It's Patch Tuesday for Microsoft and Not a Zero-Day In Sight

Microsoft's May 2026 Patch Tuesday addressed 137 CVEs (part of over 500 YTD), including 13 likely-to-be-exploited bugs and nine critical/near-maximum severity issues such as RCEs in Office Word (preview/reading pane attack vector), high-severity Azure and Dynamics 365 flaws, and a notable Netlogon RCE; while several flaws require no user interaction and pose broad enterprise risk, Microsoft stated there were no actively exploited zero-days in this update and some cloud services were already mitigated.