MDR
Solutions
Partners
About
Resources
Windows (all versions), Microsoft Office, SharePoint, Azure, SQL Server, .NET, Visual Studio, Teams, Dynamics 365, and Microsoft SSO Plugin for Jira & Confluence.
120 CVEs patched including 17 Critical: 14 RCE, 2 EoP, 1 information disclosure; no zero-days included in this release.
Released 12–13 May 2026; no publicly disclosed or actively exploited vulnerabilities included in this Patch Tuesday.
Domain controller Netlogon service, Word Preview Pane, SharePoint web interfaces, Windows Kernel, DNS service, and SSO authentication flow.
Stack-based buffer overflow (Netlogon), forged SSO responses, memory corruption in Office parsers, and kernel privilege escalation flaws.
Remote unauthenticated Netlogon requests, crafted Word/Office files via email, forged SSO login responses, or local kernel exploitation by authenticated attackers.
Exploitation enables RCE on domain controllers, privilege escalation to SYSTEM, data tampering in Jira/Confluence, and SharePoint compromise.
High risk across government and business; Windows infrastructure, Office 365, Azure, and business applications broadly affected.
Apply all May 2026 Microsoft patches immediately across Windows, Office, SharePoint, Azure, SQL Server, and business application stacks.
Prioritise critical patches; enforce least privilege; train users on social engineering; deploy EDR and host-based IPS solutions.
Microsoft May 2026 Patch Tuesday — 120 CVEs patched. Sources: BleepingComputer and Tenable blog analysis. Key CVEs: CVE-2026-41089 (Netlogon RCE, CVSS 9.8), CVE-2026-41103 (SSO EoP, CVSS 9.1), CVE-2026-40361/40364/40366/40367 (Word RCE).
Trusted by clients worldwide
Led by human expertise and powered by the VisionX platform, we provide you with a 24/7 unbeatable Managed Detection & Response capability giving you transparent and consolidated security solutions.
.jpg)