Microsoft Patch Tuesday May 2026

The May 12, 2026 Patch Tuesday presents a notable characteristic. Depending on the methodologies used, Microsoft published fixes for 118 to 138 vulnerabilities, including 16 flagged as critical by Tenable and 31 critical entries according to the Talos Intelligence breakdown (which includes slightly different classifications). The breakdown by impact type yields 48.3% privilege escalations, followed by 24.6% remote code executions. But the central piece of data lies elsewhere: for the first time since June 2024, none of the patched vulnerabilities were actively exploited in the wild or publicly disclosed at the time of the Patch Tuesday (1)(2)(3).

This absence of a zero-day breaks a sequence of 23 consecutive months, confirmed by Tenable, ZDI and Qualys. Dustin Childs of the Zero Day Initiative summarizes the situation by noting that none of the bugs patched by Microsoft this month are listed as publicly known or under active attack (4). AP7i describes this lull as a rare window allowing administrators to patch without an in-the-wild clock running on a specific CVE.

The observation, however, requires qualification. The absence of a zero-day does not mean the absence of immediate risk. Three RCEs at CVSS 9.8 or higher exploitable without authentication appear in the critical queue, in structuring subsystems: Netlogon, the DNS Client, and Microsoft Dynamics 365. ZDI flags two of them as potentially wormable. As Jason Kikta of Automox notes, half-patched Active Directory forests do not constitute a defensible state in the face of an unauthenticated vulnerability on domain controllers (5).

The discrepancy between the CVE count reported by different sources (118 at Tenable, 120 at BleepingComputer and Cybersecurity News, 137 to 138 at ZDI and The Hacker News) is explained by methodological choices of inclusion or exclusion. Tenable explicitly excludes CVE-2025-54518, the AMD Zen 2 opcode cache vulnerability for which Microsoft relayed the advisory but which is governed by AMD. ZDI includes peripheral product fixes (Edge Chromium-based, Visual Studio extensions, etc.) that are not systematically counted. The 118 to 138 range therefore reflects a factual consensus on the same release, simply counted differently (6).

Three vulnerabilities at CVSS 9.8 or higher, exploitable without authentication over the network, dominate the month’s operational priorities. Each targets an infrastructure component used at scale.

CVE-2026-41089: Windows Netlogon

CVE-2026-41089 is a stack-based buffer overflow in Windows Netlogon, the Windows Server process used for authentication within a domain. The CVSS 3.1 score is 9.8, rated as critical. A remote, unauthenticated attacker can exploit this flaw by sending a specially crafted network request to a Windows server acting as a domain controller, triggering the stack overflow and allowing code execution on the affected system (1)(2).

Microsoft assessed exploitation as Exploitation Less Likely, but this qualification is contested by several external analysts. Adam Barnett of Rapid7 notes that anyone who remembers CVE-2020-1472, aka ZeroLogon, will note that CVE-2026-41089 offers an attacker more immediate control of a domain controller than the 2020 vulnerability. Childs at ZDI flags the flaw as wormable and summarizes: a compromised domain controller is a compromised domain. No privileges or user interaction are required. Attack complexity is low (4)(5)(7).

Domain controllers are priority items in the remediation queue. Beyond patching, restricting Netlogon traffic at the network layer is recommended. Domain controllers should not accept Netlogon traffic from arbitrary segments.

CVE-2026-41096: Windows DNS Client

CVE-2026-41096 is a heap-based buffer overflow in the Windows DNS Client. The CVSS 3.1 score is also 9.8, rated as critical. An attacker can exploit this vulnerability by sending a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. In certain configurations, this could allow remote code execution without authentication (2)(8).

Affected versions include Windows 11, Windows Server 2022 and Windows Server 2025 (9). Exploitation requires either a man-in-the-middle position on DNS traffic or a rogue DNS server. This operational condition limits exploitation to scenarios where the attacker can control the DNS responses received by the target, but the attack surface remains substantial. Any Windows machine accepting a DNS response from a potentially compromised server or from an untrusted network is exposed.

CVE-2026-42898: Microsoft Dynamics 365 (on-premises)

CVE-2026-42898 is a code injection vulnerability in Microsoft Dynamics 365 on-premises. The CVSS 3.1 score is 9.9. A low-privileged authenticated attacker can execute code beyond their normal scope. The CVE is flagged as a scope-change vulnerability, meaning that exploitation modifies the control perimeter beyond the initial scope of the attacker’s account (2).

This characteristic makes blast-radius testing particularly important before deployment, as AP7i underscores (4). Organizations operating Dynamics 365 on-premises should validate post-patch behavior in a pre-production environment before going live, due to the risk of functional regression on cross-tenant permissions.

Four critical RCEs affect Microsoft Office Word this month. CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 all receive a CVSS 3.1 score of 8.4 and are rated critical by Microsoft. The first two, CVE-2026-40361 (use-after-free in wwlib.dll) and CVE-2026-40364 (type confusion), are assessed as Exploitation More Likely, meaning that Microsoft anticipates a functional PoC within thirty days (1)(2)(10).

The structuring element for these four vulnerabilities is common: Microsoft explicitly confirms in its advisory that the Reading Pane in Outlook and the Preview Pane in Windows File Explorer constitute an attack vector for each. Exploitation does not require opening the document. Simply rendering a malicious email in the Reading Pane, or simply browsing a directory containing a booby-trapped document in Explorer with the Preview Pane enabled, is sufficient to trigger memory corruption.

This class of attack has been analyzed in depth in a dedicated article on this blog regarding CVE-2026-40361 specifically, after its discoverer Haifei Li, founder of the EXPMON system and previously responsible for the discovery of BadWinmail in 2015. Applicable mitigations include immediate deployment of the Patch Tuesday, enabling plain text rendering in Outlook via GPO, disabling the Reading Pane on high-risk user profiles, and activating the Microsoft Defender for Endpoint ASR rules blocking the creation of child processes by Office applications (11).

CVE-2026-41103: Microsoft SSO Plugin for Jira and Confluence

CVE-2026-41103 is a critical privilege escalation affecting the Microsoft Single-Sign-On Plugin for Jira and Confluence. The CVSS 3.1 score is 9.1, with Microsoft’s assessment Exploitation More Likely. An unauthorized attacker can exploit this vulnerability during the login process by sending a specially crafted response message. Successful exploitation allows the attacker to sign in using a forged identity without Microsoft Entra ID authentication, accessing or modifying data in Jira and Confluence according to the permissions of the impersonated user (1)(7).

Adam Barnett of Rapid7 notes a peculiar detail in the MSRC advisory. The patch links point to plugin versions published in 2024. This observation raises an operational question: organizations that have not migrated beyond these plugin versions may find themselves in a difficult remediation situation, either because the corrective versions are old, or because the plugin patching chain has diverged from the MSRC calendar (7).

The operational perimeter concerns all organizations operating Atlassian Jira or Confluence in self-hosted mode with the Microsoft SSO plugin for Entra ID. Atlassian cloud deployments, which use different authentication mechanisms, are not concerned.

Two critical RCEs target classic isolation boundaries and deserve specific attention for multi-tenant environments.

CVE-2026-40402: Windows Hyper-V Guest-to-Host Escape

CVE-2026-40402 is a use-after-free vulnerability in Windows Hyper-V. The CVSS 3.1 score is 9.3. An attacker with access in a guest virtual machine can exploit this flaw to escape to the host environment and obtain SYSTEM privileges on the Hyper-V host (2)(9).

Exploitation, as documented by IT-Connect, relies on reading arbitrary kernel memory addresses on the host from the guest, generally resulting in a host crash (denial of service). However, by targeting certain specific hardware device registers, an escape from the isolated environment (VM escape) with acquisition of SYSTEM privileges on the host system becomes possible (9).

For multi-tenant environments running untrusted workloads (hosting providers, virtual desktop providers, malware analyst test environments, DFIR labs), this vulnerability should be treated as priority. Compromising the guest-to-host boundary invalidates the isolation assumptions on which resource pooling rests.

CVE-2026-32161: Windows Native WiFi Miniport Driver

CVE-2026-32161 is a use-after-free vulnerability combined with a race condition in the Windows Native WiFi Miniport driver. An attacker on an adjacent network can execute code on the target by exploiting the race condition (8)(12).

Attack complexity is rated high, which reduces the probability of opportunistic exploitation. Nevertheless, mobile workstations using Wi-Fi in shared environments (conference rooms, coworking spaces, trade shows, public transit) remain within the exposure perimeter. For high-risk profiles, disabling Wi-Fi on machines when a wired connection is available remains a relevant hardening measure.

Privilege escalations represent 48.3% of the vulnerabilities patched this month, making it the dominant class. This proportion reflects a structural trend observable over several months: EoP has become the post-compromise step of choice in modern attack doctrine. Initial exploitation (phishing, application vulnerability exposed on the Internet) provides an unprivileged local access, which an EoP chain then transforms into SYSTEM access, then lateral movement.

Three Windows kernel EoPs are worth flagging in the May rollup. CVE-2026-33841, CVE-2026-35420 and CVE-2026-40369 all receive a CVSS 3.1 score of 7.8 and are rated important. CVE-2026-33841 and CVE-2026-40369 are assessed as Exploitation More Likely. For these three CVEs, a local attacker can elevate their privileges to SYSTEM, or to a Medium or High integrity level in the case of CVE-2026-33841. Tenable notes that these three vulnerabilities bring to thirteen the number of Windows kernel EoPs disclosed since the beginning of 2026 (1).

Other EoPs deserve specific mention. CVE-2026-40397 affects the Windows Common Log File System (CLFS) driver. CLFS is a recurring SYSTEM-level escalation primitive, exploited several times in-the-wild in recent years. Microsoft assesses CVE-2026-40397 as Exploitation More Likely, which places this CVE at the top of the queue for teams tracking ransomware exploitation patterns (12). CVE-2026-40398 affects Remote Desktop Services. CVE-2026-33837 targets the TCP/IP stack locally. CVE-2026-33840, CVE-2026-35417 and the Win32k series form a classic group of graphics-stack EoPs.

CVE-2026-33835: Windows Cloud Files Mini Filter Driver

CVE-2026-33835 specifically affects the cldflt.sys driver, the Windows Cloud Files Mini Filter Driver. The vulnerability is classified as privilege escalation and rated important. The component is loaded by default on all modern Windows installations, regardless of whether OneDrive is actually present.

This patch is part of an ongoing series. Four major CVEs have been published on this driver in 18 months: CVE-2025-55680 in October 2025 (TOCTOU bypass of CVE-2020-17136 discovered by Exodus Intelligence in March 2024), CVE-2025-62221 in December 2025 (use-after-free, 0-day exploited in-the-wild), and now CVE-2026-33835 in the May 2026 Patch Tuesday.

Beyond cldflt.sys, other patches in the May rollup belong to vulnerability families worth monitoring. CVE-2026-33837 on TCP/IP is part of an ongoing series of flaws in the network stack. CVE-2026-35416 on the Ancillary Function Driver for WinSock (AFD.sys) extends a historical series of EoPs exploited by ransomware operators, in particular in the Cuba and Conti chains. CVE-2026-40403 on the Win32K GRFX component is the subject of a specific mention in section 6.

A discrete but structuring editorial signal emerges from the May rollup. Adam Barnett of Rapid7 observes that the Microsoft WARP team is credited for several critical vulnerabilities this month, after a first appearance in the MSRC acknowledgments of the April Patch Tuesday (7). The exact identity and mandate of this team are not the subject of detailed communication from Microsoft, but Barnett raises the hypothesis that the WARP team holds deep expertise in the current state of AI-assisted vulnerability research as applied to Microsoft products.

A second observation, reported by IT-Connect, confirms this reading. CVE-2026-40403, a vulnerability in the Win32K GRFX component, is explicitly marked as partly discovered with the help of Claude in the attribution notes (9). This is, to the author’s knowledge, the first explicit credit to an AI assistant in an MSRC advisory.

This mention joins a converging set of indicators on the industrialization of AI-assisted vulnerability research within major vendors. Mozilla published on May 12, 2026 an analysis documenting 271 vulnerabilities identified in Firefox over two months thanks to Anthropic Mythos, with a false-positive rate described as near zero. On the Linux side, the Sysdig hypothesis regarding Dirty Frag suggests that the time elapsed between the introduction of flaws in 2017 or 2023 and their recent discovery implies the use of AI-assisted analysis tools. The Copy Fail, Dirty Frag, Fragnesia, ssh-keysign-pwn sequence fits within this dynamic (14)(15).

For CTI teams, this transition is structuring. The rarity of discovery, the implicit hypothesis underpinning the responsible disclosure doctrine for thirty years, is giving way. Simon Kelley of the dnsmasq project stated this publicly on May 11, 2026 in his announcement of six simultaneous CVEs. The May 2026 Patch Tuesday, with its unusual concentration of critical issues on historically audited components (Netlogon, DNS Client, Hyper-V), can be read as a collateral effect of the same dynamic on the vendor side.

For CERT, CSIRT, VOC and CISO teams, May 2026 Patch Tuesday prioritization is organized in four tiers.

First tier, immediate on domain controllers. CVE-2026-41089 on Netlogon must be deployed in the same maintenance window across all DCs in a forest. As Jason Kikta points out, a half-patched forest in the face of a pre-authentication bug on a DC is not a defensible state. As a complement, hardening Netlogon filtering at the network layer to restrict Netlogon traffic acceptance to legitimate segments.

Second tier, priority on Windows endpoint and server fleets. CVE-2026-41096 on the DNS Client concerns virtually every Windows machine. Wide-stage deployment via WSUS, Intune or SCCM channels. CVE-2026-40361, CVE-2026-40364, CVE-2026-40366 and CVE-2026-40367 on Microsoft Word, to push in parallel with the OS cumulative. Enabling plain text rendering in Outlook and Defender for Endpoint ASR rules on high-risk populations while waiting for full patch propagation.

Third tier, priority on virtualized environments. CVE-2026-40402 on Hyper-V must be treated as a critical patch for any Hyper-V host hosting untrusted guests. CVE-2026-42898 on Dynamics 365 on-premises requires blast-radius validation in pre-production before deployment, due to the scope-change nature of the vulnerability.

Fourth tier, important on application fleets. CVE-2026-41103 on the Jira and Confluence SSO plugin concerns Atlassian self-hosted deployments using Entra ID. CVE-2026-33841 and CVE-2026-40369 on the Windows kernel, to push via the OS cumulative. CVE-2026-33835 on the Cloud Files Mini Filter driver, while monitoring the evolution of the MiniPlasma affair to adjust posture if needed.

Secure Boot UEFI CA 2023 timeline

Beyond the May Patch Tuesday, a deadline is approaching for teams operating Windows fleets. The transition to the Windows UEFI CA 2023 certificate, necessary for the Secure Boot boot sequence on future updates, falls in approximately 45 days from May 12, 2026, that is late June 2026. AP7i recommends verifying that the certificate is present on every device before this deadline (4).

Without deployment of the 2023 certificate, Windows domain systems and certain Linux distributions using the Shim loader will no longer receive boot sequence updates. This migration, planned long in advance by Microsoft following the scheduled expiration of PCA 2011, deserves particular attention on laptop and desktop fleets whose BIOS update coverage may be uneven.

Anticipating the June 2026 Patch Tuesday

The June 10, 2026 Patch Tuesday will likely receive particular attention for several converging reasons. Researcher Chaotic Eclipse has announced a new public disclosure for this date. The MiniPlasma publication of May 15, 2026 awaits a fix, expected in June if Microsoft confirms the vulnerability. CVE-2026-31431 (Copy Fail), listed in the CISA KEV catalog with a federal deadline of May 15, will continue to attract attention. The remediation calendar for the critical 9.8 CVEs of May (Netlogon, DNS Client, Dynamics 365) will typically extend over four to six weeks, overlapping the next Patch Tuesday. CERT teams should anticipate a dense maintenance window in June 2026.

A statistical lull does not mean an operational lull. The May 2026 Patch Tuesday, in the apparent absence of a zero-day, remains one of the heaviest months in critical unauthenticated RCEs of the year. For defenders, the absence of an exploitation clock on a specific CVE offers a rare window to patch without incident pressure, provided that window is leveraged. As AP7i summarizes, the three CVSS 9.8 or higher of this month deserve the same urgency as if one of them were already being exploited.