Microsoft May 2026 Patch Tuesday, (Tue, May 12th)

Today's Microsoft patch Tuesday fixes 137 different vulnerabilities. In addition, the update addresses 137 Chromium-related issues affecting Microsoft Edge. There are no already disclosed or already exploited vulnerabilities included in today's patches. I removed the Chromium issues from the table below and included only the 137 Microsoft issues to make it more readable. Note that issues related to Microsoft Azure are labeled as no customer action required. Significant Vulnerabilities of interest: CVE-2026-41103: This vulnerability affects the Microsoft SSO Plugin for Jira Confluence. Exploitation could lead to an elevation of privileges. With ongoing supply chain attacks, development and CI/CD tools like Jira and Confluence are popular targets. CVE-2026-41089: A preauthentication remote code execution vulnerability in the Netlogon service will always be a juicy target, worth some AI tokens to write an exploit for. Other critical vulnerabilities include the usual Word and Microsoft Office issues. Description CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG) .NET Core Tampering Vulnerability %%cve:2026-32175%% No No - - Important 4.3 3.8 .NET Elevation of Privilege Vulnerability %%cve:2026-32177%% No No - - Important 7.3 6.4 %%cve:2026-35433%% No No - - Important 7.3 6.4 ASP.NET Core Denial of Service Vulnerability %%cve:2026-42899%% No No - - Important 7.5 6.5 Azure AI Foundry Elevation of Privilege Vulnerability (no customer action required) %%cve:2026-35435%% No No - - Critical 8.6 7.5 Azure Cloud Shell Spoofing Vulnerability (no customer action required) %%cve:2026-35428%% No No - - Critical 9.6 8.3 Azure Connected Machine Agent Elevation of Privilege Vulnerability %%cve:2026-40381%% No No - - Important 7.8 6.8 Azure DevOps Information Disclosure Vulnerability (no customer action required) %%cve:2026-42826%% No No - - Critical 10.0 8.7 Azure Logic Apps Elevation of Privilege Vulnerability %%cve:2026-42823%% No No - - Important 9.9 8.6 Azure Machine Learning Notebook Spoofing Vulnerability (no customer action required) %%cve:2026-32207%% No No - - Critical 8.8 7.7 %%cve:2026-33833%% No No - - Important 8.2 7.1 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability (no customer action required) %%cve:2026-33109%% No No - - Critical 9.9 8.6 %%cve:2026-33844%% No No - - Critical 9.0 7.8 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability (no customer action required) %%cve:2026-41105%% No No - - Critical 8.1 7.1 Azure Monitor Agent Elevation of Privilege Vulnerability %%cve:2026-32204%% No No - - Important 7.8 6.8 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability %%cve:2026-42830%% No No - - Important 6.5 5.7 Azure SDK for Java Security Feature Bypass Vulnerability %%cve:2026-33117%% No No - - Important 9.1 7.9 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability (no customer actio