Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities, No Zero-Day Exploits Reported

Microsoft's May 2026 Patch Tuesday addresses about 120 vulnerabilities, including 17 critical flaws (14 remote code execution issues) across Office, Windows GDI, SharePoint, DNS Client, and Dynamics 365; notable entries include a CVSS 9.9 Dynamics 365 RCE (CVE-2026-42898) that requires no user interaction and a GDI EMF RCE exploitable via Microsoft Paint. The bulletin urges prioritizing deployment of updates—particularly for Office attachments, SharePoint, DNS client, and Dynamics 365—while also describing several Windows 11 feature and reliability improvements bundled with the security fixes.