Microsoft May 2026 Patch Tuesday Fixes 120 Vulnerabilities, No Zero-Day Exploits Reported

Microsoft has rolled out its May 2026 Patch Tuesday security updates, delivering fixes for approximately 120 vulnerabilities across Windows, Microsoft Office, networking services, and enterprise platforms. Unlike several recent monthly releases, this update contains no publicly disclosed or actively exploited zero-day vulnerabilities, making it a relatively less chaotic cycle for IT and security teams. Even without emergency-level exploits, the Microsoft May 2026 Patch Tuesday release remains significant due to the large number of critical flaws addressed. The company confirmed that the update resolves 17 critical vulnerabilities, including 14 remote code execution (RCE) flaws, two elevation-of-privilege issues, and one information disclosure vulnerability. Microsoft May 2026 Patch Tuesday: Vulnerabilities That Demand Attention One of the most important areas covered in the May 2026 Patch Tuesday update involves multiple vulnerabilities affecting Microsoft Office applications, particularly Word and Excel. According to Microsoft, attackers could exploit these flaws by tricking users into opening malicious files. Several of the vulnerabilities can also be triggered through the preview pane, allowing remote code execution without fully opening the attachment. Because Office documents remain a common attack vector in phishing campaigns, security professionals are strongly recommending that organizations prioritize deployment of these updates, especially in environments where employees regularly receive external attachments. Windows GDI Flaw Allows Exploitation Through Microsoft Paint Among the noteworthy issues patched during Microsoft’s May 2026 Patch Tuesday rollout is CVE-2026-35421, a Windows GDI remote code execution vulnerability. The flaw can be exploited through a malicious Enhanced Metafile (EMF) image opened in Microsoft Paint. Successful exploitation could allow attackers to execute arbitrary code on the victim’s machine. Although the attack requires user interaction, researchers warned that image-based attacks are often effective because users may not recognize specially crafted files as dangerous. SharePoint and DNS Vulnerabilities Raise Enterprise Security Concerns Another major vulnerability addressed in the May 2026 Patch Tuesday release is CVE-2026-40365, a remote code execution flaw affecting Microsoft SharePoint Server. Microsoft stated that an authenticated attacker could use the vulnerability to launch a network-based attack capable of remotely executing code on vulnerable SharePoint systems. Since SharePoint environments often store sensitive internal data and business documents, the flaw is expected to receive close attention from enterprise administrators. The company also patched CVE-2026-41096, a serious Windows DNS Client remote code execution vulnerability. The flaw involves improper handling of specially crafted DNS responses sent by attacker-controlled DNS servers. The issue stems from a heap-based buffer overflow condition in Windows NetLogon functionality. A successful attack could corrupt system memory and allow remote code execution without requiring authentication. Dynamics 365 Vulnerability Carries Near-Maximum Severity Score Another critical issue fixed during the Microsoft May 2026 Patch Tuesday cycle is CVE-2026-42898, a remote code execution vulnerability affecting on-premises versions of Microsoft Dynamics 365. The flaw received a CVSS severity score of 9.9 and requires no user interaction for exploitation. Researchers warned that attacks targeting Dynamics 365 environments could have widespread consequences because the platform frequently connects with multiple enterprise systems and sensitive databases. Previous attacks involving Dynamics infrastructure have exposed privileged business information, making this vulnerability especially concerning for large organizations. Windows 11 Cumulative Updates Introduce New Features As part of the May 2026 Patch Tuesday rollout, Microsoft released Windows 11 cumulative updates KB5089549 and KB5087420 for versions 25H2, 24H2, and 23H2. The updates are mandatory because they contain the latest security fixes and stability improvements. After installation: Windows 11 25H2 updates to build 26200.8457 Windows 11 24H2 updates to build 26100.8457 Windows 11 23H2 updates to build 22631.7079 Microsoft confirmed that versions 25H2 and 24H2 share the same underlying update structure, meaning users receive identical fixes and improvements across both versions. Xbox-Inspired Desktop Experience Added to Windows 11 One of the more noticeable additions included in the Microsoft May 2026 Patch Tuesday update is a new Xbox-style desktop experience for PCs. The feature is designed to provide a console-like interface on Windows devices. Alongside the visual changes, Microsoft also introduced reliability improvements for the taskbar and enhancements to Windows Hello authentication. The update improves both Windows Hello Face recognition reliability and the persistence of fingerprint authentication across system upgrades. File Explorer Receives Major Improvements File Explorer received several updates in the latest May 2026 Patch Tuesday release. Microsoft expanded archive support to include formats such as: uu cpio xar NuGet Packages (nupkg) The company also improved how File Explorer preserves View and Sort preferences in folders like Downloads and Documents when applications directly launch those locations. Additionally, Microsoft fixed a white flash issue that sometimes appeared in dark mode while opening “This PC” or resizing the Details pane. Explorer.exe reliability was also enhanced to reduce crashes and improve overall responsiveness. Input, Voice Typing, and Haptic Feedback Enhancements The Microsoft May 2026 Patch Tuesday updates introduced several improvements to input and accessibility features. Compatible devices can now provide haptic feedback during actions such as snapping windows or aligning PowerPoint objects. Current supported hardware includes: Surface Slim Pen 2 ASUS Pen 3.0 MSI Pen 2 Microsoft added that support for additional peripherals, including select mouse devices, could arrive in future hardware updates. Voice typing on the touch keyboard also received a redesign. The updated interface removes the previous full-screen overlay and displays animations directly on the dictation key to reduce distractions. In addition, Microsoft introduced the Arabic 101 Legacy keyboard layout for users who prefer the earlier Arabic keyboard configuration. Storage, Printing, and Performance Updates Included Several broader system improvements were bundled into the May 2026 Patch Tuesday release. Microsoft increased the FAT32 formatting limit through the command line from 32GB to 2TB. The update also improves storage settings performance when viewing large disk volumes. Additional changes include: Reduced memory usage in Delivery Optimization Improved audio driver compatibility with midisrv.exe Better taskbar system tray reliability Enhanced startup application performance Improved monitor color profile persistence Simplified kiosk mode app configuration The update also introduces a new icon identifying printers that support Windows Protected Print Mode. Microsoft Introduces More Secure Batch File Processing Microsoft added a new security-focused feature aimed at administrators and enterprise policy managers. The May 2026 Patch Tuesday update introduces a secure processing mode for batch files and Command Prompt scripts. When enabled, the feature prevents batch files from being modified during execution. Administrators can activate the setting using the following registry path: Registry Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor Value Name: LockBatchFilesWhenInUse The feature can also be enabled through Application Control for Business policies.