Microsoft’s Patch Tuesday Update Targets 120 Security Flaws

Microsoft’s May Patch Tuesday fixes 120 vulnerabilities across Windows and other products, including 31 remote code execution (RCE) flaws and 61 privilege escalation issues. BleepingComputer highlights three particularly dangerous RCEs (CVE-2026-35421, CVE-2026-40365, CVE-2026-41096) that can be triggered by interacting with crafted files or responses; no zero-days or active exploitation were reported, but organizations are urged to deploy the updates immediately to prevent attackers from reverse-engineering the patches and building exploits.