Microsoft Patch Tuesday – May 2026

Microsoft's May 2026 Patch Tuesday fixes 137 vulnerabilities, including 30 Critical issues such as unauthenticated RCEs in Netlogon (CVE-2026-41089) and the Windows DNS client (CVE-2026-41096), a Hyper-V guest escape (CVE-2026-40402), code-execution flaws in on-premises Dynamics 365 and SharePoint, and two Microsoft Word RCEs assessed as “Exploitation More Likely”; no confirmed zero-days or active exploitation were reported, but the bulletin recommends prioritizing patches for on-premises domain controllers, servers, and systems performing DNS resolution.