Microsoft Patch Tuesday May 2026

13 May 2026
Microsoft Patch Tuesday May 2026

Microsoft addresses 137 flaws, including one zero-days via May 2026 Patch Tuesday

The May edition of the Patch Tuesday update addresses 120 vulnerabilities.

 

Microsoft has addressed the following vulnerabilities through the update:

Vulnerability

Number of flaws

Remote Code Execution

31

Elevation of Privilege (EoP)

61

Denial of Service (DoS)

8

Information Disclosure

14

Spoofing

13

One zero-day vulnerability fixed

CVE-2026-33825 – BlueHammer Microsoft Defender

Microsoft has addressed a zero-day vulnerability in Microsoft Defender that is actively exploited by attackers. The attackers are exploiting this vulnerability to:

 

  • Escalate privileges and gain full system-level control
  • Modify system configurations
  • Disable security tools
  • Execute arbitrary codes
  • Gain unauthorized access to sensitive files, confidential data, and resources over a protected system
  • Laterally move across enterprise networks by leveraging trust relationships
  • Establish persistence by creating hidden admin accounts or installing a backdoor
  • Extract stored credentials, authentication tokens, password hashes, and
  • Deploy malware
  • Cause a network-wide compromise
  • Disrupt operations

 

All the vulnerabilities addressed

The following is the complete list of vulnerabilities addressed in the May 2026 Patch Tuesday: https://msrc.microsoft.com/update-guide/vulnerability

SharkStriker’s recommendations

The following are some of the security recommendations:

  • Immediately apply the May Patch Tuesday update to all the applicable Microsoft products.
  • Prioritize patching the zero-day flaws and internet-facing systems and VPN/IKE components.
  • Restrict and monitor Remote Desktop access for suspicious activity.
  • Disable the preview pane feature in Microsoft Office until it is patched.
  • Enable Multi-Factor Authentication (MFA) for administrative accounts and cloud services.
  • Validate and secure Microsoft Power Apps inputs and usage.
  • Monitor for indicators of exploitation, including privilege escalation attempts, abnormal Office activity, and suspicious authentication logs.
  • Validate if the patches are applied effectively post-patching.

Get in Touch With us

We have explored what risk tolerance and risk appetite are and how important they are together in helping businesses align cybersecurity with their business goals. It can help CISOs, and C-suite make informed investment decisions for cybersecurity.

LEARN MORE