Other information and services of the government: www.belgium.be Centre for Cybersecurity Belgium

Warning: Microsoft Patch Tuesday May 2026 patches 118 vulnerabilities 16 Critical, 102 Important, patch immediately!!

Image
Decorative image
Published : 13/05/2026
  • Last Update: 13/05/2026

    * Affected products:
         → Multiple Microsoft products

    * Type: Several types, ranging from Information Disclosure to Remote Code Execution and Privilege Escalation.

    * CVE/CVSS:

Microsoft patched 118 vulnerabilities requiring action in its May 2026 Patch Tuesday release, 16 rated critical and 102 rated important. It marks the first time since June 2024 that no zero-days were exploited in the wild or publicly disclosed prior to release. Microsoft also addressed additional vulnerabilities in Microsoft Edge and cloud services where patching is handled automatically and republished one (1) AMD and 127 Chrome-sourced CVEs.

Number of CVE by type:
 
         →29 Remote Code Execution vulnerabilities
         →57 Elevation of Privilege vulnerabilities
         →9 Information Disclosure vulnerabilities
         →7 Spoofing vulnerabilities
         →8 Denial of Service vulnerabilities
         →6 Security Feature Bypass vulnerabilities
         →2 Tampering vulnerabilities

Sources

Microsoft - https://msrc.microsoft.com/update-guide/releaseNote/2026-May

Risks

Microsoft patched 118 vulnerabilities requiring action in its May 2026 Patch Tuesday release, 16 rated critical and 102 rated important.
It marks the first time since June 2024 that no zero-days were exploited in the wild or publicly disclosed prior to release. Twelve of those vulnerabilities were assessed as more likely to be exploited, making prompt patching a priority.

Description

Microsoft has released multiple patches for vulnerabilities covering a range of their products. These monthly releases are called “Patch Tuesday” and contain security fixes for Microsoft devices and software.

The CCB would like to point your attention to following vulnerabilities:

CVE-2026-41089: Windows Netlogon

Critical Remote Code Execution Vulnerability. To exploit this CVE, an attacker must send a specially crafted network request to a Windows server that is acting as a domain controller. If successful, this could cause the Netlogon service to improperly handle the request, potentially allowing the attacker to run code on the affected system with SYSTEM privileges.

Exploitation does not require any prior privileges or user interaction and can be executed remotely. Patches are available for all versions of Windows Server from 2012 onwards.

CVE-2026-41096: Windows DNS Client

Critical Remote Code Execution Vulnerability. An attacker could exploit this vulnerability by sending a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory. In certain configurations, this could allow the attacker to run code remotely on the affected system without authentication.

CVE-2026-41103: Microsoft SSO Plugin for Jira & Confluence (More likely to be exploited)

Critical Elevation of Privilege Vulnerability. Exploitation is possible by sending a specially crafted SSO response during the login process that tricks the system into accepting a forged identity, allowing the attacker to sign in without authenticating the user through Microsoft Entra ID.

This may allow the attacker to view or modify content and perform actions with the same permissions as the compromised account, based on the authorization levels defined for that user within the Jira or Confluence server.

Recommended Actions

Patch 
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect 
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/cert/report-incident.

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

Microsoft - https://msrc.microsoft.com/update-guide/vulnerability
Tenable - https://www.tenable.com/blog/microsofts-may-2026-patch-tuesday-addresses-118-cves-cve-2026-41103
Krebs On Security - https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/