{"vulnerability": "cve-2026-4109", "sightings": [{"uuid": "8f042038-a6c6-4b9b-96a9-5855150b5202", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41094", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "cacc7ac8-6ee1-4531-a92b-434c244b8649", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116562993166953349", "content": "The severity is increased for this new vulnerability affecting Microsoft Windows (CVE-2026-41096) https://vuldb.com/vuln/363214", "creation_timestamp": "2026-05-12T18:22:12.383319Z"}, {"uuid": "0f88a041-df05-4dcc-8047-733e60c80b24", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "55fab201-b97e-4068-a51c-b22796919893", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/", "content": "Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers — including Apple, Google, Microsoft, Mozilla and Oracle — fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.\n\nAs it does on the second Tuesday of every month, Microsoft today released software updates to address at least 118 security vulnerabilities in its various Windows operating systems and other products. Remarkably, this is the first Patch Tuesday in nearly two years that Microsoft is not shipping any fixes to deal with emergency zero-day flaws that are already being exploited. Nor have any of the flaws fixed today been previously disclosed (potentially giving attackers a heads up in how to exploit the weakness).\n\nSixteen of the vulnerabilities earned Microsoft’s most-dire “critical” label, meaning malware or miscreants could abuse these bugs to seize remote control over a vulnerable Windows device with little or no help from the user. Rapid7 has done much of the heavy lifting in identifying some of the more concerning critical weaknesses this month, including:<span id=\"more-73582\"></span>\n\n\n\nCVE-2026-41089: A critical stack-based buffer overflow in Windows Netlogon that offers an attacker SYSTEM privileges on the domain controller. No privileges or user interaction are required, and attack complexity is low. Patches are available for all versions of Windows Server from 2012 onwards.\n\nCVE-2026-41096: A critical RCE in the Windows DNS client implementation worthy of attention despite Microsoft assessing exploitation as less likely.\n\nCVE-2026-41103: A critical elevation of privilege vulnerability that allows an unauthorized attacker to impersonate an existing user by presenting forged credentials, thus bypassing Entra ID. Microsoft expects that exploitation is more likely.\n\n\nMay’s Patch Tuesday is a welcome respite from April, which saw Microsoft fix a near-record 167 security flaws. Microsoft was among a few dozen tech giants given access to a “Project Glasswing,” a much-hyped AI capability developed by Anthropic that appears quite effective at unearthing security vulnerabilities in code.\n\nApple, another early participant in Project Glasswing, typically fixes an average of 20 vulnerabilities each time it ships a security update for iOS devices, said Chris Goettl, vice president of product management at Ivanti. On May 11, Apple shipped iOS 15, which addressed at least 52 vulnerabilities and backported the changes all the way to iPhone 6s and iOS 15.\n\nLast month, Mozilla released Firefox 150, which resolved a whopping 271 vulnerabilities that were reportedly discovered during the Glasswing evaluation.\n\n“Since Firefox 150.0.0 released, they have been on a more aggressive weekly cadence for security updates including the release of Firefox 150.0.3 on May Patch Tuesday resolving between three to five CVEs in each release,” Goettl said.\n\nThe software giant Oracle likewise recently increased its patch pace in response to their work with Glasswing. In its most recent quarterly patch update, Oracle addressed at least 450 flaws, including more than 300 fixes for remotely exploitable, unauthenticated flaws. But at the end of April, Oracle announced it was switching to a monthly update cycle for critical security issues.\n\nOn May 8, Google started rolling out updates to its Chrome browser that fixed an astonishing 127 security flaws (up from just 30 the previous month). Chrome automagically downloads available security updates, but installing them requires fully restarting the browser.\n\nIf you encounter any weirdness applying the updates from Microsoft or any other vendor mentioned here, feel free to sound off in the comments below. Meantime, if you haven’t backed up your data and/or drive lately, doing that before updating is generally sound advice. For a more granular look at the Microsoft updates released today, checkout this inventory by the SANS Internet Storm Center.", "creation_timestamp": "2026-05-12T19:46:45.000000Z"}, {"uuid": "26b37f0a-c999-48ad-9fc9-8719c5ec75c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41097", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "23e1ebee-0819-44ac-abd0-b36e74a6def9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://nsm.no/fagomrader/digital-sikkerhet/nasjonalt-cybersikkerhetssenter/varsler-fra-nsm/microsoft-patchetirsdag-mai", "content": "", "creation_timestamp": "2026-05-12T11:57:43.000000Z"}, {"uuid": "eb3711b9-f56c-4889-8bc1-9681508cba2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/jackc.kompost.cz.ap.brid.gy/post/3mlppz3xjqrs2", "content": "Microsoft Patch Tuesday 05/2026:\n- opravy 120 zranitelnost\u00ed ve Windows, Officech, ale tak\u00e9 t\u0159eba Malov\u00e1n\u00ed(!)\n- 17 kritick\u00fdch (z toho 14x RCE)\n- krom toho mnoho (130+) oprav Edge nebo Teams\u016f\n\nVelmi zaj\u00edmav\u011b vypad\u00e1 zranitelnost CVE-2026-41096 ve Windows DNS klientovi(!), kter\u00e1 umo\u017e\u0148uje vzd\u00e1len\u00e9 [\u2026]", "creation_timestamp": "2026-05-13T06:57:38.419380Z"}, {"uuid": "6f282494-449c-46cd-ac64-0fca86042a86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/securityrss.bsky.social/post/3mlos6tmf6627", "content": "Microsoft's May 2026 Patch Tuesday addresses 120 vulnerabilities, including 29 critical remote code execution (RCE) flaws across various products like Windows, Office, and Azure. Notable CVEs include CVE-2026-41096 (Windows DNS Client) and CVE-2026-41089 (Netlogon).", "creation_timestamp": "2026-05-12T22:03:52.141980Z"}, {"uuid": "13d78909-61be-4cd9-98ee-abf16e868cb2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41095", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "b642c9db-fb25-413d-89c1-37ba9c0fa0cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41094", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0143", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse Developer Tools. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Omzeilen van een beveiligingsmaatregel\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Toegang tot gevoelige gegevens\n\nDe kwetsbaarheid met kenmerk CVE-2026-42826 is centraal verholpen door Microsoft en slechts toegevoegd ter informatie. Er zijn hiervoor geen verdere acties benodigd.\n\n```\nAzure DevOps: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42826 | 10.00 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nVisual Studio Code: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41610 | 6.30 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-41611 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-41612 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-41613 | 8.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Data Formulator: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41094 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nASP.NET Core: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42899 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\n.NET: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32177 | 7.30 | Denial-of-Service                   | \n| CVE-2026-35433 | 7.30 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-32175 | 4.30 |                 | \n|----------------|------|-------------------------------------|\n\nGitHub Copilot and Visual Studio: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41109 | 8.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:17.000000Z"}, {"uuid": "d56ae706-1095-4b30-8692-100e7b25ac35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://t.me/kasperskyb2b/2166", "content": "\ud83d\udcbb \u041c\u0430\u0439\u0441\u043a\u0438\u0439 Patch Tuesday: 118 \u0431\u0430\u0433\u043e\u0432, \u043d\u043e \u0431\u0435\u0437 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432\n\n\u0420\u0435\u0434\u043c\u043e\u043d\u0434 \u0440\u0430\u0437\u0440\u043e\u0434\u0438\u043b\u0441\u044f \u0432 \u043c\u0430\u0435 \u0441\u043e\u043b\u0438\u0434\u043d\u044b\u043c \u043f\u0430\u043a\u0435\u0442\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439, \u043d\u043e \u0432\u043f\u0435\u0440\u0432\u044b\u0435 \u0441 \u043b\u0435\u0442\u0430 2024 \u0433\u043e\u0434\u0430 \u043d\u0435 \u0430\u043d\u043e\u043d\u0441\u0438\u0440\u043e\u0432\u0430\u043b \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0451\u043d\u043d\u044b\u0445 \u0434\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f. \n\n16 \u0434\u0435\u0444\u0435\u043a\u0442\u043e\u0432 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0438 \u0440\u0435\u0439\u0442\u0438\u043d\u0433 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445, 14 \u0438\u0437 \u043d\u0438\u0445 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a RCE, \u0430 2 \u2014 \u043a \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044e \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439. \u041f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0441\u0442\u0430\u043b\u043e \u0441\u0430\u043c\u043e\u0439 \u043e\u0431\u0448\u0438\u0440\u043d\u043e\u0439 \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u0435\u0439, 57 \u0431\u0430\u0433\u043e\u0432. RCE \u043d\u0430 \u0432\u0442\u043e\u0440\u043e\u043c \u043c\u0435\u0441\u0442\u0435 \u0441 29 \u0434\u0435\u0444\u0435\u043a\u0442\u0430\u043c\u0438. 9 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0442 \u043a \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0435\u043d\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 8 \u2014 \u043e\u0442\u043a\u0430\u0437\u0443 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438, 6 \u2014 \u043e\u0431\u0445\u043e\u0434\u0443 \u0444\u0443\u043d\u043a\u0446\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0438 7 \u2014 \u043a \u0441\u043f\u0443\u0444\u0438\u043d\u0433\u0443.\n\n\u0425\u043e\u0442\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0431\u0430\u0433\u043e\u0432 (\u043f\u043e\u043a\u0430) \u043d\u0435 \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u043e, \u043c\u043d\u043e\u0433\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u0434\u0435\u0444\u0435\u043a\u0442\u044b \u0432\u044b\u0437\u044b\u0432\u0430\u044e\u0442 \u0442\u0440\u0435\u0432\u043e\u0433\u0443 \u0438 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043e\u043f\u0435\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439:\n\nCVE-2026-41096 (CVSS 9.8) \u2014 RCE \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 Windows DNS client (!)\nCVE-2026-41089 (CVSS 9.8) \u2014 RCE \u0447\u0435\u0440\u0435\u0437 \u0441\u043b\u0443\u0436\u0431\u0443 Netlogon\nCVE-2026-33841, -35420, -40369 \u2014 \u0442\u0440\u0438 EoP \u0432 \u044f\u0434\u0440\u0435 Windows c CVSS 7.8, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0438\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 SYSTEM.\nCVE-2026-40402 (CVSS 9.3) \u2014 EoP \u0432 Windows Hyper-V, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0438\u0437\u043a\u043e\u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0433\u043e\u0441\u0442\u044e \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c system \u043d\u0430 \u0445\u043e\u0441\u0442\u0435 \nCVE-2026-40365 (CVSS 8.8) \u2014 RCE \u0432 SharePoint, \u0442\u0440\u0435\u0431\u0443\u044e\u0442\u0441\u044f \u043f\u0440\u0430\u0432\u0430 \u0445\u043e\u0442\u044f \u0431\u044b \u0443\u0440\u043e\u0432\u043d\u044f site owner\nCVE-2026-41103 (CVSS 8.8) \u2014 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0447\u0435\u0440\u0435\u0437 \u043f\u043b\u0430\u0433\u0438\u043d Microsoft SSO \u0434\u043b\u044f  Jira & Confluence\nCVE-2026-42898 (CVSS 9.8) \u2014 RCE \u0432 \u043e\u043d-\u043f\u0440\u0435\u043c \u0432\u0435\u0440\u0441\u0438\u0438  Dynamics 365 \n\n\u0417\u0430\u0432\u0435\u0440\u0448\u0438\u043c \u043d\u0430\u0448\u0443 \u0442\u0435\u043b\u0435\u0433\u0440\u0430\u043c\u043c\u0443 \u0431\u043e\u0434\u0440\u043e\u0439 \u0447\u0435\u0442\u0432\u0451\u0440\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Office, \u0430 \u0442\u043e\u0447\u043d\u0435\u0435 \u0432 Word, \u043a\u0430\u0436\u0434\u0430\u044f \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 \u0438\u0437 \u043f\u0430\u043d\u0435\u043b\u0438 \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430 \u0438 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430: CVE-2026-40361, -40364, -40366 \u0438 -40367.\n\n\u041e\u0431\u043d\u043e\u0432\u043b\u044f\u0435\u043c\u0441\u044f, \u0434\u0430\u043c\u044b \u0438 \u0433\u043e\u0441\u043f\u043e\u0434\u0430.\n\n#\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 @\u041f2\u0422", "creation_timestamp": "2026-05-13T08:00:07.000000Z"}, {"uuid": "6f0440e3-ecd0-4121-bea5-3b341d9b8ce3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "5e59485a-1bd7-4f3a-b5da-4d6e3d0e572f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41097", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "de069af8-415f-4eaf-acee-8e9f871bae27", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41094", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "879cf379-db05-45df-8ffa-2ef7c01d83af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41095", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "067e4e24-d424-41e2-bf90-a9463b718991", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116567592141770671", "content": "\ud83d\udcf0 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE\nMicrosoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! \ud83d\udea8 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! \u2705 #PatchTuesday\n\ud83d\udd17 https://cyber.netsecops.io", "creation_timestamp": "2026-05-13T13:51:41.289228Z"}, {"uuid": "9c4d65e1-9f8b-4682-b2b9-8729afe7521e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41095", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141", "content": "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Uitvoeren van willekeurige code (root/admin-rechten)\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n\nDe ernstigste kwetsbaarheden hebben kenmerken CVE-2026-40402, CVE-2026-41089 en CVE-2026-41096 toegewezen gekregen en bevinden zich respectievelijk in Hyper-V, NETLOGON en de DNS Client. De kwetsbaarheid in Hyper-V stelt een geauthenticeerde kwaadwillende in staat om uit de Guest-VM te breken en toegang te krijgen tot geheugen van de host en mogelijk willekeurige code uit te voeren op de host. De kwetsbaarheden in NETLOGON en de DNS Client stellen een ongeauthenticeerde kwaadwillende op afstand in staat om willekeurige code uit te voeren op het kwetsbare systeem.\n\n**Met name Domain Controllers die toegankelijk zijn vanaf externe netwerken lopen een hoog risico voor actief misbruik van de kwetsbaarheid in NETLOGON.**\n\nHet verdient altijd aanbeveling om een systeem met de rol van Domain Controller niet publiek toegankelijk te hebben en, indien dit noodzakelijk is, additionele maatregelen te hebben genomen.\n\n```\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34340 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34343 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nUndisclosed: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41095 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40398 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41096 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34344 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34345 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35416 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-41088 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33841 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35420 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40369 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41097 | 6.70 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Native WiFi Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32161 | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40408 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34332 | 8.00 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nTelnet Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35423 | 5.40 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34342 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows SMB Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40410 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35415 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32209 | 4.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Volume Manager Extension Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40380 | 6.20 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40377 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33839 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34330 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34331 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34333 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34347 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40403 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35438 | 8.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40402 | 9.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit Control: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32170 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33834 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35424 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41089 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Storport Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34350 | 6.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40407 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40397 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-33835 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34337 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33840 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35417 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35421 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21530 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34351 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35422 | 6.50 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-40399 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40405 | 7.50 | Denial-of-Service                   | \n| CVE-2026-40406 | 7.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40414 | 7.40 | Denial-of-Service                   | \n| CVE-2026-40415 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-33837 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34334 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40401 | 6.20 | Denial-of-Service                   | \n| CVE-2026-40413 | 7.40 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34339 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42825 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34338 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40382 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34329 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33838 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35419 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42896 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34336 | 7.80 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Link-Layer Discovery Protocol (LLDP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34341 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\n```", "creation_timestamp": "2026-05-12T15:52:42.000000Z"}, {"uuid": "91175d7f-d560-4f28-b040-ff478f275f8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141", "content": "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Uitvoeren van willekeurige code (root/admin-rechten)\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n\nDe ernstigste kwetsbaarheden hebben kenmerken CVE-2026-40402, CVE-2026-41089 en CVE-2026-41096 toegewezen gekregen en bevinden zich respectievelijk in Hyper-V, NETLOGON en de DNS Client. De kwetsbaarheid in Hyper-V stelt een geauthenticeerde kwaadwillende in staat om uit de Guest-VM te breken en toegang te krijgen tot geheugen van de host en mogelijk willekeurige code uit te voeren op de host. De kwetsbaarheden in NETLOGON en de DNS Client stellen een ongeauthenticeerde kwaadwillende op afstand in staat om willekeurige code uit te voeren op het kwetsbare systeem.\n\n**Met name Domain Controllers die toegankelijk zijn vanaf externe netwerken lopen een hoog risico voor actief misbruik van de kwetsbaarheid in NETLOGON.**\n\nHet verdient altijd aanbeveling om een systeem met de rol van Domain Controller niet publiek toegankelijk te hebben en, indien dit noodzakelijk is, additionele maatregelen te hebben genomen.\n\n```\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34340 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34343 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nUndisclosed: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41095 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40398 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41096 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34344 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34345 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35416 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-41088 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33841 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35420 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40369 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41097 | 6.70 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Native WiFi Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32161 | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40408 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34332 | 8.00 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nTelnet Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35423 | 5.40 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34342 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows SMB Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40410 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35415 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32209 | 4.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Volume Manager Extension Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40380 | 6.20 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40377 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33839 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34330 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34331 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34333 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34347 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40403 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35438 | 8.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40402 | 9.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit Control: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32170 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33834 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35424 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41089 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Storport Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34350 | 6.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40407 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40397 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-33835 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34337 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33840 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35417 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35421 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21530 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34351 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35422 | 6.50 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-40399 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40405 | 7.50 | Denial-of-Service                   | \n| CVE-2026-40406 | 7.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40414 | 7.40 | Denial-of-Service                   | \n| CVE-2026-40415 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-33837 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34334 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40401 | 6.20 | Denial-of-Service                   | \n| CVE-2026-40413 | 7.40 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34339 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42825 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34338 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40382 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34329 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33838 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35419 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42896 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34336 | 7.80 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Link-Layer Discovery Protocol (LLDP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34341 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\n```", "creation_timestamp": "2026-05-12T15:52:42.000000Z"}, {"uuid": "18f0611c-5575-48fe-88fd-f3f1a4e2a0a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41097", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0141", "content": "Microsoft heeft kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Denial-of-Service (DoS)\n- Uitvoeren van willekeurige code (root/admin-rechten)\n- Uitvoeren van willekeurige code (gebruikersrechten)\n- Verkrijgen van verhoogde rechten\n- Omzeilen van een beveiligingsmaatregel\n- Toegang tot gevoelige gegevens\n\nDe ernstigste kwetsbaarheden hebben kenmerken CVE-2026-40402, CVE-2026-41089 en CVE-2026-41096 toegewezen gekregen en bevinden zich respectievelijk in Hyper-V, NETLOGON en de DNS Client. De kwetsbaarheid in Hyper-V stelt een geauthenticeerde kwaadwillende in staat om uit de Guest-VM te breken en toegang te krijgen tot geheugen van de host en mogelijk willekeurige code uit te voeren op de host. De kwetsbaarheden in NETLOGON en de DNS Client stellen een ongeauthenticeerde kwaadwillende op afstand in staat om willekeurige code uit te voeren op het kwetsbare systeem.\n\n**Met name Domain Controllers die toegankelijk zijn vanaf externe netwerken lopen een hoog risico voor actief misbruik van de kwetsbaarheid in NETLOGON.**\n\nHet verdient altijd aanbeveling om een systeem met de rol van Domain Controller niet publiek toegankelijk te hebben en, indien dit noodzakelijk is, additionele maatregelen te hebben genomen.\n\n```\nWindows Projected File System: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34340 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34343 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nUndisclosed: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41095 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Remote Desktop: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40398 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41096 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34344 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34345 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35416 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-41088 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33841 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35420 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40369 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41097 | 6.70 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Native WiFi Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32161 | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40408 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34332 | 8.00 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nTelnet Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35423 | 5.40 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Print Spooler Components: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34342 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows SMB Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40410 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Storage Spaces Controller: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35415 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Filtering Platform (WFP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32209 | 4.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Volume Manager Extension Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40380 | 6.20 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40377 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33839 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34330 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34331 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34333 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34347 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40403 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35438 | 8.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40402 | 9.30 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit Control: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32170 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Event Logging Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33834 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Internet Key Exchange (IKE) Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35424 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Netlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41089 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Storport Miniport Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34350 | 6.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40407 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40397 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Cloud Files Mini Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-33835 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34337 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - ICOMP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33840 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35417 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows GDI: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35421 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Rich Text Edit: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-21530 | 6.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34351 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35422 | 6.50 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-40399 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40405 | 7.50 | Denial-of-Service                   | \n| CVE-2026-40406 | 7.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40414 | 7.40 | Denial-of-Service                   | \n| CVE-2026-40415 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-33837 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34334 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40401 | 6.20 | Denial-of-Service                   | \n| CVE-2026-40413 | 7.40 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows LDAP - Lightweight Directory Access Protocol: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34339 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42825 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34338 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40382 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Message Queuing: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34329 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33838 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35419 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42896 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-34336 | 7.80 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Link-Layer Discovery Protocol (LLDP): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34341 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\n```", "creation_timestamp": "2026-05-12T15:52:42.000000Z"}, {"uuid": "16d85321-d8bd-4cb6-8abd-5976b5ccdce8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbi5ak2r", "content": "1/ \ud83d\udd34 Microsoft Patch Tuesday: 138 CVEs. Windows DNS RCE (CVE-2026-41096, CVSS 9.8) hits every Windows machine. Netlogon RCE (CVE-2026-41089) hits domain controllers unauthenticated. Patch BOTH immediately. (Hacker News)", "creation_timestamp": "2026-05-13T18:14:22.969788Z"}, {"uuid": "dd3c1895-808f-44a3-b8ec-edbd8948a467", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbijws2r", "content": "1/ \ud83d\udd34 Microsoft Patch Tuesday: 138 CVEs. Windows DNS RCE (CVE-2026-41096, CVSS 9.8) hits every Windows machine. Netlogon RCE (CVE-2026-41089) hits domain controllers unauthenticated. Patch BOTH immediately. (Hacker News)", "creation_timestamp": "2026-05-13T18:14:24.160459Z"}, {"uuid": "86833db9-b7ce-4808-87b3-9ceece73a0f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbints2r", "content": "1/ \ud83d\udd34 Microsoft Patch Tuesday: 138 CVEs. Windows DNS RCE (CVE-2026-41096, CVSS 9.8) hits every Windows machine. Netlogon RCE (CVE-2026-41089) hits domain controllers unauthenticated. Patch BOTH immediately. (Hacker News)", "creation_timestamp": "2026-05-13T18:23:27.071674Z"}, {"uuid": "aff03e37-cb65-40b2-95b6-523de43664f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mlqvtbiot22r", "content": "1/ \ud83d\udd34 Microsoft Patch Tuesday: 138 CVEs. Windows DNS RCE (CVE-2026-41096, CVSS 9.8) hits every Windows machine. Netlogon RCE (CVE-2026-41089) hits domain controllers unauthenticated. Patch BOTH immediately. (Hacker News)", "creation_timestamp": "2026-05-13T18:24:36.880922Z"}, {"uuid": "fc42aa26-3287-433a-9e21-c7104b3b8d96", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116569903891771438", "content": "Some increased actor activities are shown targeting Microsoft Windows (CVE-2026-41096) https://vuldb.com/vuln/363214/cti", "creation_timestamp": "2026-05-13T23:39:41.189375Z"}, {"uuid": "8fa7bc4a-ab75-4eb2-98ba-a6d025ed407e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://t.me/true_secator/8196", "content": "Microsoft \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u043b\u0430 Patch Tuesday \u0437\u0430 \u043c\u0430\u0439 2026 \u0433\u043e\u0434\u0430 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f\u043c\u0438 \u0434\u043b\u044f 120 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u0432 \u043e\u0442\u043d\u043e\u0448\u0435\u043d\u0438\u0438 0-day \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u0435\u0442\u0441\u044f.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u044b 17 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445\u00bb \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439, 14 \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 RCE, 2 - EoP \u0438 1 - \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0441\u043e \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u043c \u0440\u0430\u0441\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0435\u043c \u043f\u043e \u043a\u0430\u0442\u0435\u0433\u043e\u0440\u0438\u044f\u043c: 61 - EoP, 6 - \u043e\u0431\u0445\u043e\u0434 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, 31 - RCE, 14 - \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438, 8 - DoS \u0438 13 - \u043f\u043e\u0434\u043c\u0435\u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041f\u043e\u043c\u0438\u043c\u043e \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043d\u0435 \u0432\u043a\u043b\u044e\u0447\u0435\u043d\u044b \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432 Mariner, Azure, Copilot, Microsoft Teams \u0438 Microsoft Partner Center, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b Microsoft \u0440\u0430\u043d\u0435\u0435 \u0432 \u044d\u0442\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435, \u0430 \u0442\u0430\u043a\u0436\u0435 - 131 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Microsoft Edge/Chromium.\n\n\u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e Patch Tuesday \u043c\u0438\u043a\u0440\u043e\u043c\u044f\u0433\u043a\u0438\u0435 \u043d\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043a\u0430\u043a\u0438\u0445-\u043b\u0438\u0431\u043e 0-day, \u043e\u0434\u043d\u0430\u043a\u043e \u0438 \u0431\u0435\u0437 \u043d\u0438\u0445 \u0445\u0432\u0430\u0442\u0430\u0435\u0442 \u043f\u0440\u043e\u0431\u043b\u0435\u043c, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0440\u0435\u0431\u0443\u044e\u0442 \u043e\u0441\u043e\u0431\u043e\u0433\u043e \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u044f \u0441\u043e \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439.\n\n\u0421\u0440\u0435\u0434\u0438 \u043d\u0438\u0445 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 Microsoft Office, Word \u0438 Excel, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a RCE, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u043c\u043d\u043e\u0433\u0438\u0435 \u0438\u0437 \u043d\u0438\u0445 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u044b \u0447\u0435\u0440\u0435\u0437 \u043f\u0430\u043d\u0435\u043b\u044c \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0441\u043c\u043e\u0442\u0440\u0430.\n\n\u041a \u0447\u0438\u0441\u043b\u0443 \u0434\u0440\u0443\u0433\u0438\u0445 \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u043e\u0442\u043d\u043e\u0441\u044f\u0442\u0441\u044f:\n\n- CVE-2026-35421: RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Windows GDI, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0436\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c, \u043e\u0442\u043a\u0440\u044b\u0432 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0444\u0430\u0439\u043b Enhanced Metafile (EMF) \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e Microsoft Paint.\n\n- CVE-2026-40365: RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 Microsoft SharePoint Server. \u0410\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u0438\u0442\u044c \u0441\u0435\u0442\u0435\u0432\u0443\u044e \u0430\u0442\u0430\u043a\u0443, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u043a\u043e\u0434 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 SharePoint.\n\n- CVE-2026-41096: RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043a\u043b\u0438\u0435\u043d\u0442\u0435 Windows DNS. \u041a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0439 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c DNS-\u0441\u0435\u0440\u0432\u0435\u0440 \u043c\u043e\u0436\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 DNS-\u043e\u0442\u0432\u0435\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 Windows, \u0447\u0442\u043e \u043f\u0440\u0438\u0432\u0435\u0434\u0435\u0442 \u043a \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043e\u0442\u0432\u0435\u0442\u0430 \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u043c DNS \u0438 \u043f\u043e\u0432\u0440\u0435\u0436\u0434\u0435\u043d\u0438\u044e \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043a\u043e\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435.\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0432\u0448\u0438\u0439 \u0432 \u043f\u0440\u043e\u0448\u043b\u043e\u043c \u043c\u0435\u0441\u044f\u0446\u0435 0-day BlueHammer \u0438 RedSun \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c Nightmare Eclipse \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 \u043e\u0431 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0434\u0432\u0443\u0445 \u043d\u0443\u043b\u0435\u0439 \u0432 Windows \u0441\u043f\u0443\u0441\u0442\u044f \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043c\u0438\u043d\u0443\u0442 \u043f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0441\u0432\u043e\u0439 Patch Tuesday.\n\n\u041e\u043d\u0438 \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0442 \u0432 \u0441\u0435\u0431\u044f \u043e\u0448\u0438\u0431\u043a\u0443 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c GreenPlasma \u0438 \u043e\u0448\u0438\u0431\u043a\u0443 \u043e\u0431\u0445\u043e\u0434\u0430 BitLocker \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c YellowKey.\n\n\u041f\u043e\u043b\u043d\u043e\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043a\u0430\u0436\u0434\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0438 \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0435\u044e \u0441\u0438\u0441\u0442\u0435\u043c - \u0437\u0434\u0435\u0441\u044c.", "creation_timestamp": "2026-05-13T10:30:06.000000Z"}, {"uuid": "22b4e75f-ac12-4a83-8142-6bbdc20bce81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116573363485008554", "content": "\ud83d\udcf0 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE\nMicrosoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! \ud83d\udea8 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! \u2705 #PatchTuesday\n\ud83d\udd17 https://cyber.netsecops.io/articles/microsofts-may-2026-patch-tuesday-fixes-137-vulnerabilities/?utm_source=mastodon&utm_medium=social&utm_campaign=daily", "creation_timestamp": "2026-05-14T14:26:31.631861Z"}, {"uuid": "97ae5392-0402-471f-96e1-b816053ddba2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mlsahjk7we2z", "content": "CVE-2026-41096: Critical Windows DNS Client Heap Overflow \u2013 Remote Code Execution via Rogue DNS Responses +\u00a0Video\n\nIntroduction The Windows DNS Client service (dnscache) quietly handles every domain name resolution on a Windows machine, from browser lookups to background update checks. A newly\u2026", "creation_timestamp": "2026-05-14T06:57:12.324008Z"}, {"uuid": "f11b5920-adbb-411e-8a8f-932d78f52d38", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/obivan.infosec.exchange.ap.brid.gy/post/3mlsaj7iee552", "content": "Windows DNS client RCE (CVE-2026-41096) https://hackingpassion.com/windows-dns-rce-2026/", "creation_timestamp": "2026-05-14T06:58:14.584350Z"}, {"uuid": "1075e51f-05ba-4c30-942e-7970b301ee45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mltruzpb4i2m", "content": "Windows \u306e DNS \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8106\u5f31\u6027\u304c\u30b7\u30b9\u30c6\u30e0\u3092\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306b\u6652\u3059\n\n\u4e16\u754c\u4e2d\u306e Windows \u30b7\u30b9\u30c6\u30e0\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u306e\u64cd\u4f5c\u306a\u3057\u306b\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\u3059\u308b\u53ef\u80fd\u6027\u306e\u3042\u308bWindows DNS \u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u306e\u65b0\u3057\u3044\u91cd\u5927\u306a\u8106\u5f31\u6027\u304b\u3089\u30ea\u30b9\u30af\u306b\u3055\u3089\u3055\u308c\u3066\u3044\u307e\u3059\u3002 CVE-2026-41096 \u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u308b\u3053\u306e\u8106\u5f31\u6027\u306f\u91cd\u5927\u3068\u8a55\u4fa1\u3055\u308c\u3001CVSS \u30d9\u30fc\u30b9\u30b9\u30b3\u30a2\u306f 9.8 \u3067\u3059\u3002Microsof", "creation_timestamp": "2026-05-14T21:41:37.850941Z"}, {"uuid": "8729cf5e-f411-4866-831a-fe0f2c34ec09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://t.me/GithubRedTeam/84294", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a DNS-Mayhem-CVE-2026-41096-Deep-Dive\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mrk336\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-15 07:53:27\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nIn\u2011depth technical analysis of CVE\u20112026\u201141096, a critical heap overflow in Windows DNSAPI.dll enabling remote code execution via crafted DNS responses. Includes attack vectors, patch insights, and defensive guidance for security teams.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-15T08:00:04.000000Z"}, {"uuid": "2c5e3c51-87fe-4f0a-ab48-5e1a488924b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://t.me/bdufstecru/3171", "content": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 DNS Client \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434\n\nBDU:2026-06863\nCVE-2026-41096\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096", "creation_timestamp": "2026-05-18T14:16:08.000000Z"}, {"uuid": "38965abc-268e-4390-9598-cf1bfebad8a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "published-proof-of-concept", "source": "Telegram/q3bZ7dzwt6XdRM-jyUWUHYQhep0OmyjD4PHNSw542P5jdgA", "content": "", "creation_timestamp": "2026-05-15T15:00:07.000000Z"}, {"uuid": "08751e55-eaba-40f3-a0fb-335b5fe927f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1878", "content": "", "creation_timestamp": "2026-05-19T21:00:00.000000Z"}, {"uuid": "b05b4ac5-9b47-48b4-a9e0-06dcbec3e615", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-41091", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/585a485a-b1a5-49e8-8e94-9e2a71a3efb4", "content": "", "creation_timestamp": "2026-05-20T18:00:02.776965Z"}, {"uuid": "13120046-d1bf-42f0-9912-76abcfdcc273", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3h6v5lm2e", "content": "\ud83d\udd17 CVE : CVE-2026-34956, CVE-2026-44431, CVE-2026-46483, CVE-2026-41091, CVE-2026-45498, CVE-2026-45584, CVE-2026-34956, CVE-2026-41091, CVE-2026-44431, CVE-2026-45498, CVE-2026-45584, CVE-2026-46483", "creation_timestamp": "2026-05-20T14:10:08.030498Z"}, {"uuid": "874f59e7-a23f-40ed-bd14-45946c55f08a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmc5rjgfuc2n", "content": "CVE-2026-41091 - Microsoft Defender Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-41091\n \n Published : May 20, 2026, 1:16 p.m. | 58\u00a0minutes ago\n \n Description : Improper link resolution before file access ('link following') in Microsoft Defender allows an authorized a...", "creation_timestamp": "2026-05-20T14:51:41.613452Z"}, {"uuid": "bc5f695b-0412-44fb-9cc1-a687081dfb67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mmcpa3cyoa2e", "content": "~Cisa~\nCISA added seven actively exploited vulnerabilities to the KEV catalog, urging immediate remediation.\n-\nIOCs: CVE-2026-41091, CVE-2026-45498\n-\n#CISA #KEV #ThreatIntel #Vulnerability", "creation_timestamp": "2026-05-20T20:04:04.591235Z"}, {"uuid": "4a5a74e9-ef1b-452f-989c-bafbd7967874", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mmeblgq6r22p", "content": "Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/05/21/m...\n\n#cybersecurity #cybersecuritynews #vulnerability #vulnerabilitydisclosure #Windows @microsoft.com", "creation_timestamp": "2026-05-21T11:05:16.709010Z"}, {"uuid": "89ca344b-f352-48a9-b054-7141bf4d8562", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://infosec.exchange/users/secdb/statuses/116608677530202595", "content": "\ud83d\udea8 [CISA-2026:0520] CISA Adds 7 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0520)\nCISA has added 7 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.\n\u26a0\ufe0f CVE-2008-4250 (https://secdb.nttzen.cloud/cve/detail/CVE-2008-4250)- Name: Microsoft Windows Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Windows- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-067 ; https://nvd.nist.gov/vuln/detail/CVE-2008-4250\n\u26a0\ufe0f CVE-2009-1537 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-1537)- Name: Microsoft DirectX NULL Byte Overwrite Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: DirectX- Notes: https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-028 ; https://nvd.nist.gov/vuln/detail/CVE-2009-1537\n\u26a0\ufe0f CVE-2009-3459 (https://secdb.nttzen.cloud/cve/detail/CVE-2009-3459)- Name: Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Adobe- Product: Acrobat and Reader- Notes: https://www.cisa.gov/news-events/alerts/2009/10/13/adobe-reader-and-acrobat-vulnerabilities ; https://web.archive.org/web/20120324170253/http://www.adobe.com/support/security/bulletins/apsb09-15.html#:~:text=CVE%2D2009%2D3459).-,NOTE%3A,-There%20are%20reports ; https://nvd.nist.gov/vuln/detail/CVE-2009-3459\n\u26a0\ufe0f CVE-2010-0249 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0249)- Name: Microsoft Internet Explorer Use-After-Free Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Internet Explorer- Notes: https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/979352 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0249\n\u26a0\ufe0f CVE-2010-0806 (https://secdb.nttzen.cloud/cve/detail/CVE-2010-0806)- Name: Microsoft Internet Explorer Use-After-Free Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Internet Explorer- Notes: https://learn.microsoft.com/en-us/security-updates/securityadvisories/2010/981374 ; https://nvd.nist.gov/vuln/detail/CVE-2010-0806\n\u26a0\ufe0f CVE-2026-41091 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-41091)- Name: Microsoft Defender Link Following Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Defender- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41091 ; https://nvd.nist.gov/vuln/detail/CVE-2026-41091\n\u26a0\ufe0f CVE-2026-45498 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45498)- Name: Microsoft Defender Denial of Service Vulnerability- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.- Known To Be Used in Ransomware Campaigns? Unknown- Vendor: Microsoft- Product: Defender- Notes: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-45498 ; https://nvd.nist.gov/vuln/detail/CVE-2026-45498\n#SecDB #InfoSec #CVE #CISA_KEV #cisa_20260520 #cisa20260520 #cve_2008_4250 #cve_2009_1537 #cve_2009_3459 #cve_2010_0249 #cve_2010_0806 #cve_2026_41091 #cve_2026_45498 #cve20084250 #cve20091537 #cve20093459 #cve20100249 #cve20100806 #cve202641091 #cve202645498", "creation_timestamp": "2026-05-20T21:13:37.284640Z"}, {"uuid": "c345dc7e-f5a5-4abf-bd8f-d8250b666143", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/microsoft-security-advisory-av26-489", "content": "", "creation_timestamp": "2026-05-20T10:16:09.000000Z"}, {"uuid": "f99c33d3-cf07-4b4c-91f7-36331032b442", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/microsoft-defender-multiple-vulnerabilities_20260521", "content": "", "creation_timestamp": "2026-05-20T18:00:00.000000Z"}, {"uuid": "a6643f2f-b43f-4402-b435-27b8863b1dc5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41091", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mmdyvqqkcx2w", "content": "\ud83d\udcf0 Microsoft Tambal Dua Celah Zero-Day Kritis pada Windows Defender yang Aktif Dieksploitasi\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/05/21/microsoft-tambal-dua-zero-day-defender-dieksploitasi/\n\n#beritaTeknologi #cisaKevCatalog #cve-2026-41091 #cve-2026-45498 #denialOfService", "creation_timestamp": "2026-05-21T08:29:54.226301Z"}, {"uuid": "262f8622-8214-49a7-a566-217959c6b1ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html", "content": "Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.\n\nThe former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacker to gain SYSTEM privileges.\n\n\"Improper link resolution before file access ('link following') in Microsoft Defender", "creation_timestamp": "2026-05-21T08:55:57.000000Z"}, {"uuid": "e425d125-c47e-4ba4-acf7-9688175ad0be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/kautious.com/post/3mmekbv63v22d", "content": "Worth noting: the Anthropic compute story traces to The Information. On the risk side, watch the named Defender CVEs (CVE-2026-41091/45498) and Microsoft\u2019s Mini Shai-Hulud npm supply-chain analysis targeting antv packages.", "creation_timestamp": "2026-05-21T13:41:22.131641Z"}, {"uuid": "b09ea93b-f289-4fae-b962-3d3c9d8aa9ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://www.acn.gov.it/portale/w/microsoft-rilevato-sfruttamento-attivo-di-nuove-vulnerabilita", "content": "", "creation_timestamp": "2026-05-21T02:11:49.000000Z"}, {"uuid": "c92b2c0d-829f-450b-9238-fcdc88b104a9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mmebwpqnuq27", "content": "Microsoft Defender\u306e\u8106\u5f31\u6027\u304c\u91ce\u751f\u3067\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\uff08CVE-2026-41091\u3001CVE-2026-45498\uff09\n\n\u653b\u6483\u8005\u304cMicrosoft Defender\u306e2\u3064\u306e\u8106\u5f31\u6027\uff08CVE-2026-41091\u304a\u3088\u3073CVE-2026-45498\uff09\u3092\u60aa\u7528\u3057\u3066\u304a\u308a\u3001Microsoft\u306f\u3053\u308c\u3092\u8a8d\u3081\u3001CISA\u306f\u305d\u308c\u3089\u3092\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u8106\u5f31\u6027\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0\u3059\u308b\u3053\u3068\u3067\u78ba\u8a8d\u3057\u307e\u3057\u305f\u3002 \u8106\u5f31\u6027\u306b\u3064\u3044\u3066 CVE-2026-41091\u306f\u30ed\u30fc\u30ab\u30eb\u6a29\u9650\u6607\u683c", "creation_timestamp": "2026-05-21T11:11:30.362814Z"}, {"uuid": "e3bfc95b-528c-433d-a2fa-d54a8dc38ddb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmecyfedqo2y", "content": "Microsoft patched two exploited zero-days in Defender: CVE-2026-41091, a local privilege escalation to SYSTEM, and CVE-2026-45498, a denial-of-service flaw. CISA added both to KEV. #MicrosoftDefender #CVE202641091 #CVE202645498", "creation_timestamp": "2026-05-21T11:30:20.838492Z"}, {"uuid": "1e2810bf-897d-4e69-a902-d8f92bc5672b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mmeeo7mnce2q", "content": "Microsoft patched two actively exploited Defender zero-days, CVE-2026-41091 and CVE-2026-45498. One can grant SYSTEM privileges, while the other can trigger DoS on unpatched Windows devices. #MicrosoftDefender #CISA #Windows \u0627\u0644\u0623\u0645\u0646\u064a\u0629", "creation_timestamp": "2026-05-21T12:00:27.584062Z"}, {"uuid": "4e0a88ea-6688-408f-86f4-8541d6ccc460", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://t.me/true_secator/8228", "content": "Microsoft \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430 \u043e \u043d\u043e\u0432\u044b\u0445 \u0434\u0432\u0443\u0445 0-day \u0432 Defender, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0437\u0430\u0434\u0435\u0439\u0441\u0442\u0432\u0443\u0435\u0442\u0441\u044f \u0432 \u0430\u0442\u0430\u043a\u0430\u0445.\n\n\u041f\u0435\u0440\u0432\u0430\u044f, CVE-2026-41091, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0443\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0449\u0443\u044e Microsoft Malware Protection Engine 1.1.26030.3008 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0432\u043e\u0437\u043d\u0438\u043a\u0430\u0435\u0442 \u0438\u0437-\u0437\u0430 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0440\u0435\u0448\u0435\u043d\u0438\u044f \u0441\u0441\u044b\u043b\u043e\u043a \u043f\u0435\u0440\u0435\u0434 \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a \u0444\u0430\u0439\u043b\u0443 (\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f \u043f\u043e \u0441\u0441\u044b\u043b\u043a\u0430\u043c), \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u043d\u044b\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438.\n\n\u0412\u0442\u043e\u0440\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2026-45498) \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Microsoft Defender Antimalware Platform 4.18.26030.3011 \u0438 \u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u043d\u043d\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u0439, \u043d\u0430\u0431\u043e\u0440\u0430 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 Microsoft System Center Endpoint Protection, System Center 2012 R2 Endpoint Protection, System Center 2012 Endpoint Protection \u0438 Security Essentials.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c Microsoft, \u0443\u0441\u043f\u0435\u0448\u043d\u0430\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c DoS \u043d\u0430 \u043d\u0435\u0437\u0430\u0449\u0438\u0449\u0435\u043d\u043d\u044b\u0445 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u0445 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c Windows.\n\nMicrosoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0435\u0440\u0441\u0438\u0438 1.1.26040.8 \u0438 4.18.26040.7 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b Malware Protection Engine \u0434\u043b\u044f \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0438 \u0434\u043e\u0431\u0430\u0432\u0438\u043b\u0430, \u0447\u0442\u043e \u043a\u043b\u0438\u0435\u043d\u0442\u0430\u043c \u043d\u0435 \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c \u043d\u0438\u043a\u0430\u043a\u0438\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u0434\u043b\u044f \u0437\u0430\u0449\u0438\u0442\u044b \u0441\u0432\u043e\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u00ab\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043f\u043e \u0443\u043c\u043e\u043b\u0447\u0430\u043d\u0438\u044e \u0432 \u0430\u043d\u0442\u0438\u0432\u0438\u0440\u0443\u0441\u043d\u043e\u043c \u041f\u041e Microsoft \u043f\u043e\u043c\u043e\u0433\u0430\u0435\u0442 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0431\u0430\u0437 \u0434\u0430\u043d\u043d\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e \u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows Defender Antimalware Platform.\n\n\u041e\u0434\u043d\u0430\u043a\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0432\u0441\u0435 \u0436\u0435 \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u043d\u0430\u0441\u0442\u0440\u043e\u0435\u043d\u0430 \u043b\u0438 \u0430\u0432\u0442\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u0438\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u041f\u041e \u0434\u043b\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Windows Defender, \u0438 \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f \u0432 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0412\u0447\u0435\u0440\u0430 \u0430\u043c\u0435\u0440\u0438\u043a\u0430\u043d\u0441\u043a\u0430\u044f CISA \u0442\u0430\u043a\u0436\u0435 \u043f\u0440\u0438\u0437\u0432\u0430\u043b\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0442\u044c \u0437\u0430\u0449\u0438\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c Windows \u043e\u0442 \u0434\u0432\u0443\u0445 0-day \u0432 Microsoft Defender, \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u0432, \u0447\u0442\u043e \u043e\u043d\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438. \u0421\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e, \u0432\u043d\u0435\u0441\u043b\u0430\u00a0\u0438\u0445 \u0432 \u0441\u0432\u043e\u0439 \u043a\u0430\u0442\u0430\u043b\u043e\u0433 (KEV).", "creation_timestamp": "2026-05-21T14:44:32.000000Z"}, {"uuid": "a189bc8c-76d9-4478-8704-fdc86b14e05d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/bitnewsbot.bsky.social/post/3mmeoy56j7z2j", "content": "Two actively exploited vulnerabilities in Microsoft Defender, CVE-2026-41091 and CVE-2026-45498, have been patched according to an advisory dated May 21, [\u2026]", "creation_timestamp": "2026-05-21T15:04:57.164692Z"}, {"uuid": "3be64f85-c77f-43ce-a3aa-ba9746809746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://infosec.exchange/ap/users/116025545744531578/statuses/116612467967333188", "content": "\ud83d\udd34 SonicWall Gen6 SSL-VPN MFA bypass is being exploited through CVE-2024-12802 after incomplete LDAP remediation, with ransomware tooling observed.\n\ud83d\udd34 Microsoft Defender CVE-2026-41091 and CVE-2026-45498 are now in CISA KEV after confirmed exploitation.\nCheck VPN auth logs and verify Defender platform and engine versions.solomonneas.dev/intel\n#CyberSecurity #ThreatIntel #CISA #VPN", "creation_timestamp": "2026-05-21T15:18:46.948164Z"}, {"uuid": "920ec2a5-dfff-4943-a435-bc60260d2530", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mmeqcqorryq2", "content": "CISA Adds Two Exploited Microsoft Defender Zero-Days to KEV Microsoft Defender is actively being exploited via two zero-days, CVE-2026-41091 and CVE-2026-45498, which CISA added to its KEV catalog ...\n\n#Cybersecurity #CVE #Vulnerability #Alerts [\u2026] \n\n[Original post on dailysecurityreview.com]", "creation_timestamp": "2026-05-21T15:28:49.458328Z"}, {"uuid": "f020faff-e3c2-48a4-9c66-f386a734da91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116614160241192927", "content": "\ud83d\udcf0 Warning: Microsoft Defender Flaws Actively Exploited to Gain SYSTEM Privileges\n\u26a0\ufe0f ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/microsoft-defender-vulnerabilities-actively-exploited-for-privilege-escalati\u2026", "creation_timestamp": "2026-05-21T19:14:34.159250Z"}, {"uuid": "a94485e9-df67-4501-be6d-8cbaf07a05cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/85279", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41091\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a 0xBlackash\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C++\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-21 19:28:49\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-41091\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-21T20:00:06.000000Z"}, {"uuid": "750c21cf-174e-4f09-b3be-9928ffb02fa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mmf4xa64nm2h", "content": "\u26a0\ufe0f ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-05-21T19:14:59.206516Z"}, {"uuid": "d0872cea-d7dd-4896-b763-743566c290fc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/cocanews.bsky.social/post/3mmgebhad222p", "content": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u3001Defender\u306e\u60aa\u7528\u3055\u308c\u305f\u30bc\u30ed\u30c7\u30a4\u3092\u4fee\u6b63\uff08CVE-2026-41091\u3001CVE-2026-45498\uff09 | Codebook\uff5cSecurity News\n\nhttps://www.wacoca.com/news/2843035/\n\n\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u3001Defender\u306e\u60aa\u7528\u3055\u308c\u305f\u30bc\u30ed\u30c7\u30a4RedSun\u3068UnDefend\u3092\u4fee\u6b63\uff08CVE-2026-41091\u3001CVE-2026-45498\uff09 SecurityWeek \u2013 May 21, 2026 \u30de\u30a4\u30af\u30ed\u30bd\u30d5 [...]", "creation_timestamp": "2026-05-22T06:58:37.984652Z"}, {"uuid": "ad6d3031-1785-4d31-9528-d1dc4a195ef8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/jussimetso.com/post/3mmgjkz2z6k25", "content": "There are 2 Zero-day vulnerabities in Microsoft Defender! CVE-2026-41091 and CVE-2026-45498 impacting to impact Microsoft Defender\u2019s Malware Protection Engine and Antimalware Platform. www.linkedin.com/pulse/warnin...", "creation_timestamp": "2026-05-22T08:33:27.923516Z"}, {"uuid": "efa8730f-b31d-430a-baef-eddac57c1939", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmfvchcwo22h", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 64 interactions\nCVE-2026-45250: 63 interactions\nCVE-2026-42897: 43 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-45250: 63 interactions\nCVE-2026-41091: 8 interactions\nCVE-2026-45498: 8 interactions\n", "creation_timestamp": "2026-05-22T02:30:46.273137Z"}, {"uuid": "9a40dc29-1985-48d0-85f8-cbaf9de306cc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "Telegram/jiZx2KVeoyFQFLEzwG_O_yzJtDlSLZKc89oI7xVvPAIu4g", "content": "", "creation_timestamp": "2026-05-21T12:31:26.000000Z"}, {"uuid": "78c6fc31-d4cc-41ad-bd8f-70b40eac2a63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mmgajxmtikzj", "content": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8\u3001Defender\u306e\u60aa\u7528\u3055\u308c\u305f\u30bc\u30ed\u30c7\u30a4\u3092\u4fee\u6b63\uff08CVE-2026-41091\u3001CVE-2026-45498\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45741/", "creation_timestamp": "2026-05-22T05:52:28.325210Z"}, {"uuid": "79148938-402d-4fa5-a2db-8d56a56f1989", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/guardian360.bsky.social/post/3mmgl2qrcwk2e", "content": "Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.\n\nThe former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system.", "creation_timestamp": "2026-05-22T09:00:09.953217Z"}, {"uuid": "0085f111-9c87-40fe-b3e4-92f47cfed0de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41090", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=1886", "content": "", "creation_timestamp": "2026-05-21T21:00:00.000000Z"}, {"uuid": "1c59ffa5-532d-4679-b074-807e0b4151e9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://bsky.app/profile/kubonai.bsky.social/post/3mmhbv6nolm2s", "content": "Microsoft May 2026 Patch Tuesday: 138 CVEs Including Critical DNS & Netlogon RCE\n\nMicrosoft's May 2026 Patch Tuesday fixes 138 vulnerabilities including CVE-2026-41096 (CVSS 9.8 DNS heap overf...\n\n\ud83d\udd17 https://ipsec.live/blog/2026-05-22-microsoft-may-2026-patch-tuesday\n\n#infosec #cybersecurity", "creation_timestamp": "2026-05-22T15:48:42.708609Z"}, {"uuid": "4bfd5933-7478-48e9-81a2-28617959bd80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmgu44wxfs2g", "content": "Microsoft Warns of Two Actively Exploited Defender Vulnerabilities\n\nMicrosoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild.\n\nThe former, tracked as CVE-2026-41091, is rated 7.8 on the C\u2026\n#hackernews #microsoft #news", "creation_timestamp": "2026-05-22T11:41:59.551077Z"}, {"uuid": "68c87199-89bf-4354-8acc-a33fd9139637", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mmgvb62utk2g", "content": "Microsoft Defender vulnerabilities exploited in the wild (CVE-2026-41091, CVE-2026-45498)\n\nAttackers are exploiting two Microsoft Defender vulnerabilities (CVE-2026-41091 and CVE-2026-45498), Microsoft acknowledged and CISA confirmed by adding them to its Known Exploite\u2026\n#hackernews #microsoft #news", "creation_timestamp": "2026-05-22T12:02:42.100752Z"}, {"uuid": "6d709b18-1b99-41fc-b253-a635a3f61d97", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41090", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mmimhgj3wo2p", "content": "Microsoft 365 Copilot for iOS hit by CRITICAL command injection (CVSS 9.3). Cloud service updated server-side \u2014 verify your instance is protected! Full details: https://radar.offseq.com/threat/cve-2026-41090-cwe-77-improper-neutralization-of-s-c8e983a4 #OffSeq #Microsoft #CVE202641090", "creation_timestamp": "2026-05-23T04:30:28.533764Z"}, {"uuid": "dc7bced0-ff1f-46f7-a41b-2b5c0ceebb2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116619811118984669", "content": "\ud83d\udcf0 Warning: Microsoft Defender Flaws Actively Exploited to Gain SYSTEM Privileges\n\u26a0\ufe0f ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow\n\ud83c\udf10 cyber[.]netsecops[.]io\n\ud83d\udd17 https://cyber.netsecops.io/articles/microsoft-defender-vulnerabilities-actively-exploited-for-privilege-escalati\u2026", "creation_timestamp": "2026-05-22T19:11:40.248584Z"}, {"uuid": "599b697b-01b1-4442-a66b-294e23a10f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mmhnbzmjdo2p", "content": "\u26a0\ufe0f ACTIVE EXPLOITATION ALERT: Flaws in Microsoft Defender (CVE-2026-41091, CVE-2026-45498) are being used by attackers to gain SYSTEM privileges and disable AV. Patch the Malware Protection Engine immediately! #CyberSecurity #Vulnerability #PatchNow\n\n\ud83c\udf10 cyber[.]netsecops[.]io", "creation_timestamp": "2026-05-22T19:12:40.016808Z"}, {"uuid": "19e5c81a-12a0-4ff8-8c90-ab311ce203ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mmht63ratv2k", "content": "PATCH NOW: Microsoft Defender Zero-Days (CVSS 78) Exploited in Wild \u2014 CISA Issues Urgent Warning +\u00a0Video\n\nIntroduction Microsoft has disclosed two zero-day vulnerabilities in Microsoft Defender that are being actively exploited in the wild. Tracked as CVE-2026-41091 (CVSS 7.8) and CVE-2026-45498\u2026", "creation_timestamp": "2026-05-22T20:57:51.622157Z"}, {"uuid": "3386321d-2f36-4758-91b5-1a92aa671e2b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41090", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116623541879797551", "content": "\ud83d\udea8 CRITICAL: CVE-2026-41090 in Microsoft 365 Copilot for iOS enables remote command injection (CVSS 9.3). Microsoft has patched server-side \u2014 verify your service is up to date. More info: https://radar.offseq.com/threat/cve-2026-41090-cwe-77-improper-neutralization-of-s-c8e983a4 #OffSeq #Microsoft #Vuln #InfoSec", "creation_timestamp": "2026-05-23T11:02:36.428343Z"}, {"uuid": "43205c82-a4c4-485c-a1fd-90ee467a4e1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://t.me/thehackernews/9054", "content": "\ud83d\udea8 Microsoft warns two Defender vulnerabilities are being actively exploited in the wild.\n\nhttps://thehackernews.com/2026/05/microsoft-warns-of-two-actively.html\n\n\ud83d\udd38 CVE-2026-41091 could allow attackers to gain SYSTEM privileges locally.\n\ud83d\udd38 CVE-2026-45498 is a denial-of-service flaw impacting Defender.\n\nCISA added both to KEV with a June 3, 2026 patch deadline.", "creation_timestamp": "2026-05-21T11:51:37.000000Z"}, {"uuid": "ce699aa7-fefe-4a03-9485-c3ae69354938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmmdgkekx226", "content": "\ud83d\udea8 #Vulnerabilidad cr\u00edtica de escalada de privilegios en #Microsoft #Defender (CVE-2026-41091 / CVE-2026-45498) (+MITIGACI\u00d3N) www.newstecnicas.com/2026/05/vuln...", "creation_timestamp": "2026-05-24T15:59:38.952987Z"}, {"uuid": "af7dbcb6-7fae-4784-b5d2-04eecff7827b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmkwa6j64z2e", "content": "Top 3 CVE for last 7 days:\nCVE-2026-45584: 65 interactions\nCVE-2026-45250: 64 interactions\nCVE-2026-46333: 25 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-69: 18 interactions\nCVE-2026-20223: 3 interactions\nCVE-2026-41091: 3 interactions\n", "creation_timestamp": "2026-05-24T02:30:41.902256Z"}, {"uuid": "67fd37d2-155d-4abb-9247-e6d09ef168ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/deafnews-auto.bsky.social/post/3mmmkjexofu2h", "content": "CVE-2026-41091: Microsoft Defender Engine Exploited for SYSTEM Privilege Escalation", "creation_timestamp": "2026-05-24T18:06:24.757220Z"}, {"uuid": "9ee7d488-5592-4e28-981b-65f4d5470043", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/securitylab-jp.bsky.social/post/3mmmzoauhvs2g", "content": "Microsoft\u3001\u30bc\u30ed\u30c7\u30a4 \u8106\u5f31\u6027\u306eRedSun(CVE-2026-41091)\u3068UnDefend(CVE-2026-45498)\u306e\u7dca\u6025\u30d1\u30c3\u30c1\u3092\u516c\u958b\u30fbYellowKey(CVE-2026-45585)\u306f\u300c\u7de9\u548c\u7b56\u306e\u307f\u300d\n\nrocket-boys.co.jp/security-mea...\n\n#\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56Lab #security #securitynews", "creation_timestamp": "2026-05-24T22:37:38.610526Z"}, {"uuid": "c5d1e4a3-e84a-430e-99a8-3feee2435db8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "Telegram/aIPIWoZyEYzzX9nHUVKB1aA0s_e1mj3mQ8Eug10fFDw9pT4", "content": "", "creation_timestamp": "2026-05-24T03:00:05.000000Z"}, {"uuid": "1d028a30-1955-4ef7-8ad1-6481b1956a06", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "https://t.me/GithubRedTeam/85632", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41096-POC\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a satchfunky\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a C\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-24 01:48:41\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nwindows api bug\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-24T02:00:04.000000Z"}, {"uuid": "7d7c1e4e-aaa9-4377-aaef-7e375184ff8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/85620", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026 #POC #Exploit\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41096-POC-trigger-no-exploit-\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a bajoex\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Unknown\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-24 00:37:17\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\npoc of vulnerability\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-24T01:00:03.000000Z"}, {"uuid": "135c2216-b0a7-4ccb-8095-666793f8aed6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "Telegram/EQ-OtrMk-MWFYtaQdS6-MjZwABKlvl-CaVDrJmD_M-e-p2s", "content": "", "creation_timestamp": "2026-05-22T03:00:06.000000Z"}, {"uuid": "a7721f2e-f460-4fdb-940f-05cab930ce91", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "Telegram/hQ1BgqlandqZtiBEN_8bc-Jqb7FATWW_NqNwwco7cLj54NM", "content": "", "creation_timestamp": "2026-05-23T03:00:04.000000Z"}, {"uuid": "c0b20d0c-47a0-4866-995d-99255e921215", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "Telegram/Ob2oA_mupoVDMqE6Q_QCizAK8aYtg6z11DPx_SkAfocJmb0", "content": "", "creation_timestamp": "2026-05-24T21:00:04.000000Z"}, {"uuid": "e1f46ef4-1633-474e-b81e-267d8db09f86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/masuda-bot.jiskey.dev.ap.brid.gy/post/3mmo2mej277d2", "content": "\u65b0\u3057\u3044\u8a18\u4e8b\u304c\u6295\u7a3f\u3055\u308c\u307e\u3057\u305f\n\nMicrosoft Defender\u306e\u7dca\u6025\u30d1\u30c3\u30c1\nRedSun(CVE-2026-41091) \u6a29...\nhttps://anond.hatelabo.jp/20260525172541", "creation_timestamp": "2026-05-25T08:27:17.270274Z"}, {"uuid": "f4453820-b842-47f8-babc-a8412780f14b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41096", "type": "seen", "source": "Telegram/tLTaf5zN9aUn_D8KOi_rgxptZENw0EocHmy4bQpa2VASaD8", "content": "", "creation_timestamp": "2026-05-24T09:00:04.000000Z"}, {"uuid": "7ee107c8-da43-4b92-950c-46f6245c3ff7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://t.me/kasperskyb2b/2193", "content": "\u27a1\ufe0f \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udfe2\u0410\u043d\u0430\u043b\u0438\u0437 \u043d\u043e\u0432\u044b\u0445 \u0430\u0442\u0430\u043a APT Cloud Atlas, \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0445 \u0432 2026 \u0433\u043e\u0434\u0443. \u0426\u0435\u043b\u0438 \u2014 \u0433\u043e\u0441\u0443\u0434\u0430\u0440\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u0438 \u0434\u0438\u043f\u043b\u043e\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 \u0420\u043e\u0441\u0441\u0438\u0438 \u0438 \u0411\u0435\u043b\u043e\u0440\u0443\u0441\u0441\u0438\u0438. \u0426\u0435\u043b\u0435\u0432\u043e\u0439 \u0444\u0438\u0448\u0438\u043d\u0433 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u043b \u043a \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0435 \u0431\u044d\u043a\u0434\u043e\u0440\u0430 VBCloud \u0438 \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u0430 \u0440\u0430\u0437\u0432\u0435\u0434\u043a\u0438 PowerShower, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043c\u043d\u043e\u0433\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0443\u0442\u0438\u043b\u0438\u0442. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430, \u0443\u0441\u0442\u043e\u0439\u0447\u0438\u0432\u0430\u044f \u043a \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044e \u043e\u0442\u0434\u0435\u043b\u044c\u043d\u044b\u0445 \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u043e\u0432 \u0430\u0442\u0430\u043a\u0438. \n\n\ud83d\udfe2APT Calypso/Red Lamassu \u043c\u0438\u043d\u0438\u043c\u0443\u043c \u0441 2022 \u0433\u043e\u0434\u0430 \u0430\u0442\u0430\u043a\u0443\u0435\u0442 \u0442\u0435\u043b\u0435\u043a\u043e\u043c-\u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u043e\u0432 \u0432 \u0410\u0422\u0420 \u0438 \u043d\u0430 \u0411\u043b\u0438\u0436\u043d\u0435\u043c \u0412\u043e\u0441\u0442\u043e\u043a\u0435 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0440\u0430\u043d\u0435\u0435 \u043d\u0435\u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u0433\u043e \u0412\u041f\u041e \u0434\u043b\u044f Linux \u0438 Windows. \u0418\u043c\u043f\u043b\u0430\u043d\u0442 Showboat \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0441\u043e\u0431\u043e\u0439 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0439 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a \u043f\u043e\u0441\u0442\u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u044b, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0444\u0430\u0439\u043b\u043e\u0432\u044b\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0438 \u043e\u0434\u043d\u043e\u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043a\u0430\u043a SOCKS5-\u043f\u0440\u043e\u043a\u0441\u0438  \n\n\ud83d\udfe2\u0423\u0433\u0440\u043e\u0437\u044b \u0434\u043b\u044f \u041f\u041a \u0437\u0430 1 \u043a\u0432\u0430\u0440\u0442\u0430\u043b 2026 \u0433\u043e\u0434\u0430: \u0431\u044b\u043b\u043e \u0437\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043f\u043e\u0447\u0442\u0438 3000 \u043d\u043e\u0432\u044b\u0445 \u043c\u043e\u0434\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0439 \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u041f\u041e, \u0430 \u043e\u0442 \u0430\u0442\u0430\u043a \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 77 \u0442\u044b\u0441\u044f\u0447 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439. \u041d\u0430 Clop \u043f\u0440\u0438\u0448\u043b\u043e\u0441\u044c 14% \u0432\u0441\u0435\u0445 \u0436\u0435\u0440\u0442\u0432, \u0447\u044c\u0438 \u0434\u0430\u043d\u043d\u044b\u0435 \u0431\u044b\u043b\u0438 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u043d\u0430 \u0441\u0430\u0439\u0442\u0430\u0445 \u0443\u0442\u0435\u0447\u0435\u043a \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043e\u043a \u0437\u0430 \u044d\u0442\u043e\u0442 \u043f\u0435\u0440\u0438\u043e\u0434.\n\n\ud83d\udd35APT Webworm \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0439 \u0433\u043e\u0434 \u0440\u0430\u0441\u0448\u0438\u0440\u0438\u043b\u0430 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0438\u0437 \u0410\u0437\u0438\u0438 \u0432 \u0415\u0432\u0440\u043e\u043f\u0443. \u0412 \u0440\u044f\u0434\u0435 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0433\u0440\u0443\u043f\u043f\u0430 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430 Discord \u0438 API MS Graph \u043a\u0430\u043a C2-\u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0443.\n\n\ud83d\udd35\u0420\u0430\u0437\u0431\u043e\u0440 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0435 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0435 \u043f\u0440\u0435\u0434\u043f\u0440\u0438\u044f\u0442\u0438\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 TencShell, \u0440\u0430\u043d\u0435\u0435 \u043d\u0435 \u043e\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0433\u043e \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043d\u0430 Go, \u0438\u0437\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043d\u0430 \u0431\u0430\u0437\u0435 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e C2-\u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0430 Rshell.   \u0418\u043c\u043f\u043b\u0430\u043d\u0442 \u043c\u043e\u0434\u0443\u043b\u044c\u043d\u044b\u0439 \u0438 \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u043f\u0430\u043c\u044f\u0442\u0438, \u0446\u0435\u043b\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0445 \u043d\u0435 \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b. \n\n\ud83d\udfe3\u0420\u0430\u0437\u0431\u043e\u0440 TTPs APT44 \u043d\u0430 \u043f\u0440\u0438\u043c\u0435\u0440\u0435 10 \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u044b\u0445 \u043e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u0439, \u0433\u0434\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u0437\u0430\u0434\u0435\u0442\u0435\u043a\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u0432 \u043f\u0435\u0440\u0438\u043e\u0434 \u0441 \u0438\u044e\u043b\u044f 2025 \u0433\u043e\u0434\u0430 \u043f\u043e \u044f\u043d\u0432\u0430\u0440\u044c 2026. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043e\u0442\u043c\u0435\u0447\u0430\u044e\u0442 \u043f\u0440\u0438\u0432\u0435\u0440\u0436\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0433\u0440\u0443\u043f\u043f\u044b \u0434\u0430\u0432\u043d\u043e \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u043e\u043c\u0443 \u0412\u041f\u041e, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438  \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u044f \u043f\u0440\u0438\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u044f \u0432 \u0441\u0435\u0442\u044f\u0445 \u0418\u0422 \u0438 \u041e\u0422 \u043f\u0440\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u0438 \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u044f.\n \n\ud83d\udfe3\u0420\u0430\u0437\u0431\u043e\u0440 \u0412\u041f\u041e ZionSiphon, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u043d\u0430\u0440\u0443\u0448\u0430\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 \u0441\u0438\u0441\u0442\u0435\u043c \u0432\u043e\u0434\u043e\u043e\u0447\u0438\u0441\u0442\u043a\u0438 \u0438 \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0441\u043e\u0437\u0434\u0430\u043d\u043e \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0418\u0418-\u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u043e\u0432. \u041d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0433\u0435\u043e\u0442\u0430\u0440\u0433\u0435\u0442\u0438\u043d\u0433\u0430 \u043d\u0438\u043a\u043e\u0433\u0434\u0430 \u043d\u0435 \u0434\u0430\u044e\u0442 \u0412\u041f\u041e \u0441\u0440\u0430\u0431\u043e\u0442\u0430\u0442\u044c, \u0430 \u0440\u0430\u0431\u043e\u0442\u0430 \u0441 \u0410\u0421\u0423 \u0422\u041f \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u043d\u0430 \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u043d\u043e \u0438 \u043d\u0435 \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u043c \u044d\u0444\u0444\u0435\u043a\u0442\u0430\u043c, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0412\u041f\u041e \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0441\u044f.\n\n\ud83d\udfe3Microsoft \u043f\u0440\u0435\u0441\u0435\u043a\u043b\u0430 \u0434\u0435\u044f\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c SignSpaceCloud, \u0441\u0435\u0440\u0432\u0438\u0441\u0430 signing-as-a-service, \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0433\u043e \u043a\u0430\u043a Fox Tempest, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0441 \u043c\u0430\u044f 2025 \u0433\u043e\u0434\u0430 \u043f\u0440\u043e\u0434\u0430\u0432\u0430\u043b \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u044b \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043a\u043e\u0434\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0430\u043c \u0412\u041f\u041e. \u0421\u0440\u0435\u0434\u0438 \u00ab\u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432\u00bb \u2014 \u043e\u043f\u0435\u0440\u0430\u0442\u043e\u0440\u044b \u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0435\u0439 Rhysida, INC, Qilin \u0438 Akira, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0433\u0440\u0443\u043f\u043f\u044b, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0438\u043d\u0444\u043e\u0441\u0442\u0438\u043b\u0435\u0440\u044b.\n\n\ud83d\udd35\u042d\u043f\u0438\u0434\u0435\u043c\u0438\u044e \u0430\u0442\u0430\u043a \u043d\u0430 \u0446\u0435\u043f\u043e\u0447\u043a\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u043e\u043a \u0443\u0436\u0435 \u0432\u043f\u043e\u0440\u0443 \u043d\u0430\u0437\u044b\u0432\u0430\u0442\u044c \u0447\u0443\u043c\u043e\u0439. \u0421\u0440\u0435\u0434\u0438 \u0440\u0435\u0437\u043e\u043d\u0430\u043d\u0441\u043d\u044b\u0445 \u0436\u0435\u0440\u0442\u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445 \u043d\u0435\u0434\u0435\u043b\u044c: AntV (Alibaba), DurableTask (Microsoft), Nx Console, Grafana, TanStack, \u0438 \u043d\u0430 \u0437\u0430\u043a\u0443\u0441\u043a\u0443 \u0441\u0430\u043c GitHub.\n\n\ud83d\udd35\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u0430\u0442\u0430\u043a APT Storm-2949, \u0432 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u0438\u0437\u0432\u043b\u0435\u043a\u0430\u044e\u0442 \u0446\u0435\u043d\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435 \u0438\u0437 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0445 \u0441\u0440\u0435\u0434 Microsoft, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044f \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0435 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f SaaS \u0438 PaaS. \n\n\ud83d\udfe3\u0412\u044b\u0448\u043b\u0438 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u044b\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 \u0437\u0438\u0440\u043e\u0434\u0435\u0435\u0432 \u0432 Defender, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u044b \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445: \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 (CVE-2026-41091) \u0438 DoS (CVE-2026-45498).\n\n\ud83d\udfe3\u0422\u0430\u043a\u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u044e\u0442 \u0437\u0438\u0440\u043e\u0434\u0435\u0439 \u0432 Microsoft Exchange Outlook Web Access (CVE-2026-42897), \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u0440\u0438 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0451\u043d\u043d\u044b\u0445 \u0443\u0441\u043b\u043e\u0432\u0438\u044f\u0445 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 JavaScript \u0432 \u043f\u043e\u0447\u0442\u043e\u0432\u044b\u0445 \u044f\u0449\u0438\u043a\u0430\u0445 OWA. Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0437\u0430\u0449\u0438\u0442\u044b, \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u043f\u0430\u0442\u0447  \u043d\u0435 \u0433\u043e\u0442\u043e\u0432.\n\n\ud83d\udd34\u0417\u0430\u043d\u0438\u043c\u0430\u0442\u0435\u043b\u044c\u043d\u0430\u044f \u043f\u0430\u043b\u0435\u043e\u043d\u0442\u043e\u043b\u043e\u0433\u0438\u044f: \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u043e\u0432 \u0440\u0430\u0431\u043e\u0442\u044b Fast16, \u0434\u0432\u043e\u044e\u0440\u043e\u0434\u043d\u043e\u0433\u043e \u0431\u0440\u0430\u0442\u0430 Stuxnet. \u042d\u0442\u043e \u0412\u041f\u041e \u0431\u044b\u043b\u043e \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043e \u043d\u0430 \u041f\u041e LS-DYNA \u0438 Autodyn, \u0438 \u0441\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b\u043e \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u0438 \u043c\u043e\u0434\u0435\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0438 \u044f\u0434\u0435\u0440\u043d\u044b\u0445 \u0432\u0437\u0440\u044b\u0432\u043e\u0432. \u0420\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u044b \u043f\u043e\u0434\u0441\u0447\u0451\u0442\u043e\u0432 \u043f\u043e\u0434\u043c\u0435\u043d\u044f\u043b\u0438\u0441\u044c \u043d\u0430 \u043b\u0435\u0442\u0443, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u044f, \u0447\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043f\u043b\u043e\u0442\u043d\u043e\u0441\u0442\u044c \u044f\u0434\u0435\u0440\u043d\u043e\u0433\u043e \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430 \u043d\u0435 \u0434\u043e\u0441\u0442\u0438\u0433\u043d\u0443\u0442\u0430.  \u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u0443\u0432\u0435\u0440\u0435\u043d\u044b, \u0447\u0442\u043e fast16 \u0431\u044b\u043b \u043f\u0440\u0435\u0434\u043d\u0430\u0437\u043d\u0430\u0447\u0435\u043d \u0434\u043b\u044f \u0441\u0430\u0431\u043e\u0442\u0430\u0436\u0430 \u044f\u0434\u0435\u0440\u043d\u043e\u0439 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b \u0418\u0440\u0430\u043d\u0430.\n\n\ud83d\udfe0\u041d\u0435\u043c\u043d\u043e\u0433\u043e \u0437\u0430 \u0440\u0430\u043c\u043a\u0430\u043c\u0438 \u043d\u0430\u0448\u0438\u0445 \u043e\u0431\u044b\u0447\u043d\u044b\u0445 \u0442\u0435\u043c, \u043d\u043e \u043d\u0435 \u043c\u043e\u0436\u0435\u043c \u043c\u043e\u043b\u0447\u0430\u0442\u044c. \u0414\u043e 30% \u043a\u0440\u0443\u043f\u043d\u044b\u0445 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u0439 \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0437\u0430\u0440\u0443\u0431\u0435\u0436\u043d\u043e\u0435 \u043a\u043e\u0440\u043f\u043e\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0435 \u041f\u041e, \u0437\u0430\u043a\u0443\u043f\u043b\u0435\u043d\u043d\u043e\u0435 \u0434\u043e 2022 \u0433\u043e\u0434\u0430, \u043d\u043e \u0443\u0436\u0435 \u0431\u0435\u0437 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0438 \u0431\u0435\u0437 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0438.  \u00af\\_(\u30c4)_/\u00af\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2026-05-25T09:12:01.000000Z"}, {"uuid": "a70ad684-63ee-4b70-9763-b366b5c43bbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/boredchilada.bsky.social/post/3mmouaicxxy2e", "content": "~Checkpoint~\nHighlights include actively exploited Defender & Drupal flaws, major breaches at GitHub & 7-Eleven, and new AI-driven threats.\n-\nIOCs: CVE-2026-41091, CVE-2026-9082, Showboat\n-\n#CVE #Malware #ThreatIntel", "creation_timestamp": "2026-05-25T16:05:43.699907Z"}, {"uuid": "83484d80-23cf-4ca2-b5bb-e38c64422ce1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://t.me/xakep_ru/19431", "content": "Microsoft \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0430 0-day-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 UnDefend \u0438 RedSun\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 Microsoft \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0438 \u0432\u043d\u0435\u043f\u043b\u0430\u043d\u043e\u0432\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043b\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u0432\u0443\u0445 0-day-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 \u0432 Microsoft Defender, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0443\u0436\u0435 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u044c\u043d\u044b\u0445 \u0430\u0442\u0430\u043a\u0430\u0445. \u0420\u0435\u0447\u044c \u0438\u0434\u0435\u0442 \u043e \u0431\u0430\u0433\u0430\u0445 CVE-2026-41091 \u0438 CVE-2026-45498, \u0438\u0437\u0432\u0435\u0441\u0442\u043d\u044b\u0445 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u044f\u043c\u0438 RedSun \u0438 UnDefend.\n\nhttps://xakep.ru/2026/05/26/undefend-redsun-patch/", "creation_timestamp": "2026-05-26T15:36:32.000000Z"}, {"uuid": "31c376d9-fe63-4a00-a150-6155427c830d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://chaos.social/users/christopherkunz/statuses/116640416250193841", "content": "The RedSun vulnerability was \"officially fixed\" on May 19, with the fix being \"let's break the PoC by quarantining the affected .exe\". The fix is just part of a Defender definition update. So, I guess the Red Sun no longer prevails. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091", "creation_timestamp": "2026-05-26T10:31:49.929385Z"}, {"uuid": "9a4a231b-1fe7-4d2a-ac48-5260f60f8337", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/christopherkunz.bsky.social/post/3mmqsbasypq2u", "content": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41091 [2/2]", "creation_timestamp": "2026-05-26T10:35:40.644212Z"}, {"uuid": "5acbfa16-9a5a-4aa4-9273-3ee5c1a0d6b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41090", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mmufzcao4n2r", "content": "\ud83d\udccc CVE-2026-41090 - Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform ta... https://www.cyberhub.blog/cves/CVE-2026-41090", "creation_timestamp": "2026-05-27T21:07:07.812239Z"}, {"uuid": "b4183db4-048a-477b-87db-2be92f41b6ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41091", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.com/post/3mmwajt2rrk2n", "content": "\ud83d\udea8 Manual de Emergencia: Alerta de #Microsoft por Filtraci\u00f3n de 6 #Zero-Days (CVE-2026-41091) www.newstecnicas.com/2026/05/manu...", "creation_timestamp": "2026-05-28T14:34:26.943791Z"}]}