Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming
Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft […]
Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles.
The affected products span virtually the entire Microsoft portfolio: Windows and its components, Office, Edge, Azure, .NET, Visual Studio, SQL Server, the various Copilot products, and, a detail that will raise an eyebrow or two, the Telnet client. Curiously, in 2026, the Telnet client still needs a security patch.
Related breach coverage
- Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold2026-05-13
Five months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.
- Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code2026-05-13
Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws. The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code appeared first on SecurityWeek.
- Fortinet, Ivanti Patch Critical Vulnerabilities2026-05-13
Successful exploitation of these flaws could lead to arbitrary code execution and information disclosure. The post Fortinet, Ivanti Patch Critical Vulnerabilities appeared first on SecurityWeek.
- Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises2026-05-13
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.