patch tuesday

Microsoft disclosed CVE-2026-42830 on May 12, 2026, as an Important elevation-of-privilege vulnerability in the Azure Monitor Agent Metrics Extension, assigning it a CVSS score of 6.5 as part of the May Patch Tuesday security release. The bug is not the loudest item in this month’s bulletin, but...

Microsoft disclosed CVE-2026-41097 on May 12, 2026, as an Important Secure Boot security feature bypass affecting supported Windows client and server releases, with required security updates available and Microsoft saying the issue is not publicly disclosed or exploited. The vulnerability is not...

Microsoft disclosed CVE-2026-40418 on May 12, 2026, as an Important-rated elevation-of-privilege vulnerability in Microsoft Office Click-to-Run, listing it in the May Patch Tuesday security release with no public disclosure or known exploitation at release time and a CVSS base score of 7.8. That...

Microsoft disclosed CVE-2026-40413, a Windows TCP/IP denial-of-service vulnerability, in its May 12, 2026 Patch Tuesday release, rating it Important with a CVSS base score of 7.4 and listing no known public disclosure or exploitation at release. The dry wording hides the real operational point...

Microsoft disclosed CVE-2026-40403 on May 12, 2026, as a critical Windows Graphics Component remote code execution vulnerability in Win32K-GRFX, caused by a heap-based buffer overflow that could let a low-privileged authenticated attacker escape a contained local environment such as a guest...

Microsoft disclosed CVE-2026-40401 on May 12, 2026, as an Important-rated Windows TCP/IP denial-of-service vulnerability caused by a null pointer dereference, affecting supported Windows client and server releases and remediated through the May 2026 security updates. The interesting part is not...

Microsoft disclosed CVE-2026-40398 on May 12, 2026, as an Important-rated Windows Remote Desktop Services elevation-of-privilege vulnerability, with no public disclosure or active exploitation reported at release time and a CVSS base score of 7.8. That combination is easy to misread: not a...

Microsoft disclosed CVE-2026-32209 on May 12, 2026, as a Windows Filtering Platform security feature bypass vulnerability in its May Patch Tuesday release, with public reporting so far confirming the CVE’s existence but offering little public detail about the underlying flaw. That is the story...

Microsoft’s May 12, 2026 Patch Tuesday includes CVE-2026-40397, an Important-severity elevation-of-privilege vulnerability in the Windows Common Log File System driver, with public reporting showing no known exploitation or prior disclosure at release time. The practical reading is not “panic,”...

Microsoft published CVE-2026-40369 on May 12, 2026 as part of its May Patch Tuesday release, identifying it as a Windows kernel-mode driver vulnerability rated Important with a CVSS base score of 7.8. The flaw is not, on the public evidence available today, a panic-grade Windows emergency. But...

Microsoft published CVE-2026-40365 as a Microsoft SharePoint Server remote code execution vulnerability on May 12, 2026, with fixes delivered through SharePoint Server security updates including KB5002870 for SharePoint Server 2019. The important point is not that SharePoint has acquired yet...

Microsoft disclosed CVE-2026-40361, a Microsoft Word remote code execution vulnerability, in its Security Update Guide on May 12, 2026, warning that the bug is serious enough to merit patching even though public technical detail remains limited. That combination — a confirmed vendor advisory, a...

Microsoft published CVE-2026-40358, a Microsoft Office remote code execution vulnerability, in its Security Update Guide for the May 12, 2026 security release, framing the flaw as a credible Office attack path that administrators should treat as patch-now material rather than theoretical noise...

Microsoft disclosed CVE-2026-34339, a Windows Lightweight Directory Access Protocol denial-of-service vulnerability, in its May 12, 2026 Patch Tuesday release, adding it to a 137-CVE Microsoft security batch that also includes Windows TCP/IP, Netlogon, DNS, Hyper-V, Office, Edge, Azure, and...

On May 12, 2026, Microsoft disclosed CVE-2026-34338, an elevation-of-privilege vulnerability in the Windows Telephony Service, through its Security Update Guide as part of the May security update cycle affecting Windows systems that include the legacy telephony component and enterprise...

Microsoft has listed CVE-2026-34337 as a Windows Cloud Files Mini Filter Driver elevation-of-privilege vulnerability in the Security Update Guide, a local Windows flaw whose practical risk depends less on remote reachability than on how quickly attackers can turn sparse public details into...

Microsoft disclosed CVE-2026-33838, a Windows Message Queuing elevation-of-privilege vulnerability, in its Security Update Guide on May 12, 2026, affecting Windows systems where the legacy MSMQ component is present and serviced through the current Windows security update channel. The important...

Microsoft disclosed CVE-2026-33835 on May 12, 2026, as a Windows Cloud Files Mini Filter Driver elevation-of-privilege vulnerability, addressed through the May Patch Tuesday security updates for affected Windows systems and documented in the Microsoft Security Response Center’s Security Update...

Microsoft published CVE-2026-33112 on May 12, 2026, as a Microsoft SharePoint Server remote code execution vulnerability in its Security Update Guide, marking it as a confirmed server-side flaw for administrators to address in the May Patch Tuesday cycle. The dry wording matters because...

Microsoft disclosed CVE-2026-32175, a .NET Core tampering vulnerability, in its Security Update Guide on May 12, 2026, as part of the May Patch Tuesday cycle, identifying the issue as a confirmed flaw in Microsoft’s cross-platform application runtime rather than a speculative third-party report...