Microsoft Patch Tuesday May 2026 – 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws

HomeCyber Security Microsoft Patch Tuesday May 2026 – 120 Vulnerabilities Fixed, Including 29 Critical RCE Flaws By Guru Baran May 12, 2026 Microsoft’s May 2026 Patch Tuesday lands with a heavy enterprise focus, fixing 120 vulnerabilities across Windows, Office, Azure, developer tools, and Microsoft 365 apps, including 29 remote code execution (RCE) flaws rated Critical. Unlike several recent cycles, Microsoft reports no zero‑days exploited in the wild or publicly disclosed ahead of the release, but the breadth of attack surface from DNS and Netlogon to Office and Wi‑Fi drivers means defenders cannot afford to treat this month as low risk. Vulnerability Type Count Elevation of Privilege 61 Security Feature Bypass 6 Remote Code Execution (RCE) 31 Information Disclosure 14 Denial of Service (DoS) 8 Spoofing 13 Multiple Remote Code Execution Vulnerabilities While there are no exploited zero‑day bugs this month, the most serious issues are clustered around network‑exposed and document‑driven RCE vulnerabilities that could enable full compromise if left unpatched. High‑value targets include Microsoft Dynamics 365 on‑premises (CVE‑2026‑42898, CVE‑2026‑42833), multiple Microsoft Office and Word RCEs (for example CVE‑2026‑42831, CVE‑2026‑40363, CVE‑2026‑40358, several Word‑specific CVEs), Windows DNS Client (CVE‑2026‑41096), Netlogon (CVE‑2026‑41089), Windows Graphics/Win32k (CVE‑2026‑40403), Windows GDI (CVE‑2026‑35421), Windows Native Wi‑Fi Miniport (CVE‑2026‑32161), and Microsoft SharePoint Server (CVE‑2026‑40365 and related CVEs). Many of these live in components routinely exposed to untrusted content network traffic, Office documents, or browser‑like rendering paths, making them prime candidates for phishing and lateral‑movement campaigns. Windows Core Networking, Kernel, and Virtualization Flaws On the platform side, multiple vulnerabilities hit Windows networking and kernel‑mode components, raising the stakes for domain‑joined and internet‑facing systems. Windows DNS Client RCE (CVE‑2026‑41096) and Netlogon RCE (CVE‑2026‑41089) stand out: successful exploitation could allow unauthenticated or low‑privileged attackers to execute code in highly sensitive parts of the Windows authentication and name resolution stack, echoing the impact category of historical bugs like SigRed and Zerologon. Additional RCE and elevation‑of‑privilege vulnerabilities are scattered across TCP/IP, the Volume Manager Extension driver, kernel‑mode drivers, Win32k, GDI, and the Cloud Files and Telephony subsystems, increasing the potential for chainable exploits. Windows Hyper‑V (CVE‑2026‑40402, rated Critical) also receives a privilege‑escalation fix, which is particularly important for multi‑tenant and private cloud environments where a guest‑to‑host escape could have an outsized blast radius. Multiple Secure Boot and security‑feature bypass bugs, including in TCP/IP and Secure Boot itself, underline that attackers continue to probe Microsoft’s defensive controls rather than only its application logic. Copilot, VS Code, and Azure Flaws This Patch Tuesday also highlights how deeply AI and cloud‑connected development have been embedded into the enterprise attack surface. Microsoft patches spoofing and security‑feature bypass issues in M365 Copilot for Desktop and Android, GitHub Copilot with Visual Studio, and Azure Machine Learning notebooks, raising concerns about prompt‑driven social engineering, data exfiltration, or malicious content injection via trusted AI interfaces. While these flaws are rated Important rather than Critical, compromise of AI assistants that sit close to source code, documents, and chat histories could magnify the impact of otherwise “medium‑risk” bugs. Developer tooling is another recurring theme. Visual Studio Code receives a cluster of fixes covering elevation of privilege, information disclosure, RCE, and security feature bypass (CVE‑2026‑41613 through CVE‑2026‑41610 and CVE‑2026‑41109), while .NET and ASP.NET Core patches address elevation of privilege, tampering, and denial‑of‑service conditions. Azure Monitor Agent, Logic Apps, Connected Machine Agent, Windows Admin Center (including Azure Portal integration), and Dynamics 365 Business Central all feature in this month’s bulletin, confirming that Azure‑centric and hybrid‑cloud operators need to treat May’s updates as high priority. Given the scale of changes, security teams should start by prioritizing internet‑facing and high‑value services: patch Microsoft Dynamics 365 on‑prem, SharePoint, and Office/Word RCEs, followed by Windows DNS Client, Netlogon, Windows GDI/Win32k graphics components, and the Native Wi‑Fi Miniport driver. Organizations with significant virtualized workloads should schedule maintenance windows for Hyper‑V updates, and those relying on Copilot, Teams, and Azure‑based automation should not overlook AI‑ and workflow‑related fixes, even when severity is marked as Important. Vulnerability Details CVE ID Impact Title CVE-2026-42899 Denial of Service ASP.NET Core Denial of Service Vulnerability CVE-2026-42898 Remote Code Execution Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability CVE-2026-42896 Elevation of Privilege Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2026-42893 Tampering Microsoft Outlook for iOS Tampering Vulnerability CVE-2026-42833 Remote Code Execution Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability CVE-2026-42832 Spoofing Microsoft Office Spoofing Vulnerability CVE-2026-42831 Remote Code Execution Microsoft Office Remote Code Execution Vulnerability CVE-2026-42830 Elevation of Privilege Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability CVE-2026-42825 Elevation of Privilege Windows Telephony Service Elevation of Privilege Vulnerability CVE-2026-42823 Elevation of Privilege Azure Logic Apps Elevation of Privilege Vulnerability CVE-2026-41614 Spoofing M365 Copilot for Desktop Spoofing Vulnerability CVE-2026-41613 Elevation of Privilege Visual Studio Code Elevation of Privilege Vulnerability CVE-2026-41612 Information Disclosure Visual Studio Code Information Disclosure Vulnerability CVE-2026-41611 Remote Code Execution Visual Studio Code Remote Code Execution Vulnerability CVE-2026-41610 Security Feature Bypass Visual Studio Code Security Feature Bypass Vulnerability CVE-2026-41109 Security Feature Bypass GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability CVE-2026-41103 Elevation of Privilege Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability CVE-2026-41102 Spoofing Microsoft PowerPoint for Android Spoofing Vulnerability CVE-2026-41101 Spoofing Microsoft Word for Android Spoofing Vulnerability CVE-2026-41100 Spoofing Microsoft 365 Copilot for Android Spoofing Vulnerability CVE-2026-41097 Security Feature Bypass Secure Boot Security Feature Bypass Vulnerability CVE-2026-41096 Remote Code Execution Windows DNS Client Remote Code Execution Vulnerability CVE-2026-41095 Elevation of Privilege Data Deduplication Elevation of Privilege Vulnerability CVE-2026-41094 Remote Code Execution Microsoft Data Formulator Remote Code Execution Vulnerability CVE-2026-41089 Remote Code Execution Windows Netlogon Remote Code Execution Vulnerability CVE-2026-41088 Elevation of Privilege Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-41086 Elevation of Privilege Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability CVE-2026-40421 Information Disclosure Microsoft Word Information Disclosure Vulnerability CVE-2026-40420 Elevation of Privilege Microsoft Office Click-To-Run Elevation of Privilege Vulnerability CVE-2026-40419 Elevation of Privilege Microsoft Office Click-To-Run Elevation of Privilege Vulnerability CVE-2026-40418 Elevation of Privilege Microsoft Office Click-To-Run Elevation of Privilege Vulnerability CVE-2026-40417 Elevation of Privilege Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability CVE-2026-40415 Remote Code Execution Windows TCP/IP Remote Code Execution Vulnerability CVE-2026-40414 Denial of Service Windows TCP/IP Denial of Service Vulnerability CVE-2026-40413 Denial of Service Windows TCP/IP Denial of Service Vulnerability CVE-2026-40410 Elevation of Privilege Windows SMB Client Elevation of Privilege Vulnerability CVE-2026-40408 Elevation of Privilege Windows WAN ARP Driver Elevation of Privilege Vulnerability CVE-2026-40407 Elevation of Privilege Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2026-40406 Information Disclosure Windows TCP/IP Information Disclosure Vulnerability CVE-2026-40405 Denial of Service Windows TCP/IP Denial of Service Vulnerability CVE-2026-40403 Remote Code Execution Windows Graphics Component Remote Code Execution Vulnerability CVE-2026-40402 Elevation of Privilege Windows Hyper-V Elevation of Privilege Vulnerability CVE-2026-40401 Denial of Service Windows TCP/IP Denial of Service Vulnerability CVE-2026-40399 Elevation of Privilege Windows TCP/IP Elevation of Privilege Vulnerability CVE-2026-40398 Elevation of Privilege Windows Remote Desktop Services Elevation of Privilege Vulnerability CVE-2026-40397 Elevation of Privilege Windows Common Log File System Driver Elevation of Privilege Vulnerability CVE-2026-40382 Elevation of Privilege Windows Telephony Service Elevation of Privilege Vulnerability CVE-2026-40381 Elevation of Privilege Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2026-40380 Remote Code Execution Windows Volume Manager Extension Driver Remote Code Execution Vulnerability CVE-2026-40377 Elevation of Privilege Microsoft Cryptographic Services Elevation of Privilege Vulnerability CVE-2026-40374 Information Disclosure Microsoft Power Automate Desktop Information Disclosure Vulnerability CVE-2026-40370 Remote Code Execution SQL Server Remote Code Execution Vulnerability CVE-2026-40369 Elevation of Privilege Windows Kernel Elevation of Privilege Vulnerability CVE-2026-40368 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-40367 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability CVE-2026-40366 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability CVE-2026-40365 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-40364 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability CVE-2026-40363 Remote Code Execution Microsoft Office Remote Code Execution Vulnerability CVE-2026-40362 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability CVE-2026-40361 Remote Code Execution Microsoft Word Remote Code Execution Vulnerability CVE-2026-40360 Information Disclosure Microsoft Excel Information Disclosure Vulnerability CVE-2026-40359 Remote Code Execution Microsoft Excel Remote Code Execution Vulnerability CVE-2026-40358 Remote Code Execution Microsoft Office Remote Code Execution Vulnerability CVE-2026-40357 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-35440 Information Disclosure Microsoft Word Information Disclosure Vulnerability CVE-2026-35439 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-35438 Elevation of Privilege Windows Admin Center Elevation of Privilege Vulnerability CVE-2026-35436 Elevation of Privilege Microsoft Office Click-To-Run Elevation of Privilege Vulnerability CVE-2026-35433 Elevation of Privilege .NET Elevation of Privilege Vulnerability CVE-2026-35424 Denial of Service Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability CVE-2026-35423 Information Disclosure Windows 11 Telnet Client Information Disclosure Vulnerability CVE-2026-35422 Security Feature Bypass Windows TCP/IP Driver Security Feature Bypass Vulnerability CVE-2026-35421 Remote Code Execution Windows GDI Remote Code Execution Vulnerability CVE-2026-35420 Elevation of Privilege Windows Kernel Elevation of Privilege Vulnerability CVE-2026-35419 Information Disclosure Windows DWM Core Library Information Disclosure Vulnerability CVE-2026-35418 Elevation of Privilege Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2026-35417 Elevation of Privilege Windows Win32k Elevation of Privilege Vulnerability CVE-2026-35416 Elevation of Privilege Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-35415 Elevation of Privilege Windows Storage Spaces Controller Elevation of Privilege Vulnerability CVE-2026-34351 Elevation of Privilege Windows TCP/IP Elevation of Privilege Vulnerability CVE-2026-34350 Denial of Service Windows Storport Miniport Driver Denial of Service Vulnerability CVE-2026-34347 Elevation of Privilege Windows Win32k Elevation of Privilege Vulnerability CVE-2026-34345 Elevation of Privilege Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-34344 Elevation of Privilege Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability CVE-2026-34343 Elevation of Privilege Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability CVE-2026-34342 Elevation of Privilege Windows Print Spooler Elevation of Privilege Vulnerability CVE-2026-34341 Elevation of Privilege Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability CVE-2026-34340 Elevation of Privilege Windows Projected File System Elevation of Privilege Vulnerability CVE-2026-34339 Denial of Service Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability CVE-2026-34338 Elevation of Privilege Windows Telephony Service Elevation of Privilege Vulnerability CVE-2026-34337 Elevation of Privilege Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2026-34336 Information Disclosure Windows DWM Core Library Information Disclosure Vulnerability CVE-2026-34334 Elevation of Privilege Windows TCP/IP Elevation of Privilege Vulnerability CVE-2026-34333 Elevation of Privilege Windows Win32k Elevation of Privilege Vulnerability CVE-2026-34332 Remote Code Execution Windows Kernel-Mode Driver Remote Code Execution Vulnerability CVE-2026-34331 Elevation of Privilege Win32k Elevation of Privilege Vulnerability CVE-2026-34330 Elevation of Privilege Win32k Elevation of Privilege Vulnerability CVE-2026-34329 Remote Code Execution Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2026-33841 Elevation of Privilege Windows Kernel Elevation of Privilege Vulnerability CVE-2026-33840 Elevation of Privilege Win32k Elevation of Privilege Vulnerability CVE-2026-33839 Elevation of Privilege Win32k Elevation of Privilege Vulnerability CVE-2026-33838 Elevation of Privilege Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability CVE-2026-33837 Elevation of Privilege Windows TCP/IP Local Elevation of Privilege Vulnerability CVE-2026-33835 Elevation of Privilege Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability CVE-2026-33834 Elevation of Privilege Windows Event Logging Service Elevation of Privilege Vulnerability CVE-2026-33833 Spoofing Azure Machine Learning Notebook Spoofing Vulnerability CVE-2026-33117 Security Feature Bypass Azure SDK for Java Security Feature Bypass Vulnerability CVE-2026-33112 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-33110 Remote Code Execution Microsoft SharePoint Server Remote Code Execution Vulnerability CVE-2026-32209 Security Feature Bypass Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability CVE-2026-32204 Elevation of Privilege Azure Monitor Agent Elevation of Privilege Vulnerability CVE-2026-32185 Spoofing Microsoft Teams Spoofing Vulnerability CVE-2026-32177 Elevation of Privilege .NET Elevation of Privilege Vulnerability CVE-2026-32175 Tampering .NET Core Tampering Vulnerability CVE-2026-32170 Elevation of Privilege Windows Rich Text Edit Elevation of Privilege Vulnerability CVE-2026-32161 Remote Code Execution Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability CVE-2026-21530 Elevation of Privilege Windows Rich Text Edit Elevation of Privilege Vulnerability CVE-2025-54518 Elevation of Privilege AMD: CVE-2025-54518 CPU OP Cache Corruption Other Patch Tuesday Updates Fortinet Patches Five Vulnerabilities Across FortiAP, FortiOS, and Enterprise Products Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges SAP Patches Critical SQL injection Vulnerability in SAP S/4HANA Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News Hackers Use PlugX-Like DLL Sideloading Chain in Fake Claude Malware Campaign Trellix Breach – RansomHouse Claims Access to Parts of Source Code Zoom Rooms and Workplace Vulnerabilities Allow Attackers to Escalate Privileges New Phishing-to-RMM Attacks: How Analysts Can Detect Trusted-Tool Abuse Early  DarkMoon AI-Powered Autonomous Penetration Testing Platform With 50+ Tools Latest News Cyber Security Critical Fortinet FortiSandbox Vulnerability Enables Code Execution Attacks Cyber Security News Open WebUI Vulnerability via File Upload Leads to 1-Click RCE Attack Cyber Security News Ivanti Patches Multiple Vulnerabilities in Secure Access, Xtraction, vTM and Endpoint Manager ANY.RUN No Blind Spots: How Top MSSPs Prevent Incidents withLive Threat Visibility Cyber Security News Threat Actors Leverage Vercel’s AI Tools to Mass‑Produce Realistic Phishing Sites