Microsoft Patch Tuesday May 2026
13 May 2026
Microsoft addresses 137 flaws, including one zero-days via May 2026 Patch Tuesday
The May edition of the Patch Tuesday update addresses 120 vulnerabilities.
Microsoft has addressed the following vulnerabilities through the update:
|
Vulnerability |
Number of flaws |
|
Remote Code Execution |
31 |
|
Elevation of Privilege (EoP) |
61 |
|
Denial of Service (DoS) |
8 |
|
Information Disclosure |
14 |
|
Spoofing |
13 |
One zero-day vulnerability fixed
CVE-2026-33825 – BlueHammer Microsoft Defender
Microsoft has addressed a zero-day vulnerability in Microsoft Defender that is actively exploited by attackers. The attackers are exploiting this vulnerability to:
- Escalate privileges and gain full system-level control
- Modify system configurations
- Disable security tools
- Execute arbitrary codes
- Gain unauthorized access to sensitive files, confidential data, and resources over a protected system
- Laterally move across enterprise networks by leveraging trust relationships
- Establish persistence by creating hidden admin accounts or installing a backdoor
- Extract stored credentials, authentication tokens, password hashes, and
- Deploy malware
- Cause a network-wide compromise
- Disrupt operations
All the vulnerabilities addressed
The following is the complete list of vulnerabilities addressed in the May 2026 Patch Tuesday: https://msrc.microsoft.com/update-guide/vulnerability
SharkStriker’s recommendations
The following are some of the security recommendations:
- Immediately apply the May Patch Tuesday update to all the applicable Microsoft products.
- Prioritize patching the zero-day flaws and internet-facing systems and VPN/IKE components.
- Restrict and monitor Remote Desktop access for suspicious activity.
- Disable the preview pane feature in Microsoft Office until it is patched.
- Enable Multi-Factor Authentication (MFA) for administrative accounts and cloud services.
- Validate and secure Microsoft Power Apps inputs and usage.
- Monitor for indicators of exploitation, including privilege escalation attempts, abnormal Office activity, and suspicious authentication logs.
- Validate if the patches are applied effectively post-patching.