## May 2026 Patch Tuesday Overview **Microsoft's** May 2026 Patch Tuesday brings fixes for 120 security vulnerabilities. Of these, 17 are classified as 'Critical,' posing a significant risk if left unpatched. The majority of the critical vulnerabilities are remote code execution (RCE) flaws, followed by elevation of privilege and information disclosure vulnerabilities. It's important to note that this count excludes vulnerabilities fixed earlier in the month in products like Mariner, Azure, Copilot, **Microsoft Teams**, and **Microsoft** Partner Center, as well as the 131 **Microsoft Edge**/Chromium flaws addressed by **Google**. ## Focus on Microsoft Office Vulnerabilities A significant portion of this month's updates focuses on addressing vulnerabilities within **Microsoft Office**, **Word**, and **Excel**. These vulnerabilities could allow for remote code execution if a user opens a specially crafted malicious file. Given that many of these flaws can be exploited through the preview pane, immediate patching of **Microsoft Office** is strongly recommended, particularly for systems that frequently handle email attachments. ## Key Vulnerabilities to Watch While the full list of 120 vulnerabilities is extensive, several stand out due to their potential impact: * Multiple Remote Code Execution vulnerabilities in **Microsoft Office** (e.g., **CVE-2026-42831**, **CVE-2026-40363**, **CVE-2026-40358**) * Remote Code Execution vulnerabilities in **Microsoft Dynamics 365** (on-premises) (**CVE-2026-42898**, **CVE-2026-42833**) * Information Disclosure Vulnerability in M365 Copilot (**CVE-2026-26164**) ## Complete List of Resolved Vulnerabilities Below is a table summarizing the resolved vulnerabilities in the May 2026 Patch Tuesday updates. For detailed information on each vulnerability, including affected systems, refer to the [full report here](https://www.bleepingcomputer.com/microsoft-patch-tuesday-reports/Microsoft-Patch-Tuesday-May-2026.html). | Tag | CVE ID | CVE Title | Severity | | ----------------------------- | ------------- | ------------------------------------------------------------------------- | ---------- | | .NET | CVE-2026-35433 | .NET Elevation of Privilege Vulnerability | Important | | .NET | CVE-2026-32177 | .NET Elevation of Privilege Vulnerability | Important | | .NET | CVE-2026-32175 | .NET Core Tampering Vulnerability | Important | | AMD CPU Branch | CVE-2025-54518 | AMD: CVE-2025-54518 CPU OP Cache Corruption | Important | | ASP.NET Core | CVE-2026-42899 | ASP.NET Core Denial of Service Vulnerability | Important | | Azure Connected Machine Agent | CVE-2026-40381 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important | | Azure Logic Apps | CVE-2026-42823 | Azure Logic Apps Elevation of Privilege Vulnerability | Important | | Azure Machine Learning | CVE-2026-33833 | Azure Machine Learning Notebook Spoofing Vulnerability | Important | | Azure Monitor Agent | CVE-2026-32204 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important | | Azure Monitor Agent | CVE-2026-42830 | Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability | Important | | Azure SDK | CVE-2026-33117 | Azure SDK for Java Security Feature Bypass Vulnerability | Important | | Data Deduplication | CVE-2026-41095 | Data Deduplication Elevation of Privilege Vulnerability | Important | | Dynamics Business Central | CVE-2026-40417 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Important | | GitHub Copilot and Visual Studio | CVE-2026-41109 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important | | M365 Copilot | CVE-2026-41100 | Microsoft 365 Copilot for Android Spoofing Vulnerability | Important | | M365 Copilot | CVE-2026-42893 | Microsoft Outlook for iOS Tampering Vulnerability | Important | | M365 Copilot | CVE-2026-26164 | M365 Copilot Information Disclosure Vulnerability | Critical | | M365 Copilot for Desktop | CVE-2026-41614 | M365 Copilot for Desktop Spoofing Vulnerability | Important | | Microsoft Data Formulator | CVE-2026-41094 | Microsoft Data Formulator Remote Code Execution Vulnerability | Important | | Microsoft Dynamics 365 (on-premises) | CVE-2026-42898 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | Critical | | Microsoft Dynamics 365 (on-premises) | CVE-2026-42833 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | Important | | Microsoft Office | CVE-2026-42832 | Microsoft Office Spoofing Vulnerability | Important | | Microsoft Office | CVE-2026-42831 | Microsoft Office Remote Code Execution Vulnerability | Critical | | Microsoft Office | CVE-2026-40363 | Microsoft Office Remote Code Execution Vulnerability | Critical | | Microsoft Office | CVE-2026-40419 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important | | Microsoft Office | CVE-2026-40358 | Microsoft Office Remote Code Execution Vulnerability | Critical | | Microsoft Office Click-To-Run | CVE-2026-35436 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important | | Microsoft Office Click-To-Run | CVE-2026-40420 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important | | Microsoft Office Click-To-Run | CVE-2026-40418 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important | | Microsoft Office Excel | CVE-2026-40360 | Microsoft Excel Information Disclosure Vulnerability | Important | | Microsoft Office Excel | CVE-2026-40362 | Microsoft Excel Remote Code Execution Vulnerability | Important | | Microsoft Office Excel | CVE-2026-40359 | Microsoft Excel Remote Code Execution Vulnerability | Important | | Microsoft Office PowerPoint | CVE-2026-40361 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important | ## Recommendations Given the high number of critical RCE vulnerabilities, particularly in **Microsoft Office**, prioritizing patching is crucial. Ensure that all systems are updated promptly to mitigate potential risks. Pay close attention to systems handling email attachments, as they are prime targets for exploitation.