2026-May-Security-Update

2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately

by

Key Takeaways

  • May 2026 Patch Tuesday fixes several Critical security vulnerabilities in Windows, Office, SharePoint, DNS, and WiFi components.
  • Many vulnerabilities are related to Elevation of Privilege, which attackers can use to gain higher access on compromised devices.
  • Microsoft Office, Word, Excel, and SharePoint received important Remote Code Execution security fixes and should be patched quickly.
  • Windows networking components like TCP/IP, SMB, DNS Client, and Netlogon also received important security updates.
  • No zero-day vulnerabilities are currently reported as exploited, but admins should deploy updates as soon as possible to reduce security risks.

2026 May Security Update! Microsoft released the May 2026 Patch Tuesday security updates with fixes for 120 vulnerabilities and no publicly disclosed zero-day vulnerabilities. This month’s release includes 17 Critical vulnerabilities, including 14 Remote Code Execution (RCE) flaws, 2 Elevation of Privilege vulnerabilities, and 1 Information Disclosure vulnerability.

Table of Content

2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately

The updates also address multiple security issues across Windows, Microsoft Office, SharePoint, SQL Server, Hyper-V, TCP/IP, DNS Client, and other core Microsoft products and services. Organisations are recommended to prioritise testing and deploying these updates quickly to reduce potential security risks.

Critical and High-Risk Vulnerabilities
61 Elevation of Privilege Vulnerabilities
6 Security Feature Bypass Vulnerabilities
31 Remote Code Execution Vulnerabilities
14 Information Disclosure Vulnerabilities
8 Denial of Service Vulnerabilities
13 Spoofing Vulnerabilities
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Table 1
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.1
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.1

Elevation of Privilege Vulnerabilities

The May 2026 Patch Tuesday release includes a large number of Elevation of Privilege (EoP) vulnerabilities affecting Windows Kernel, Win32k, TCP/IP, Hyper-V, SMB, Telephony Service, Office Click-To-Run, Azure services, .NET, Visual Studio Code, and other core Microsoft components. These vulnerabilities could allow attackers to gain higher system privileges after initially accessing a device or environment.

  • CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability
  • CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
  • CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
  • CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
  • CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
  • CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
  • CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability
  • CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
  • CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
  • CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
  • CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
  • CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
  • CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
  • CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
  • CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
  • CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
  • CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
  • CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
  • CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
  • CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
  • CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
  • CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
  • CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
  • CVE-2026-35433 .NET Elevation of Privilege Vulnerability
  • CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  • CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
  • CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
  • CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
  • CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
  • CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
  • CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
  • CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
  • CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
  • CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
  • CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
  • CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  • CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
  • CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
  • CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
  • CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
  • CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
  • CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
  • CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
  • CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
  • CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
  • CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
  • CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
  • CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
  • CVE-2026-32177 .NET Elevation of Privilege Vulnerability
  • CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
  • CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
  • CVE-2025-54518 AMD: CVE-2025-54518 CPU OP Cache Corruption
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.2
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.2

Security Feature Bypass Vulnerabilities

The May 2026 Patch Tuesday updates also fix several Security Feature Bypass vulnerabilities affecting Visual Studio Code, GitHub Copilot, Secure Boot, Windows TCP/IP Driver, Azure SDK for Java, and Windows Filtering Platform (WFP). These vulnerabilities could allow attackers to bypass important security protections and safeguards built into Windows and Microsoft applications.

Patch My PC
  • CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
  • CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
  • CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
  • CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
  • CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
  • CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.3
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.3

Remote Code Execution Vulnerabilities

The May 2026 Patch Tuesday release includes multiple Remote Code Execution (RCE) vulnerabilities affecting Microsoft Dynamics 365 On-Premises, Microsoft Office, Visual Studio Code, and Windows DNS Client. These vulnerabilities could allow attackers to run malicious code on affected systems, potentially leading to system compromise, data theft, or further attacks across the network.

  • CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
  • CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
  • CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
  • CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
  • CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
  • CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
  • CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
  • CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
  • CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
  • CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
  • CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
  • CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
  • CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
  • CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
  • CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
  • CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
  • CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
  • CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
  • CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
  • CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
  • CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.4
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.4

Information Disclosure Vulnerabilities

The May 2026 Patch Tuesday updates fix several Information Disclosure vulnerabilities affecting Visual Studio Code, Microsoft Word, Excel, Windows TCP/IP, Power Automate Desktop, Windows 11 Telnet Client, and Windows DWM Core Library.

  • CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
  • CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
  • CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
  • CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
  • CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
  • CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
  • CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
  • CVE-2026-35419 Windows DWM Core Library Information Disclosure  Vulnerability
  • CVE-2026-34336 Windows DWM Core Library Information Disclosure  Vulnerability
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.5
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.5

Denial of Service Vulnerabilities

The May 2026 Patch Tuesday release includes several Denial of Service (DoS) vulnerabilities affecting ASP.NET Core, Windows TCP/IP, Internet Key Exchange (IKE), LDAP, and Windows storage drivers. These vulnerabilities could allow attackers to disrupt services, crash systems, or make applications and network services temporarily unavailable.

  • CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability
  • CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
  • CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
  • CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
  • CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
  • CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
  • CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
  • CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.6
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.6

Spoofing Vulnerabilities

The May 2026 Patch Tuesday updates also address several Spoofing vulnerabilities affecting Microsoft Office, Microsoft Teams, Microsoft 365 Copilot, PowerPoint for Android, Word for Android, and Azure Machine Learning Notebook. These vulnerabilities could allow attackers to impersonate trusted users, applications, or services to trick users into opening malicious content or sharing sensitive information.

2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.7
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.7

May 2026 Patch Tuesday Security Updates

Microsoft released the May 2026 Patch Tuesday security updates with fixes for multiple vulnerabilities affecting Windows, Microsoft Office, SharePoint, SQL Server, Azure services, and other Microsoft products. The list below includes all resolved vulnerabilities covered in this month’s security release.

CVE IDCVE TitleSeverity
CVE-2026-35433.NET Elevation of Privilege VulnerabilityImportant
CVE-2026-32177.NET Elevation of Privilege VulnerabilityImportant
CVE-2026-32175.NET Core Tampering VulnerabilityImportant
CVE-2025-54518AMD: CVE-2025-54518 CPU OP Cache CorruptionImportant
CVE-2026-42899ASP.NET Core Denial of Service VulnerabilityImportant
CVE-2026-40381Azure Connected Machine Agent Elevation of Privilege VulnerabilityImportant
CVE-2026-42823Azure Logic Apps Elevation of Privilege VulnerabilityImportant
CVE-2026-33833Azure Machine Learning Notebook Spoofing VulnerabilityImportant
CVE-2026-32204Azure Monitor Agent Elevation of Privilege VulnerabilityImportant
CVE-2026-42830Azure Monitor Agent Metrics Extension Elevation of Privilege VulnerabilityImportant
CVE-2026-33117Azure SDK for Java Security Feature Bypass VulnerabilityImportant
CVE-2026-41095Data Deduplication Elevation of Privilege VulnerabilityImportant
CVE-2026-40417Microsoft Dynamics 365 Business Central Elevation of Privilege VulnerabilityImportant
CVE-2026-41109GitHub Copilot and Visual Studio Code Security Feature Bypass VulnerabilityImportant
CVE-2026-41100Microsoft 365 Copilot for Android Spoofing VulnerabilityImportant
CVE-2026-42893Microsoft Outlook for iOS Tampering VulnerabilityImportant
CVE-2026-26164M365 Copilot Information Disclosure VulnerabilityCritical
CVE-2026-41614M365 Copilot for Desktop Spoofing VulnerabilityImportant
CVE-2026-41094Microsoft Data Formulator Remote Code Execution VulnerabilityImportant
CVE-2026-42898Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityCritical
CVE-2026-42833Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityImportant
CVE-2026-42832Microsoft Office Spoofing VulnerabilityImportant
CVE-2026-42831Microsoft Office Remote Code Execution VulnerabilityCritical
CVE-2026-40363Microsoft Office Remote Code Execution VulnerabilityCritical
CVE-2026-40419Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImportant
CVE-2026-40358Microsoft Office Remote Code Execution VulnerabilityCritical
CVE-2026-35436Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImportant
CVE-2026-40420Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImportant
CVE-2026-40418Microsoft Office Click-To-Run Elevation of Privilege VulnerabilityImportant
CVE-2026-40360Microsoft Excel Information Disclosure VulnerabilityImportant
CVE-2026-40362Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2026-40359Microsoft Excel Remote Code Execution VulnerabilityImportant
CVE-2026-41102Microsoft PowerPoint for Android Spoofing VulnerabilityImportant
CVE-2026-40368Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2026-35439Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2026-33112Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2026-40365Microsoft SharePoint Server Remote Code Execution VulnerabilityCritical
CVE-2026-40357Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2026-33110Microsoft SharePoint Server Remote Code Execution VulnerabilityImportant
CVE-2026-40361Microsoft Word Remote Code Execution VulnerabilityCritical
CVE-2026-40367Microsoft Word Remote Code Execution VulnerabilityCritical
CVE-2026-35440Microsoft Word Information Disclosure VulnerabilityImportant
CVE-2026-40421Microsoft Word Information Disclosure VulnerabilityImportant
CVE-2026-41101Microsoft Word for Android Spoofing VulnerabilityImportant
CVE-2026-40366Microsoft Word Remote Code Execution VulnerabilityCritical
CVE-2026-40364Microsoft Word Remote Code Execution VulnerabilityCritical
CVE-2026-41103Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege VulnerabilityCritical
CVE-2026-32185Microsoft Teams Spoofing VulnerabilityImportant
CVE-2026-41096Windows DNS Client Remote Code Execution VulnerabilityCritical
CVE-2026-40374Microsoft Power Automate Desktop Information Disclosure VulnerabilityImportant
CVE-2026-40370SQL Server Remote Code Execution VulnerabilityImportant
CVE-2026-35423Windows 11 Telnet Client Information Disclosure VulnerabilityImportant
CVE-2026-41613Visual Studio Code Elevation of Privilege VulnerabilityImportant
CVE-2026-41612Visual Studio Code Information Disclosure VulnerabilityImportant
CVE-2026-41610Visual Studio Code Security Feature Bypass VulnerabilityImportant
CVE-2026-41611Visual Studio Code Remote Code Execution VulnerabilityImportant
CVE-2026-41086Windows Admin Center in Azure Portal Elevation of Privilege VulnerabilityImportant
CVE-2026-35438Windows Admin Center Elevation of Privilege VulnerabilityImportant
CVE-2026-35416Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
CVE-2026-41088Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
CVE-2026-34345Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
CVE-2026-34344Windows Ancillary Function Driver for WinSock Elevation of Privilege VulnerabilityImportant
CVE-2026-34343Windows Application Identity (AppID) Subsystem Elevation of Privilege VulnerabilityImportant
CVE-2026-34337Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
CVE-2026-35418Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
CVE-2026-33835Windows Cloud Files Mini Filter Driver Elevation of Privilege VulnerabilityImportant
CVE-2026-40397Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2026-40407Windows Common Log File System Driver Elevation of Privilege VulnerabilityImportant
CVE-2026-40377Microsoft Cryptographic Services Elevation of Privilege VulnerabilityImportant
CVE-2026-34336Windows DWM Core Library Information Disclosure VulnerabilityImportant
CVE-2026-42896Windows DWM Core Library Elevation of Privilege VulnerabilityImportant
CVE-2026-35419Windows DWM Core Library Information Disclosure VulnerabilityImportant
CVE-2026-33834Windows Event Logging Service Elevation of Privilege VulnerabilityImportant
CVE-2026-32209Windows Filtering Platform (WFP) Security Feature Bypass VulnerabilityImportant
CVE-2026-35421Windows GDI Remote Code Execution VulnerabilityCritical
CVE-2026-40402Windows Hyper-V Elevation of Privilege VulnerabilityCritical
CVE-2026-35424Internet Key Exchange (IKE) Protocol Denial of Service VulnerabilityImportant
CVE-2026-40369Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2026-33841Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2026-35420Windows Kernel Elevation of Privilege VulnerabilityImportant
CVE-2026-34332Windows Kernel-Mode Driver Remote Code Execution VulnerabilityImportant
CVE-2026-40408Windows WAN ARP Driver Elevation of Privilege VulnerabilityImportant
CVE-2026-34339Windows Lightweight Directory Access Protocol (LDAP) Denial of Service VulnerabilityImportant
CVE-2026-34341Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege VulnerabilityImportant
CVE-2026-34329Microsoft Message Queuing (MSMQ) Remote Code Execution VulnerabilityImportant
CVE-2026-33838Windows Message Queuing (MSMQ) Elevation of Privilege VulnerabilityImportant
CVE-2026-32161Windows Native WiFi Miniport Driver Remote Code Execution VulnerabilityCritical
CVE-2026-41089Windows Netlogon Remote Code Execution VulnerabilityCritical
CVE-2026-34342Windows Print Spooler Elevation of Privilege VulnerabilityImportant
CVE-2026-34340Windows Projected File System Elevation of Privilege VulnerabilityImportant
CVE-2026-40398Windows Remote Desktop Services Elevation of Privilege VulnerabilityImportant
CVE-2026-21530Windows Rich Text Edit Elevation of Privilege VulnerabilityImportant
CVE-2026-32170Windows Rich Text Edit Elevation of Privilege VulnerabilityImportant
CVE-2026-41097Secure Boot Security Feature Bypass VulnerabilityImportant
CVE-2026-40410Windows SMB Client Elevation of Privilege VulnerabilityImportant
CVE-2026-35415Windows Storage Spaces Controller Elevation of Privilege VulnerabilityImportant
CVE-2026-34350Windows Storport Miniport Driver Denial of Service VulnerabilityImportant
CVE-2026-34351Windows TCP/IP Elevation of Privilege VulnerabilityImportant
CVE-2026-33837Windows TCP/IP Local Elevation of Privilege VulnerabilityImportant
CVE-2026-40406Windows TCP/IP Information Disclosure VulnerabilityImportant
CVE-2026-40414Windows TCP/IP Denial of Service VulnerabilityImportant
CVE-2026-34334Windows TCP/IP Elevation of Privilege VulnerabilityImportant
CVE-2026-40399Windows TCP/IP Elevation of Privilege VulnerabilityImportant
CVE-2026-35422Windows TCP/IP Driver Security Feature Bypass VulnerabilityImportant
CVE-2026-40413Windows TCP/IP Denial of Service VulnerabilityImportant
CVE-2026-40415Windows TCP/IP Remote Code Execution VulnerabilityImportant
CVE-2026-40401Windows TCP/IP Denial of Service VulnerabilityImportant
CVE-2026-40405Windows TCP/IP Denial of Service VulnerabilityImportant
CVE-2026-40382Windows Telephony Service Elevation of Privilege VulnerabilityImportant
CVE-2026-34338Windows Telephony Service Elevation of Privilege VulnerabilityImportant
CVE-2026-42825Windows Telephony Service Elevation of Privilege VulnerabilityImportant
CVE-2026-40380Windows Volume Manager Extension Driver Remote Code Execution VulnerabilityImportant
CVE-2026-33839Win32k Elevation of Privilege VulnerabilityImportant
CVE-2026-40403Windows Graphics Component Remote Code Execution VulnerabilityCritical
CVE-2026-34347Windows Win32k Elevation of Privilege VulnerabilityImportant
CVE-2026-34333Windows Win32k Elevation of Privilege VulnerabilityImportant
CVE-2026-34330Win32k Elevation of Privilege VulnerabilityImportant
CVE-2026-34331Win32k Elevation of Privilege VulnerabilityImportant
CVE-2026-35417Windows Win32k Elevation of Privilege VulnerabilityImportant
CVE-2026-33840Win32k Elevation of Privilege VulnerabilityImportant
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Table 2
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.8
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.8

Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability

CVE-2026-32161 is a Critical Remote Code Execution vulnerability affecting the Windows Native WiFi Miniport Driver. Microsoft released the security update on May 12, 2026, as part of Patch Tuesday. This vulnerability could allow an attacker to execute malicious code on a vulnerable system through specially crafted wireless network interactions.

2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.9
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.9

Critical Windows Netlogon Remote Code Execution Vulnerability CVE-2026-41089

Microsoft has released a security update for CVE-2026-41089, a Critical Remote Code Execution vulnerability affecting Windows Netlogon. The vulnerability was disclosed as part of the May 2026 Patch Tuesday updates and carries a high CVSS score of 9.8.

2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately - Fig.10
2026 May Security Update | Critical and High-Risk Vulnerabilities You Must Patch Immediately – Fig.10

Need Further Assistance or Have Technical Questions?

Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, join the WhatsApp Community  and the Whatsapp channel to get the latest news on Microsoft Technologies. We are there on Reddit as well

Author

Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM,  Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.

Leave a Comment