Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs

Microsoft released fixes for 137 CVEs including 30 critical flaws; notable high-severity RCEs include CVE-2026-41096 (Windows DNS Client heap overflow allowing unauthenticated RCE), CVE-2026-41089 (Netlogon stack overflow, wormable unauthenticated RCE), and CVE-2026-42898 (Dynamics 365 on-premises RCE). Microsoft reports no known active exploitation and has mitigated a 10.0-rated Azure DevOps information disclosure; administrators are urged to prioritize testing and deploying patches immediately.