | Microsoft Office Remote Code Execution Vulnerability |
| CVE-2026-40357 | Remote Code Execution | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-35440 | Information Disclosure | Microsoft Word Information Disclosure Vulnerability |
| CVE-2026-35439 | Remote Code Execution | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-35438 | Elevation of Privilege | Windows Admin Center Elevation of Privilege Vulnerability |
| CVE-2026-35436 | Elevation of Privilege | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability |
| CVE-2026-35433 | Elevation of Privilege | .NET Elevation of Privilege Vulnerability |
| CVE-2026-35424 | Denial of Service | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability |
| CVE-2026-35423 | Information Disclosure | Windows 11 Telnet Client Information Disclosure Vulnerability |
| CVE-2026-35422 | Security Feature Bypass | Windows TCP/IP Driver Security Feature Bypass Vulnerability |
| CVE-2026-35421 | Remote Code Execution | Windows GDI Remote Code Execution Vulnerability |
| CVE-2026-35420 | Elevation of Privilege | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-35419 | Information Disclosure | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2026-35418 | Elevation of Privilege | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2026-35417 | Elevation of Privilege | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2026-35416 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-35415 | Elevation of Privilege | Windows Storage Spaces Controller Elevation of Privilege Vulnerability |
| CVE-2026-34351 | Elevation of Privilege | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-34350 | Denial of Service | Windows Storport Miniport Driver Denial of Service Vulnerability |
| CVE-2026-34347 | Elevation of Privilege | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2026-34345 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-34344 | Elevation of Privilege | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
| CVE-2026-34343 | Elevation of Privilege | Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability |
| CVE-2026-34342 | Elevation of Privilege | Windows Print Spooler Elevation of Privilege Vulnerability |
| CVE-2026-34341 | Elevation of Privilege | Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability |
| CVE-2026-34340 | Elevation of Privilege | Windows Projected File System Elevation of Privilege Vulnerability |
| CVE-2026-34339 | Denial of Service | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
| CVE-2026-34338 | Elevation of Privilege | Windows Telephony Service Elevation of Privilege Vulnerability |
| CVE-2026-34337 | Elevation of Privilege | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2026-34336 | Information Disclosure | Windows DWM Core Library Information Disclosure Vulnerability |
| CVE-2026-34334 | Elevation of Privilege | Windows TCP/IP Elevation of Privilege Vulnerability |
| CVE-2026-34333 | Elevation of Privilege | Windows Win32k Elevation of Privilege Vulnerability |
| CVE-2026-34332 | Remote Code Execution | Windows Kernel-Mode Driver Remote Code Execution Vulnerability |
| CVE-2026-34331 | Elevation of Privilege | Win32k Elevation of Privilege Vulnerability |
| CVE-2026-34330 | Elevation of Privilege | Win32k Elevation of Privilege Vulnerability |
| CVE-2026-34329 | Remote Code Execution | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
| CVE-2026-33841 | Elevation of Privilege | Windows Kernel Elevation of Privilege Vulnerability |
| CVE-2026-33840 | Elevation of Privilege | Win32k Elevation of Privilege Vulnerability |
| CVE-2026-33839 | Elevation of Privilege | Win32k Elevation of Privilege Vulnerability |
| CVE-2026-33838 | Elevation of Privilege | Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability |
| CVE-2026-33837 | Elevation of Privilege | Windows TCP/IP Local Elevation of Privilege Vulnerability |
| CVE-2026-33835 | Elevation of Privilege | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| CVE-2026-33834 | Elevation of Privilege | Windows Event Logging Service Elevation of Privilege Vulnerability |
| CVE-2026-33833 | Spoofing | Azure Machine Learning Notebook Spoofing Vulnerability |
| CVE-2026-33117 | Security Feature Bypass | Azure SDK for Java Security Feature Bypass Vulnerability |
| CVE-2026-33112 | Remote Code Execution | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-33110 | Remote Code Execution | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| CVE-2026-32209 | Security Feature Bypass | Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability |
| CVE-2026-32204 | Elevation of Privilege | Azure Monitor Agent Elevation of Privilege Vulnerability |
| CVE-2026-32185 | Spoofing | Microsoft Teams Spoofing Vulnerability |
| CVE-2026-32177 | Elevation of Privilege | .NET Elevation of Privilege Vulnerability |
| CVE-2026-32175 | Tampering | .NET Core Tampering Vulnerability |
| CVE-2026-32170 | Elevation of Privilege | Windows Rich Text Edit Elevation of Privilege Vulnerability |
| CVE-2026-32161 | Remote Code Execution | Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability |
| CVE-2026-21530 | Elevation of Privilege | Windows Rich Text Edit Elevation of Privilege Vulnerability |
| CVE-2025-54518 | Elevation of Privilege | AMD: CVE-2025-54518 CPU OP Cache Corruption |
Other Patch Tuesday Updates
- Fortinet Patches Five Vulnerabilities Across FortiAP, FortiOS, and Enterprise Products
- Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager
- Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges
- SAP Patches Critical SQL injection Vulnerability in SAP S/4HANA
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post Microsoft Patch Tuesday May 2026 – 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.