Microsoft addresses 137 vulnerabilities in May’s Patch Tuesday, including 13 rated critical

Microsoft's Patch Tuesday disclosed 137 vulnerabilities across enterprise products, including 13 critical issues — notably unauthenticated remote-code-execution flaws in Windows DNS (CVE-2026-41096) and Netlogon (CVE-2026-41089), and a CVSS 9.9 Dynamics 365 vulnerability (CVE-2026-42898). While Microsoft reported no actively exploited zero-days, the vendor designated 13 defects as more likely to be exploited, and researchers warned that several of the bugs could enable broad enterprise compromise if not patched promptly.