Today’s Patch Tuesday Alert addresses Microsoft’s May 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.
In-the-Wild & Disclosed CVEs
There are no Exploited or Publicly Disclosed vulnerabilities this month.
CVE Breakdown by Tag
While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis. Vulnerabilities are also colour coded to aid with identifying key issues.
- Traditional Software
- Mobile Software
- Cloud or Cloud Adjacent
- Vulnerabilities that are being exploited or that have been disclosed will be highlighted
| Tag | CVE Count | CVEs |
| Azure Entra ID | 1 | CVE-2026-40379 |
| Azure Machine Learning | 2 | CVE-2026-32207, CVE-2026-33833 |
| Azure Managed Instance for Apache Cassandra | 2 | CVE-2026-33109, CVE-2026-33844 |
| Azure Monitor Agent | 2 | CVE-2026-32204, CVE-2026-42830 |
| .NET | 3 | CVE-2026-32177, CVE-2026-35433, CVE-2026-32175 |
| Windows Rich Text Edit | 1 | CVE-2026-21530 |
| Azure SDK | 1 | CVE-2026-33117 |
| Windows Event Logging Service | 1 | CVE-2026-33834 |
| Windows Win32K - GRFX | 6 | CVE-2026-33839, CVE-2026-34330, CVE-2026-34331, CVE-2026-34333, CVE-2026-34347, CVE-2026-40403 |
| Windows Win32K - ICOMP | 2 | CVE-2026-33840, CVE-2026-35417 |
| Windows Kernel | 3 | CVE-2026-33841, CVE-2026-35420, CVE-2026-40369 |
| Windows Message Queuing | 2 | CVE-2026-34329, CVE-2026-33838 |
| Windows Print Spooler Components | 1 | CVE-2026-34342 |
| Windows Application Identity (AppID) Subsystem | 1 | CVE-2026-34343 |
| Windows Ancillary Function Driver for WinSock | 4 | CVE-2026-34344, CVE-2026-34345, CVE-2026-35416, CVE-2026-41088 |
| Windows Storport Miniport Driver | 1 | CVE-2026-34350 |
| Windows TCP/IP | 11 | CVE-2026-34351, CVE-2026-35422, CVE-2026-40399, CVE-2026-40405, CVE-2026-40406, CVE-2026-40414, CVE-2026-40415, CVE-2026-33837, CVE-2026-34334, CVE-2026-40401, CVE-2026-40413 |
| Windows Storage Spaces Controller | 1 | CVE-2026-35415 |
| Windows Cloud Files Mini Filter Driver | 3 | CVE-2026-35418, CVE-2026-33835, CVE-2026-34337 |
| Windows DWM Core Library | 3 | CVE-2026-35419, CVE-2026-42896, CVE-2026-34336 |
| Windows GDI | 1 | CVE-2026-35421 |
| Telnet Client | 1 | CVE-2026-35423 |
| Windows Internet Key Exchange (IKE) Protocol | 1 | CVE-2026-35424 |
| Windows Admin Center | 2 | CVE-2026-35438, CVE-2026-41086 |
| Microsoft Office SharePoint | 6 | CVE-2026-35439, CVE-2026-40368, CVE-2026-33110, CVE-2026-33112, CVE-2026-40357, CVE-2026-40365 |
| Microsoft Office Word | 7 | CVE-2026-35440, CVE-2026-40364, CVE-2026-40366, CVE-2026-40421, CVE-2026-41101, CVE-2026-40361, CVE-2026-40367 |
| Microsoft Office Excel | 3 | CVE-2026-40360, CVE-2026-40359, CVE-2026-40362 |
| Microsoft Office | 5 | CVE-2026-40363, CVE-2026-40419, CVE-2026-42831, CVE-2026-40358, CVE-2026-42832 |
| Power Automate | 1 | CVE-2026-40374 |
| Windows Cryptographic Services | 1 | CVE-2026-40377 |
| Windows Volume Manager Extension Driver | 1 | CVE-2026-40380 |
| Windows Common Log File System Driver | 2 | CVE-2026-40407, CVE-2026-40397 |
| Windows Kernel-Mode Drivers | 2 | CVE-2026-40408, CVE-2026-34332 |
| Windows SMB Client | 1 | CVE-2026-40410 |
| Dynamics Business Central | 1 | CVE-2026-40417 |
| Windows Netlogon | 1 | CVE-2026-41089 |
| Microsoft Data Formulator | 1 | CVE-2026-41094 |
| Data Deduplication | 1 | CVE-2026-41095 |
| Microsoft Windows DNS | 1 | CVE-2026-41096 |
| M365 Copilot | 4 | CVE-2026-41100, CVE-2026-42893, CVE-2026-26129, CVE-2026-26164 |
| Microsoft Office PowerPoint | 1 | CVE-2026-41102 |
| GitHub Copilot and Visual Studio | 1 | CVE-2026-41109 |
| Visual Studio Code | 4 | CVE-2026-41610, CVE-2026-41611, CVE-2026-41612, CVE-2026-41613 |
| M365 Copilot for Desktop | 1 | CVE-2026-41614 |
| Windows Native WiFi Miniport Driver | 1 | CVE-2026-32161 |
| Windows Rich Text Edit Control | 1 | CVE-2026-32170 |
| Microsoft Teams | 2 | CVE-2026-32185, CVE-2026-33823 |
| Windows Telephony Service | 3 | CVE-2026-42825, CVE-2026-34338, CVE-2026-40382 |
| Microsoft Edge for Android | 1 | CVE-2026-35429 |
| Microsoft Dynamics 365 (on-premises) | 2 | CVE-2026-42898, CVE-2026-42833 |
| ASP.NET Core | 1 | CVE-2026-42899 |
| Windows LDAP - Lightweight Directory Access Protocol | 1 | CVE-2026-34339 |
| Windows Projected File System | 1 | CVE-2026-34340 |
| Windows Link-Layer Discovery Protocol (LLDP) | 1 | CVE-2026-34341 |
| SQL Server | 1 | CVE-2026-40370 |
| Windows Filtering Platform (WFP) | 1 | CVE-2026-32209 |
| Windows Remote Desktop | 1 | CVE-2026-40398 |
| Windows Hyper-V | 1 | CVE-2026-40402 |
| Microsoft Office Click-To-Run | 3 | CVE-2026-40418, CVE-2026-35436, CVE-2026-40420 |
| Windows Secure Boot | 1 | CVE-2026-41097 |
| Azure Connected Machine Agent | 1 | CVE-2026-40381 |
| Microsoft SSO Plugin for Jira & Confluence | 1 | CVE-2026-41103 |
| Azure Logic Apps | 1 | CVE-2026-42823 |
| AMD CPU Branch | 1 | CVE-2025-54518 |
| Microsoft Dynamics 365 Customer Insights | 1 | CVE-2026-33821 |
| Copilot Chat (Microsoft Edge) | 1 | CVE-2026-33111 |
| Microsoft Partner Center | 1 | CVE-2026-34327 |
| Azure Cloud Shell | 1 | CVE-2026-35428 |
| Azure AI Foundry M365 published agents | 1 | CVE-2026-35435 |
| Azure DevOps | 1 | CVE-2026-42826 |
| Azure Notification Service | 1 | CVE-2026-41105 |
Other Information
At the time of publication, there were no new advisories included with the May Security Guidance.
Off
