Back

Microsoft May 2026 Patch Tuesday Addresses 137 Vulnerabilities

Severity: Medium (Score: 57.9)

Sources: Isc.Sans.Edu, Bleepingcomputer, Cybersecuritynews, Blog.Talosintelligence, www.amd.com

Summary

On May 12, 2026, Microsoft released its monthly Patch Tuesday update, addressing 137 vulnerabilities across various products, including 31 marked as critical. Notably, 16 of these critical vulnerabilities are remote code execution (RCE) flaws affecting Microsoft Windows services and applications. CVE-2026-32161 is a critical use-after-free vulnerability in the Windows Native WiFi Miniport Driver, while CVE-2026-40365 affects Microsoft SharePoint, allowing unauthorized code execution. Other significant vulnerabilities include multiple flaws in Microsoft Office and Word that could be exploited through malicious files. No zero-day vulnerabilities were reported in this release, and Microsoft has not observed any of the vulnerabilities being actively exploited in the wild. The update emphasizes the importance of applying patches promptly to mitigate potential risks. Key Points: • Microsoft's May 2026 Patch Tuesday fixes 137 vulnerabilities, including 31 critical flaws. • 16 critical RCE vulnerabilities are present, affecting Windows and Microsoft Office products. • No zero-day vulnerabilities were disclosed or actively exploited in this update.

Key Entities

  • Supply Chain Attack (attack_type)
  • Zero-day Exploit (attack_type)
  • Microsoft (company)
  • Azure (company)
  • Microsoft Azure (company)
  • CVE-2025-54518 (cve)
  • CVE-2026-32161 (cve)
  • CVE-2026-33109 (cve)
  • CVE-2026-33844 (cve)
  • CVE-2026-35421 (cve)
  • CWE-120 - Classic Buffer Overflow (cwe)
  • Cwe-122 - Heap-based Buffer Overflow (cwe)
  • CWE-200 - Exposure of Sensitive Information (cwe)
  • CWE-269 - Improper Privilege Management (cwe)
  • Cwe-416 - Use After Free (cwe)
  • sans.edu (domain)
  • T1021 - Remote Services (mitre_attack)
  • T1068 - Exploitation for Privilege Escalation (mitre_attack)
  • T1195 - Supply Chain Compromise (mitre_attack)
  • T1203 - Exploitation for Client Execution (mitre_attack)
  • Chromium (platform)
  • Confluence (platform)
  • Copilot (platform)
  • Excel (platform)
  • JIRA (platform)
  • Microsoft Teams (tool)
  • Remote Desktop (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed