{"vulnerability": "cve-2026-4283", "sightings": [{"uuid": "352eeb3d-be82-4f25-b44c-97d57ed74d18", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42831", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "6371e3bd-3a95-43dc-9f66-f8645439bcba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4283", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116287224574824980", "content": "", "creation_timestamp": "2026-03-25T01:30:31.119945Z"}, {"uuid": "a5e2298b-1518-43f6-a0f4-3da953e7330b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-4283", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mhtwvfhoic2r", "content": "", "creation_timestamp": "2026-03-25T01:30:33.215893Z"}, {"uuid": "28e70915-aeee-4c92-a328-8fb0bc90bd0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42838", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "c704209b-5f70-4e95-a159-25674ad49a1c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42832", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "67768b28-51aa-4501-9ea9-038a462d50b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42838", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116568567031002351", "content": "A severe vulnerability was disclosed for Microsoft Edge (CVE-2026-42838) https://vuldb.com/vuln/363258", "creation_timestamp": "2026-05-13T17:59:47.636149Z"}, {"uuid": "7786d42e-a816-49d6-9916-8cc72844520f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4283", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhrtlzuxlq2a", "content": "", "creation_timestamp": "2026-03-24T05:26:18.467685Z"}, {"uuid": "d1a0c513-8480-40ad-93a8-72ddc4337471", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4283", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mhrxsonct62r", "content": "", "creation_timestamp": "2026-03-24T06:41:36.077628Z"}, {"uuid": "50340d7f-4673-4c57-b9b9-6b5835a05d04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-4283", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mhrynqvaie27", "content": "", "creation_timestamp": "2026-03-24T06:56:43.977384Z"}, {"uuid": "3d9969fa-ca53-49c5-8f03-bc6559e207ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42833", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0145", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse componenten van Dynamics. Een geauthenticeerde kwaadwillende kan de kwetsbaarheden misbruiken om zich verhoogde rechten toe te kennen, willekeurige code uit te voeren en/of toegang te krijgen tot gevoelige gegevens.\n\nDe kwetsbaarheid met kenmerk CVE-2026-33821 is reeds centraal verholpen door Microsoft en slechts toegevoegd ter informatie. Er zijn geen acties benodigd voor deze kwetsbaarheid.\n\n```\nDynamics Business Central: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40417 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Dynamics 365 (on-premises): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42898 | 9.90 | Uitvoeren van willekeurige code     | \n| CVE-2026-42833 | 9.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nPower Automate: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40374 | 6.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Dynamics 365 Customer Insights: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33821 | 7.70 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:37.000000Z"}, {"uuid": "c7bea484-2b40-48c7-92d6-b977b91495b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42831", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0144", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten. Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, of willekeurige code uit te voeren met rechten van het slachtoffer en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.\n\nDe kwetsbaarheid met kenmerk CVE-2026-33823 is reeds door Microsoft centraal verholpen en slechts toegevoegd ter informatie. Er zijn geen verdere acties benodigd voor deze kwetsbaarheid.\n\n```\nMicrosoft Teams: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32185 | 5.50 | Voordoen als andere gebruiker       | \n| CVE-2026-33823 | 9.60 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41102 | 7.10 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nM365 Copilot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42893 | 7.40 |                 | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35440 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40364 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40366 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40421 | 4.30 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40361 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40367 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nOffice for Android: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42831 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40363 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40419 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40358 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35439 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40368 | 8.00 | Uitvoeren van willekeurige code     | \n| CVE-2026-33110 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33112 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40357 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40365 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40360 | 7.80 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40359 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40362 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-42832 | 7.70 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Click-To-Run: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35436 | 8.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40420 | 8.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:28.000000Z"}, {"uuid": "aa713c27-6ae2-4bee-8a83-a62ad9f984d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42832", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0144", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse Office producten. Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, of willekeurige code uit te voeren met rechten van het slachtoffer en mogelijk toegang te krijgen tot gevoelige gegevens in de context van het slachtoffer.\n\nVoor succesvol misbruik moet de kwaadwillende het slachtoffer misleiden een malafide bestand te openen of link te volgen.\n\nDe kwetsbaarheid met kenmerk CVE-2026-33823 is reeds door Microsoft centraal verholpen en slechts toegevoegd ter informatie. Er zijn geen verdere acties benodigd voor deze kwetsbaarheid.\n\n```\nMicrosoft Teams: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32185 | 5.50 | Voordoen als andere gebruiker       | \n| CVE-2026-33823 | 9.60 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office PowerPoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41102 | 7.10 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nM365 Copilot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42893 | 7.40 |                 | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Word: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35440 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40364 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40366 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40421 | 4.30 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40361 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40367 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nOffice for Android: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42831 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40363 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-40419 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40358 | 8.40 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office SharePoint: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35439 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40368 | 8.00 | Uitvoeren van willekeurige code     | \n| CVE-2026-33110 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-33112 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40357 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40365 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Excel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40360 | 7.80 | Toegang tot gevoelige gegevens      | \n| CVE-2026-40359 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-40362 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-42832 | 7.70 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nMicrosoft Office Click-To-Run: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40418 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-35436 | 8.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40420 | 8.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:28.000000Z"}, {"uuid": "ca73cbc4-5eee-4a8d-91de-2ba5693585a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42830", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0142", "content": "Microsoft heeft kwetsbaarheden verholpen in diverse Azure componenten. Een kwaadwillende kan de kwetsbaarheden misbruiken om zich voor te doen als andere gebruiker, zich verhoogde rechten toe te kennen, willekeurige code uit te voeren en mogelijk daarmee toegang te krijgen tot gevoelige gegevens.\n\nDe kwetsbaarheden met kenmerk CVE-2026-40379, CVE-2026-32207, CVE-2026-33109, CVE-2026-33844, CVE-2026-34327, CVE-2026-35428, CVE-2026-35435 en CVE-2026-41105 zijn reeds centraal verholpen door Microsoft en slechts opgenomen ter informatie. Voor deze kwetsbaarheden zijn geen acties benodigd.\n\n```\nAzure Machine Learning: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32207 | 8.80 | Voordoen als andere gebruiker       | \n| CVE-2026-33833 | 8.20 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nAzure Monitor Agent: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-32204 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42830 | 6.50 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Partner Center: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34327 | 8.20 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nAzure Connected Machine Agent: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40381 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nAzure SDK: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33117 | 9.10 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nMicrosoft SSO Plugin for Jira & Confluence: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41103 | 9.10 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nAzure Notification Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41105 | 8.10 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nAzure Logic Apps: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42823 | 9.90 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nAzure Entra ID: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40379 | 9.30 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nWindows Admin Center: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41086 | 8.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nAzure AI Foundry M365 published agents: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35435 | 8.60 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nAzure Cloud Shell: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-35428 | 9.60 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nAzure Managed Instance for Apache Cassandra: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33109 | 9.90 | Uitvoeren van willekeurige code     | \n| CVE-2026-33844 | 9.00 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-05-12T15:53:04.000000Z"}, {"uuid": "1daf27fe-df8e-47d7-b19a-ab9f5b2faa87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42833", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "9b9893e2-de0d-43a5-8d3e-66df54c40b10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42832", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "d62d2830-babc-480e-8748-1c162baa2929", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42831", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "18e4f5d4-3406-47eb-8f3f-4ce343b34577", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42830", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "1f6ba65f-10e3-434b-b939-789cb9e147f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42838", "type": "seen", "source": "https://www.acn.gov.it/portale/w/aggiornamenti-mensili-microsoft-20", "content": "", "creation_timestamp": "2026-05-13T01:08:48.000000Z"}, {"uuid": "13d72ddc-43e6-46cf-9949-87ba39c22361", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42830", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mlqjcrqsnq2w", "content": "\ud83d\udd17 CVE : CVE-2026-32204, CVE-2026-33117, CVE-2026-33833, CVE-2026-40370, CVE-2026-40381, CVE-2026-42823, CVE-2026-42830, CVE-2026-32204, CVE-2026-33117, CVE-2026-33833, CVE-2026-40370, CVE-2026-40381, CVE-2026-42823, CVE-2026-42830", "creation_timestamp": "2026-05-13T14:30:17.992792Z"}, {"uuid": "5ebb496a-648a-4911-b221-325925112aca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42833", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mlt5j7vwgm26", "content": "\ud83d\udccc CVE-2026-42833 - Execution with unnecessary privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. https://www.cyberhub.blog/cves/CVE-2026-42833", "creation_timestamp": "2026-05-14T15:37:07.227579Z"}, {"uuid": "bd455f49-d6dc-43ec-802f-b22e680b9a5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42833", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "23b1087b-d9c6-4faf-aa5d-07c774905ac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42830", "type": "seen", "source": "https://www.thezdi.com/blog/2026/5/12/the-may-2026-security-update-review", "content": "I\u2019m currently in Berlin helping set up for Pwn2Own Berlin, but that doesn\u2019t stop Patch Tuesday from coming, and it\u2019s another big one. At least nothing is listed as being in the wild \u2013 for now. Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. Due to technical difficulties, there will not be a video companion for this month.\nAdobe Patches for May 2026\nFor May, Adobe released 10 bulletins addressing 52 unique CVEs in Adobe Commerce, After Effects, Adobe Connect, Illustrator, Media Encoder, Premiere Pro, Substance 3D Painter, Substance 3D Sampler, Content Authenticity SDK, and the Adobe Substance 3D Designer. Here\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-49\n    Adobe Commerce\n    15\n    Critical\n    8.7\n    No\n    2\n  \n  \n    APSB26-48\n    Adobe After Effects\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-50\n    Adobe Connect\n    2\n    Critical\n    9.6\n    No\n    3\n  \n  \n    APSB26-51\n    Adobe Illustrator\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-47\n    Adobe Media Encoder\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-46\n    Adobe Premiere Pro\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-55\n    Adobe Substance 3D Painter\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-54\n    Adobe Substance 3D Sampler\n    1\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-53\n    Content Authenticity SDK\n    14\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-52\n    Adobe Substance 3D Designer\n    5\n    Important\n    6.3\n    No\n    3\n  \n\n    TOTAL\n    10 bulletins\n    52\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nThe obvious priority this month is the patch for Commerce, with its 15 bugs and deployment priority of 2. The Connect fix should also rank up there since both of its CVEs are CVSS 9s. Beyond those, it\u2019s a pretty typical month for Adobe, with most of the bugs either being cross-site scripting (XSS) or open-and-own code executions.\nMicrosoft Patches for May 2026\nThis month, Microsoft released a whopping 138 new CVEs in Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Copilot Chat, Github Copilot, M365 Copilot, SQL Server, TCP/IP, and the Telnet Client \u2013 yes, the Telnet client. Two of these bugs were reported through the TrendAI ZDI program. 30 of these bugs are rated Critical, three are rated as Moderate, one is rated Low, and the rest are rated Important in severity.\nThis large volume of fixes follows the largest monthly release in Microsoft\u2019s history and reflects the trend across the industry of a high number of submissions. While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2013 even if it was just AI writing the submission. I should also point out the Pwn2Own Berlin occurs in just a few days, and it\u2019s typical for vendors to patch as much as they can before the event.\nNone of the bugs patched by Microsoft this month are listed as publicly known or under active attack at the time of release, so we\u2019ve got that going for us. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with a nasty-looking bug in DNS:\n-    CVE-2026-41096 - Windows DNS Client Remote Code Execution VulnerabilityThis patch fixes a heap-based buffer overflow in the DNS Client triggered by a malicious DNS response. No authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses (MitM, rogue server) could achieve unauthenticated RCE across your enterprise.\n-    CVE-2026-41089 - Windows Netlogon Remote Code Execution VulnerabilityThis update covers another CVSS 9.8 bug, which is a stack-based buffer overflow that lets an unauthenticated remote attacker execute code on a domain controller by sending a specially crafted network request \u2014 no credentials, no user interaction required. Yup \u2013 that makes it wormable. This is the highest-impact bug that requires immediate patching: a compromised domain controller is a compromised domain.\n-    CVE-2026-42898 - Microsoft Dynamics 365 On-Premises Remote Code Execution VulnerabilityThis bug rates a CVSS 9.9(!) and represents a code injection in Dynamics 365. It allows any authenticated user to execute code with a scope change, meaning exploitation can break out and affect resources beyond the vulnerable component itself. Scope changes are pretty rare, so if you\u2019re running Dynamics 365 On-Prem, definitely test and deploy this patch quickly.\n-    CVE-2026-40415 - Windows TCP/IP Remote Code Execution VulnerabilityThis bug in the TCP/IP stack results from a use-after-free (UAF) and could allow a remote, unauthenticated threat actor to execute code without user interaction. That makes this another wormable bug. However, this one is much less likely to be exploited. The target needs to be under sustained low-memory (memory pressure) conditions, which is pretty rare. Still, no need to tempt fate here. Test and deploy this one quickly.\nHere\u2019s the full list of CVEs released by Microsoft for May 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"5\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  Type\n \n \n  <span>CVE-2026-35435</span>\n  Azure AI Foundry\n  Elevation of Privilege Vulnerability\n  Critical\n  8.6\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35428</span>\n  Azure Cloud Shell\n  Spoofing Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-42826</span>\n  Azure DevOps\n  Information Disclosure Vulnerability\n  Critical\n  10\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-32207</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Critical\n  8.8\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-33109</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33844</span>\n  Azure Managed Instance\n  for Apache Cassandra Remote Code Execution Vulnerability\n  Critical\n  9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41105</span>\n  Azure Monitor Action\n  Group Notification System Elevation of Privilege Vulnerability\n  Critical\n  8.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33111</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26129</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-26164</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33821</span>\n  Microsoft Dynamics 365\n  Customer Insights Elevation of Privilege Vulnerability\n  Critical\n  7.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42898</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Critical\n  9.9\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40379</span>\n  Microsoft Enterprise\n  Security Token Service (ESTS) Spoofing Vulnerability\n  Critical\n  9.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40363</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40358</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34327</span>\n  Microsoft Partner\n  Center Spoofing Vulnerability\n  Critical\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40365</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41103</span>\n  Microsoft SSO Plugin\n  for Jira & Confluence Elevation of Privilege Vulnerability\n  Critical\n  9.1\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33823</span>\n  Microsoft Team Events\n  Portal Information Disclosure Vulnerability\n  Critical\n  9.6\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40364</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40366</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40361</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40367</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42831</span>\n  Office for Android\n  Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41096</span>\n  Windows DNS Client\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-35421</span>\n  Windows GDI Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40403</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40402</span>\n  Windows Hyper-V\n  Elevation of Privilege Vulnerability\n  Critical\n  9.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32161</span>\n  Windows Native WiFi\n  Miniport Driver Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41089</span>\n  Windows Netlogon\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32175</span>\n  .NET Core Tampering\n  Vulnerability\n  Important\n  4.3\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-32177</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35433</span>\n  .NET Elevation of\n  Privilege Vulnerability\n  Important\n  7.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2025-54518 *</span>\n  AMD: CVE-2025-54518\n  CPU OP Cache Corruption\n  Important\n  \n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42899</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40381</span>\n  Azure Connected\n  Machine Agent Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42823 \u2020</span>\n  Azure Logic Apps\n  Elevation of Privilege Vulnerability\n  Important\n  9.9\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33833</span>\n  Azure Machine Learning\n  Notebook Spoofing Vulnerability\n  Important\n  8.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-32204</span>\n  Azure Monitor Agent\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42830</span>\n  Azure Monitor Agent\n  Metrics Extension Elevation of Privilege Vulnerability\n  Important\n  6.5\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33117</span>\n  Azure SDK for Java\n  Security Feature Bypass Vulnerability\n  Important\n  9.1\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-41109</span>\n  GitHub Copilot and\n  Visual Studio Code Security Feature Bypass Vulnerability\n  Important\n  8.8\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-35424</span>\n  Internet Key Exchange\n  (IKE) Protocol Denial of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-41614</span>\n  M365 Copilot for\n  Desktop Spoofing Vulnerability\n  Important\n  6.2\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41100</span>\n  Microsoft 365 Copilot\n  for Android Spoofing Vulnerability\n  Important\n  4.4\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-40377</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41094</span>\n  Microsoft Data\n  Formulator Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40417</span>\n  Microsoft Dynamics 365\n  Business Central Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42833</span>\n  Microsoft Dynamics 365\n  On-Premises Remote Code Execution Vulnerability\n  Important\n  9.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42838</span>\n  Microsoft Edge\n  (Chromium-based) Elevation of Privilege Vulnerability\n  Important\n  5.4\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40360</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40359</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40362</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42832</span>\n  Microsoft Excel\n  Spoofing Vulnerability\n  Important\n  7.7\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-34329</span>\n  Microsoft Message\n  Queuing (MSMQ) Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40419</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40418</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35436</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40420</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42893</span>\n  Microsoft Outlook for\n  iOS Tampering Vulnerability\n  Important\n  7.4\n  No\n  No\n  Tampering\n \n \n  <span>CVE-2026-40374</span>\n  Microsoft Power\n  Automate Desktop Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41102</span>\n  Microsoft PowerPoint\n  for Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35439</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40368</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33110</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-33112</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40357</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-32185</span>\n  Microsoft Teams\n  Spoofing Vulnerability\n  Important\n  5.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41101</span>\n  Microsoft Word for\n  Android Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35440</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40421</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  4.3\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41097</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  6.7\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-40370 \u2020</span>\n  SQL Server Remote Code\n  Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41613</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41612</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-41611</span>\n  Visual Studio Code\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-41610</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  6.3\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33839</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33840</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34330</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34331</span>\n  Win32k Elevation of\n  Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35423</span>\n  Windows 11 Telnet\n  Client Information Disclosure Vulnerability\n  Important\n  5.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-35438</span>\n  Windows Admin Center\n  Elevation of Privilege Vulnerability\n  Important\n  8.3\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41086</span>\n  Windows Admin Center\n  in Azure Portal Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34344</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34345</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35416</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41088</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34343</span>\n  Windows Application\n  Identity (AppID) Subsystem Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35418</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33835</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34337</span>\n  Windows Cloud Files\n  Mini Filter Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40407</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40397</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42896</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35419</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-34336</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  7.8\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33834</span>\n  Windows Event Logging\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32209</span>\n  Windows Filtering\n  Platform (WFP) Security Feature Bypass Vulnerability\n  Important\n  4.4\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-33841</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35420</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40369</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34332</span>\n  Windows Kernel-Mode\n  Driver Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-34339</span>\n  Windows Lightweight\n  Directory Access Protocol (LDAP) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-34341</span>\n  Windows Link-Layer\n  Discovery Protocol (LLDP) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-33838</span>\n  Windows Message\n  Queuing (MSMQ) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34342</span>\n  Windows Print Spooler\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-41095</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34340</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40398</span>\n  Windows Remote Desktop\n  Services Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-21530</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-32170</span>\n  Windows Rich Text Edit\n  Elevation of Privilege Vulnerability\n  Important\n  6.7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40410</span>\n  Windows SMB Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35415</span>\n  Windows Storage Spaces\n  Controller Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34350</span>\n  Windows Storport\n  Miniport Driver Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40405</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40414</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40401</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  6.2\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-40413</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  7.4\n  No\n  No\n  DoS\n \n \n  <span>CVE-2026-35422</span>\n  Windows TCP/IP Driver\n  Security Feature Bypass Vulnerability\n  Important\n  6.5\n  No\n  No\n  SFB\n \n \n  <span>CVE-2026-34351</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40399</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34334</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40406</span>\n  Windows TCP/IP\n  Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-33837</span>\n  Windows TCP/IP Local\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40415</span>\n  Windows TCP/IP Remote\n  Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-42825</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34338</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40382</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-40380</span>\n  Windows Volume Manager\n  Extension Driver Remote Code Execution Vulnerability\n  Important\n  6.2\n  No\n  No\n  RCE\n \n \n  <span>CVE-2026-40408</span>\n  Windows WAN ARP Driver\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34333</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-34347</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-35417</span>\n  Windows Win32k\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  EoP\n \n \n  <span>CVE-2026-42891</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  6.5\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-35429</span>\n  Microsoft Edge\n  (Chromium-based) for Android Spoofing Vulnerability\n  Moderate\n  4.3\n  No\n  No\n  Spoofing\n \n \n  <span>CVE-2026-41107</span>\n  Microsoft Edge\n  (Chromium-based) Information Disclosure Vulnerability\n  Moderate\n  7.4\n  No\n  No\n  Info\n \n \n  <span>CVE-2026-40416</span>\n  Microsoft\n  Edge (Chromium-based) for Android Spoofing Vulnerability\n  Low\n  4.3\n  No\n  No\n  Spoofing\n \n \n \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this month\u2019s release, there are quite a few scary-looking bugs (including a CVSS 10!), but there\u2019s no action for the end user as Microsoft has already mitigated these bugs and is just now documenting them. There\u2019s also this month\u2019s crop of Office bugs where the Preview Pane is an attack vector. However, the bug in Office for Android does not have the Preview Pane vector; it\u2019s simple open and own. The bug in the WiFi driver needs a network adjacent attacker. The SharePoint bug requires authentication, but anyone with site privileges has the authentication needed. The bug in SSO Plugin for Jira & Confluence should really be called an authentication bypass, since it allows an unauthenticated attacker to gain access to a system.\nLooking at the other code execution bugs, most are of the open and own variety as expected. The bug in Dynamic 365 (On Prem) requires high privileges. The Message Queueing bug requires an adjacent attacker. The bug in SQL Server requires authentication, but as usual, patching won\u2019t be straightforward. Finally, there\u2019s a bug in the kernel that leads to code execution. Most kernel bugs are privilege escalations, but this one could allow code execution if an attacker sends specially crafted NVMe over Fabrics (NVMe\u2011oF) response messages during the connection handshake process that contains an invalid header length value. Neat.\nAs usual, the vast majority of the Microsoft release fixes Elevation of Privilege (EoP) bugs. Also as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. There are also a few bugs that just state the attacker could \u201cgain ELEVATED privileges.\u201d How obtuse. The bugs in Azure allow an attacker to access data otherwise hidden from them. The Edge bug allows threat actors to elevate to the privileges of the running application. The bug in Visual Studio allows attackers to get permissions associated with the MCP Server\u2019s managed identity. Finally, there are a couple of sandbox escapes, too, which are always useful.\nThis month's update includes six Security Feature Bypass vulnerabilities. The most severe is in the Azure SDK for Java (CVSS 9.1). An attacker over the network can bypass the integrity protection provided by authentication tags on encrypted data, effectively manipulating encrypted input in a way that slips past integrity checks during decryption.  Close behind is the bypass affecting the GitHub Copilot integration in Visual Studio Code (CWE-74). This one requires a user interaction, but it allows an attacker to circumvent the path validation safeguards that normally control which files Copilot is permitted to modify. The other Visual Studio Code bypass involves cross-site scripting, improper link resolution, and information exposure triggered when a user opens or views a maliciously crafted notebook.  On the Windows networking side there are two bypasses. The first hits the Windows TCP/IP driver via an authentication bypass using an alternate channel. The other impacts the Windows Filtering Platform through improper access control, allowing a local, low-privileged attacker to bypass FQDN-based network security rules. Finally, there\u2019s a Secure Boot bypass that, you guessed it, bypasses secure boot features.\nMoving on to the Information Disclosure bugs fixed this month, we have 15 different CVEs. As usual, the majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The bug in Power Automate could expose data marked \u201cSensitive\u201d within Power Automate Desktop flows. One of the Word bugs could disclose NLTM hashes. The bug in Edge could disclose your cookies, which seems rude. The bug in Visual Studio could expose file path information. Finally, there\u2019s a bug in Telnet for Windows 11 that leaks information being used by Telnet at the time. I didn\u2019t even realize Windows 11 still had a telnet client.\nThe May release contains 10 spoofing bugs (plus the ones already addressed by Microsoft). The bug in Azure Machine Learning Notebooks vulnerability requires user interaction, but it could expose info through the Azure ML web interface to the attacker. There\u2019s a cluster of fixes for Microsoft's mobile Office suite on Android. Excel, Word, and PowerPoint for Android all carry spoofing flaws rooted in improper access control. Two Copilot products are also affected by spoofing vulns. The M365 Copilot for Desktop has no details provided. The M365 Copilot for Android variant requires low privileges and producing only limited impact on confidentiality and integrity. Microsoft Teams for Android rounds out the mobile app spoofing bugs. Three Edge bugs close things out, all involving misrepresentation of information in the browser UI. \nThere are two Tampering bugs in this month\u2019s release. The one in .NET Core allows threat actors to write files to an affected system. The other is in Outlook for iOS and manifests as a command injection bug.\nThere are eight DoS bugs in the May release, but as always, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting from a practical standpoint are two TCP/IP bugs that allow a low-privilege Hyper-V guest to crash the host. Both are triggered from the adjacent network. On the broader network-exposure side, the ASP.NET Core bug is a straightforward infinite loop condition \u2014 an unauthenticated attacker sends a crafted request over the network and the server stops responding.\nNo new advisories are being released this month.\nLooking Ahead\nAssuming I survive Pwn2Own Berlin (which is looking iffy at the moment), I\u2019ll return on June 9th on what will hopefully be a smaller release than this one. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!", "creation_timestamp": "2026-05-12T16:38:43.000000Z"}, {"uuid": "887284ce-a536-4ef5-a7e1-c2d1c6b1aa66", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42834", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116607206794194616", "content": "A new vulnerability with increased severity was disclosed for Microsoft Windows Admin Center in Azure Portal (CVE-2026-42834) https://vuldb.com/vuln/364882", "creation_timestamp": "2026-05-20T13:46:12.074102Z"}, {"uuid": "4b9f2872-1598-4473-95d6-7c38c556985b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42834", "type": "seen", "source": "https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3hfcycd2m", "content": "\ud83d\udd17 CVE : CVE-2026-42834, CVE-2026-45585, CVE-2026-42834, CVE-2026-45585", "creation_timestamp": "2026-05-20T14:10:14.012207Z"}, {"uuid": "073f0c26-de93-4adf-88ec-9d59c70d16a1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42834", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mmc632tfmh2e", "content": "CVE-2026-42834 - Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability\nCVE ID : CVE-2026-42834\n \n Published : May 20, 2026, 1:16 p.m. | 58\u00a0minutes ago\n \n Description : Improper link resolution before file access ('link following') in Azure Portal Windows Ad...", "creation_timestamp": "2026-05-20T14:57:01.692502Z"}, {"uuid": "3af48096-76fb-400f-883c-dbc05ec71ad5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42836", "type": "seen", "source": "https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review", "content": "I\u2019ve made it through Pwn2Own Berlin, had a little vacation, and now I\u2019m back for Patch Tuesday. Microsoft and Adobe didn\u2019t disappoint. In fact, they have heralded my return with the largest Patch Tuesday release ever. Thanks? Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. If you\u2019d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.\nAdobe Patches for June 2026\nFor May, June released 11 bulletins addressing 123 unique CVEs in Adobe Acrobat Reader, ColdFusion, Experience Manager, Experience Manager Forms, InDesign, InCopy, Substance 3D Sampler, Content Credentials SDK, Dreamweaver, Format Plugins, and Adobe Campaign Classic.\nHere\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-66\n    Adobe Campaign Classic\n    2\n    Critical\n    10.0\n    No\n    1\n  \n  \n    APSB26-64\n    Adobe ColdFusion\n    7\n    Critical\n    9.6\n    No\n    1\n  \n  \n    APSB26-63\n    Adobe Acrobat Reader\n    20\n    Critical\n    7.8\n    No\n    2\n  \n  \n    APSB26-57\n    Adobe Experience Manager Forms\n    3\n    Critical\n    9.3\n    No\n    2\n  \n  \n    APSB26-62\n    Adobe Dreamweaver\n    5\n    Critical\n    8.6\n    No\n    3\n  \n  \n    APSB26-65\n    Adobe Format Plugins\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-59\n    Adobe InCopy\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-58\n    Adobe InDesign\n    12\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-60\n    Adobe Substance 3D Sampler\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-61\n    Content Credentials SDK\n    8\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-56\n    Adobe Experience Manager\n    57\n    Important\n    5.4\n    No\n    3\n  \n\n    TOTAL\n    11 bulletins\n    123\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nObviously, the update for Campaign Classic should be on the top of your deployment list if you\u2019re a user. A CVSS 10 is rare; two in the same bulletin is pretty much a unicorn. Adobe says there are no active attacks, but I would expect heavy research into creating one. The update for Coldfusion is also a Priority 1, but again, no known attacks is the wild. I suspect the Reader patch will also receive a lot of attention as malicious PDFs are common in ransomware attacks. The update for Experience Manager may be large, but it\u2019s mostly just cross-site scripting (XSS) bugs.\nMicrosoft Patches for June 2026\nThis month, Microsoft released a new record 208 CVEs Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Github Copilot, Defender, Exchange Server, Hyper-V, Secure Boot, and BitLocker. At least, that\u2019s my count. Microsoft\u2019s tools seem to be having some issues, as they initially included a CVE from 2020 in this release. Regardless, the count is over 200, and I counted several times.\nOne of these bugs came through the ZDI program, but bugs submitted during Pwn2Own Berlin remain unpatched. If you include the Chromium and other third-party bugs, the total CVE count for June comes to a staggering 571 CVEs. 38 of these cases are rated Critical while the rest are rated Important in severity.\nI\u2019ve been counting CVEs on Patch Tuesday since 2017, and this is by far the largest monthly release in that time. The previous record was 177 set last year. It is extraordinary that Microsoft can produce so many patches in a single month, but it does raise concerns. How many of these cases were found using AI tools? How many patches were generated using AI to assist in coding or testing? What quality issues may exist in these patches? And likely most importantly, is this the new normal? The last two months were also large releases. Should sysadmins adjust their processes for prioritization and patch deployment based on this new volume of updates? Unfortunately, Microsoft is not providing those answers right now. Hopefully that changes in the future. BTW \u2013 just a note \u2013 the current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018.\nOne of the bugs patched by Microsoft this month is listed as under active exploitation and three others are listed as publicly known at the time of release. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with the bug being exploited in the wild.\n-   CVE-2026-41091 - Microsoft Defender Elevation of Privilege VulnerabilitySince Microsoft doesn\u2019t provide info on how widespread exploitation is, we must read some tea leaves. For this patch, several different people were acknowledged, which indicates multiple parties say this is in the wild, meaning exploitation is likely significant. The good news is that most people won\u2019t need to take action as Defender updates itself. However, if you don\u2019t have this configured or are in an isolated environment, you\u2019ll need to update to the latest version.\n-    CVE-2026-45657 - Windows Kernel Remote Code Execution VulnerabilityThis CVSS 9.8 bug allows remote, unauthenticated attackers to execute code at SYSTEM level without user interaction. Yup \u2013 this is wormable. The problem lies in the way the kernel handles TCP/IP. This was listed as \u201cExploitation Less Likely\u201d by Microsoft, but rest assured that every researcher and bug shop on the planet is reversing this patch right now trying to create an exploit. Test and deploy this patch quickly.\n-    CVE-2026-47291 - HTTP.sys Remote Code Execution VulnerabilityOur second CVSS 9.8 bug of the month, this also allows remote, unauthenticated attackers to execute code on affected systems without user interaction. However, there is a caveat. Systems using the default MaxRequestBytes registry value used by the Windows HTTP stack are not affected by this bug. You can edit your registry settings if you need protection while you test and deploy the patch. The bulletin includes instructions and even a PowerShell script for doing this action. Microsoft lists this as \u201cExploitation more likely\u201d, so I would definitely check your registry settings.\n-    CVE-2026-44815 - DHCP Client Service Remote Code Execution VulnerabilityHere\u2019s another CVSS 9.8 that has an odd incongruity. Although the CVSS says no permissions are required for exploitation, the write-up states it must be an \u201cauthenticated\u201d user. I would err on the side of caution here and believe the CVSS. If that\u2019s correct, then we have another bug where a remote, unauthenticated attacker could execute code on affected systems without user interaction. And since the DHCP client is on every OS, it\u2019s a juicy target. This is another one to test and deploy with haste.\n-    CVE-2026-45585/CVE-2026-50507 - Windows BitLocker Security Feature Bypass VulnerabilityIf you\u2019ve followed the ongoing saga of Nightmare Eclipse vs. MSRC, the bugs should look familiar. One is definitely a fix for \u201cYellowKey\u201d, while the other appears to be a fix for \u201cGreenPlasma\u201d. The researcher has promised a \u201cbone shattering\u201d drop on June 14, so let\u2019s hope Microsoft is able to reach some understanding with the researcher before more 0-days are released. Also, there is a script provided by Microsoft as a mitigation, but the better strategy is to test and deploy the updates.\n Here\u2019s the full list of CVEs released by Microsoft for June 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"6\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  XI\n  Type\n \n \n  <span>CVE-2026-41091</span>\n  Microsoft Defender\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  Yes\n  Yes\n  0\n  EoP\n \n \n  <span>CVE-2026-49160</span>\n  HTTP.sys Denial of\n  Service Vulnerability\n  Important\n  7.5\n  Yes\n  No\n  1\n  DoS\n \n \n  <span>CVE-2026-50507</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  6.8\n  Yes\n  No\n  1\n  SFB\n \n \n  <span>CVE-2026-45586</span>\n  Windows Collaborative\n  Translation Framework (CTFMON) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  Yes\n  No\n  1\n  EoP\n \n \n  <span>CVE-2025-10263 *</span>\n  ARM: CVE-2025-10263\n  Completion of affected memory accesses might not be guaranteed by completion\n  of a TLBI [kernel]\n  Critical\n  9.3\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48567</span>\n  Azure HorizonDB<span>  </span>Elevation of Privilege Vulnerability\n  Critical\n  10\n  No\n  No\n  N/A\n  EoP\n \n \n  <span>CVE-2026-32193</span>\n  Azure Kubernetes\n  Service (AKS) Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-47644</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44815</span>\n  DHCP Client Service\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47291</span>\n  HTTP.sys Remote Code\n  Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-42824</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-45476</span>\n  Microsoft Azure\n  Network Adapter Elevation of Privilege Vulnerability\n  Critical\n  8.2\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44810</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48579</span>\n  Microsoft Exchange\n  Online Information Disclosure Vulnerability\n  Critical\n  9.1\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-47655</span>\n  Microsoft Graph\n  Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-45497</span>\n  Microsoft M365 Copilot\n  Remote Code Execution Vulnerability\n  Critical\n  7.7\n  No\n  No\n  N/A\n  RCE\n \n \n  <span>CVE-2026-45460</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Critical\n  4.7\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45472</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45474</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45461</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45463</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45456</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45458</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47635</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-26142</span>\n  Nuance PowerScribe\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47289</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47654</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-48563</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42992</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44799</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44801</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42985</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-45648</span>\n  Windows Active\n  Directory Domain Services Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42987</span>\n  Windows Deployment\n  Services (WDS) Remote Code Execution\n  Critical\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-33828</span>\n  Windows Device Health\n  Attestation (DHA) Elevation of Privilege Vulnerability\n  Critical\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-44803</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-44812</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-45607</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45641</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47652</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.2\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47288</span>\n  Windows Kerberos Key\n  Distribution Center (KDC) Remote Code Execution\n  Critical\n  7.1\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-45657</span>\n  Windows Kernel Remote\n  Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-48574</span>\n  Windows Media Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45490</span>\n  .NET SDK Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45491</span>\n  .NET Tampering\n  Vulnerability\n  Important\n  6.2\n  No\n  No\n  3\n  Tampering\n \n \n  <span>CVE-2026-45591</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-47643</span>\n  Azure Stack Edge\n  Remote Code Execution Vulnerability\n  Important\n  9.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-41098</span>\n  Azure Stack Edge\n  Spoofing Vulnerability\n  Important\n  8.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45642</span>\n  Microsoft Azure\n  Attestation service and Device Health Attestation Service Spoofing\n  Vulnerability\n  Important\n  3.9\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45650</span>\n  Microsoft Bing Search\n  Spoofing Vulnerability\n  Important\n  4.3\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45637</span>\n  Microsoft DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45647</span>\n  Microsoft Defender for\n  Endpoint for Mac Elevation of Privilege Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-40371</span>\n  Microsoft Dynamics 365\n  (on-premises) Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44822</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  8.2\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45455</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45469</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44817</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-44818</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44820</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44823</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45459</span>\n  Microsoft Excel\n  Security Feature Bypass Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45504</span>\n  Microsoft Exchange\n  Server Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45502</span>\n  Microsoft Exchange\n  Server Information Disclosure Vulnerability\n  Important\n  5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45503</span>\n  Microsoft Exchange\n  Server Information Disclosure Vulnerability\n  Important\n  8.1\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45583</span>\n  Microsoft Exchange\n  Server Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45500</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  6.1\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45501</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47631</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-42986</span>\n  Microsoft Graphics\n  Component Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-41092</span>\n  Microsoft Kinect\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45644</span>\n  Microsoft Live Share\n  Canvas SDK Elevation of Privilege Vulnerability\n  Important\n  8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47293</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45485</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44821</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45483</span>\n  Microsoft Office\n  Project Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45475</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44819</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44824</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45645</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-49161</span>\n  Microsoft PC Manager\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  SFB\n \n \n  <span>CVE-2026-42902</span>\n  Microsoft PowerToys\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45484</span>\n  Microsoft SharePoint\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45454</span>\n  Microsoft SharePoint\n  Remote Code Execution Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47298</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45467</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45468</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45479</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45453</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47636</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47637</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47638</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47639</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-47641</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-33113</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45462</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45464</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45465</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47634</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  7.3\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-47640</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-45481</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  7.3\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-48560</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-48562</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-42835</span>\n  Microsoft Teams for\n  Android Information Disclosure Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45606</span>\n  Microsoft UxTheme\n  Library (uxtheme.dll) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-45482</span>\n  Microsoft Visual\n  Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability\n  Important\n  8.4\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45466</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45471</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45486</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45643</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45457</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42980</span>\n  NT OS Kernel Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-42916</span>\n  NT OS Kernel Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45649</span>\n  Office for Android\n  Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-47653</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42909</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42913</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42993</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45588</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48568</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48570</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48573</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48575</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48576</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48578</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45654</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45656</span>\n  UEFI Secure Boot\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-8863</span>\n  UEFI Secure Boot\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-40376</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47281</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  9.6\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-47284</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-47292</span>\n  Visual Studio Code\n  MSSQL Extension Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-48569</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  7.1\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-47287</span>\n  Visual Studio Code\n  Tampering Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Tampering\n \n \n  <span>CVE-2026-42829</span>\n  Windows Administrator\n  Protection Secure Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  \n \n \n  <span>CVE-2026-34335</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45601</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45598</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45596</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45638</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45603</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42911</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45594</span>\n  Windows Application\n  Identity (AppID) Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45655</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  5.3\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45658</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  SFB\n \n \n  <span>CVE-2026-45640</span>\n  Windows Bluetooth Port\n  Driver Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45605</span>\n  Windows Bluetooth\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47656</span>\n  Windows Boot Manager\n  Security Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-44809</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45634</span>\n  Windows DHCP Client\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45608</span>\n  Windows DHCP Client\n  Information Disclosure Vulnerability\n  Important\n  6.8\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-41108</span>\n  Windows DNS Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42905</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-44811</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44808</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44807</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42983</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44802</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44813</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44804</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48566</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44814</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45602</span>\n  Windows Dynamic Host\n  Configuration Protocol (DHCP) Tampering Vulnerability\n  Important\n  9.1\n  No\n  No\n  2\n  Tampering\n \n \n  <span>CVE-2026-42836</span>\n  Windows Function\n  Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42910</span>\n  Windows Hotpatch\n  Monitoring Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42972</span>\n  Windows Hyper-V\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45592</span>\n  Windows Internet\n  (wininet.dll) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42903</span>\n  Windows Kerberos\n  Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  3\n  DoS\n \n \n  <span>CVE-2026-42914</span>\n  Windows Kerberos\n  Denial of Service Vulnerability\n  Important\n  5.3\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-48583</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45653</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42984</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45600</span>\n  Windows Kernel-Mode\n  Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45604</span>\n  Windows Managed\n  Installer Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45595</span>\n  Windows Mark of the\n  Web Security Feature Bypass Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45636</span>\n  Windows NTFS Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-50508</span>\n  Windows NTLM Spoofing\n  Vulnerability\n  Important\n  6.5\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-48565</span>\n  Windows Narrator\n  Braille Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44805</span>\n  Windows Network\n  Controller (NC) Host Agent Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  DoS\n \n \n  <span>CVE-2026-42981</span>\n  Windows Performance\n  Monitor Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42974</span>\n  Windows Performance\n  Monitor Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45487</span>\n  Windows Program\n  Compatibility Assistant Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42828</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42837</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42969</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-42971</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42970</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42973</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42978</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42977</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42979</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42991</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45639</span>\n  Windows Remote Desktop\n  Protocol (RDP) Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42908</span>\n  Windows Remote Desktop\n  Protocol (RDP) Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45593</span>\n  Windows SDK Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42906</span>\n  Windows Shell\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42907</span>\n  Windows Shell\n  Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-47648</span>\n  Windows Storage\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42915</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  5.7\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-42904</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  9.6\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42968</span>\n  Windows Telephony\n  Server Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42912</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45597</span>\n  Windows UI Automation\n  Manager (uiamanager.dll) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45599</span>\n  Windows UPnP Device\n  Host Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45635</span>\n  Windows UPnP Device\n  Host Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-40409</span>\n  Windows Universal Disk\n  Format File System Driver (UDFS) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-40404</span>\n  Windows Universal Disk\n  Format File System Driver (UDFS) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42989</span>\n  Winlogon\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n \n  \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this release, the scariest-looking one is actually nothing to concern yourself with at all. The CVSS 10 bug in Azure HorizonDB has already been addressed by Microsoft and is just being documented now. That\u2019s also the case for five others. Of course, there wouldn\u2019t be a release without Office bugs that have the Preview Pane as an attack vector. There are multiple in June. There\u2019s a handful of bugs in the Remote Desktop Client, but these rely on connecting to a malicious RDP server. There are three patches for Hyper-V that allow for guest-to-host code execution. The bug in Active Directory requires authentication, but any authenticated user can hit it. For the Windows Directory Service vulnerability, it needs to be listening for TFTP. You have blocked that everywhere, right? The bug in Azure Network Adapter is somewhat unique as you need to update your Linux kernel to be protected. The bug in Azure Kubernetes allows an attacker to break out of a container and gain control of the AKS worker node. Finally, the bug in the Kerberos Key Distribution Center (KDC) seems unlikely, but if exploited, it could allow authenticated attackers to get code execution on affected systems.\nMoving on to the other code execution bugs, there are the ubiquitous open-an-own bugs in Office components like Excel and Word. The code injection bug in Exchange Server looks troubling, but it requires a machine-in-the-middle (MiTM), so exploitation is unlikely. The bugs in SharePoint require authentication, but you should note that the patch applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. The two bugs in UPnP are interesting. Both can lead to code execution by causing an error during the handling of specially crafted data, which could lead to a Use After Free (UAF) bug. The bugs in RDP Client all require connecting to a malicious RDP server, but it\u2019s not clear why some are rated Critical and some are rated Important. The NTFS vulnerability requires a user to mount a virtual hard drive on an affected system. The last RCE bug this month is in Azure Stack Edge and requires the attacker to send a specially crafted file upload request that includes a manipulated file name or path, leading to code execution.\nThere are more than 60 Elevation of Privilege (EoP) bugs in this month\u2019s release, and as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. A notable exception is in Exchange Server, where a user on Outlook Web Access (OWA) could gain access to other mailboxes. The bug in Visual Studio Code could allow attackers to gain permissions associated with the MCP Server\u2019s managed identity. The bugs in Windows SDK and Windows UI Automation Manager could let attacker go from low integrity up to medium integrity code execution. The bug in Bluetooth just allows \u201celevated\u201d privileges without really describing what elevated might be. \nMoving on to the more than 20 security feature bypass (SFB) bugs in the June release, there are a total of 10 that impact Secure Boot. All carry scope change (S:C) in the CVSS, meaning successful exploitation affects security boundaries beyond the vulnerable component itself \u2014 specifically the ability to load untrusted code at boot, bypass Virtual Secure Mode, and undermine boot integrity guarantees. CVE-2026-45654 explicitly calls out VSM exposure. The bulk of these are credited to Alon Leviev (STORM), which is notable given his prior BootKitty/BlackLotus-adjacent research. The bugs in the Windows Boot Manager have a similar impact as the Secure Boot bugs. The UEFI Secure Boot vulnerabilities go a layer deeper. They require either local admin or physical access but could allow for the running of untrusted code even before the OS loads. Rootkits anyone? The four bugs in BitLocker all require physical access but could yield encrypted data if exploited. The bug in Windows Administration Protection allows attackers to bypass the feature that prevents standard-user apps from performing admin-level actions. The bug in Visual Studio Copilot Chat could be the most interesting non-boot bug here as it allows authentication impersonation. Mark of the Web (MotW) and Excel vulns could bypass user warnings. Lastly, the bug in PC Manager bypasses expected user controls. \nTurning our attention to the mass of spoofing bugs in the release, we instantly see 18 impacting SharePoint Server. Fortunately, these are simply cross-site scripting (XSS) bugs. It\u2019s the Exchange bugs we should really watch for. One is an XSS that an attacker can exploit by convincing an Exchange administrator to open a malicious link or message, which then runs code in the admin's web session. That's a meaningful privilege escalation path. Another is listed as an SSRF-based attack, but no other details are available. The last is a lower-impact XSS with limited confidentiality/integrity loss. The bug in Bing Search (remember Bing?) is a classic search result spoofing. The bug in Azure Stack Edge is interesting as it could allow access to resources outside the vulnerable component's security boundary. The bug in Office for Android requires user interaction. The Office Project Server bug is an authenticated XSS with low impact. The final spoofing bug is in Azure Attestation but has already been addressed. You should still verify you are protected by following the instructions in the write-up from Microsoft.\nThere are 30 different information disclosure bugs in this release, and fortunately, the vast majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The two bugs in Visual Studio require user interaction and could \u201cdisclose information over a network.\u201d How obtuse. The bug in GitHub Copilot and Visual Studio Code could disclose discloses a sign-in access token for a user's work account. That's a meaningful credential exposure, not just random memory. That leaves the two bugs in Exchange Server. One could allow an authenticated user to gain information about which network services that the Exchange server can reach. The other sounds much like the spoofing bug in OWA as it allows attackers to see information in mailboxes they should not have access to.\nI\u2019ve never been a fan of the \u201ctampering\u201d category, as it could mean so many different things. For example, the bug in .NET simply says it could allow an unauthorized attacker to perform tampering locally. Similarly, the bug in Visual Studio says the same, expect here the tampering occurs over a network. Microsoft doesn\u2019t even bother with a CWE for the tampering bug in the DHCP Server, so your guess is as good as mine.\nThere are seven DoS bugs in the June release, and as usual, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting is the bug in HTTP.sys, which is listed as publicly known. This is an uncontrolled resource consumption, rated \"Exploitation More Likely,\" and publicly disclosed. Since, HTTP.sys sits at the core of IIS and Windows web services, a network-accessible DoS here can take down any Windows server running HTTP-based services. Based on the Acknowledgement, it looks like this bug may have been found using AI. There are no real details for the other bugs, but based simply on the impact, I would focus on the Kerberos and TCP/IP bugs if you had to prioritize.\nNo new advisories are being released this month.\nLooking Ahead\nThe next Patch Tuesday will be on July 14 and will be the last one before Black Hat/DEFCON. It\u2019s usually a big release, so strap in and hang on. I\u2019ll be back then to give you my full thoughts. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!\n ", "creation_timestamp": "2026-06-09T16:12:18.000000Z"}, {"uuid": "d1e1db1e-ec60-4884-a66a-3b4e20ffd783", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42837", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0181", "content": "Microsoft heeft een groot aantal kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot diverse categorie\u00ebn schade, zoals omschreven in onderstaande tabellen.\n\nTussen deze kwetsbaarheden zitten een zestal zeer ernstige, welke door Microsoft zijn ingeschaald met een CVSS score van 9 en hoger.\nDeze kwetsbaarheden bevinden zich in diverse componenten van Windows die bereikbaar en benaderbaar zijn vanaf netwerkverbindingen, zoals http.sys, DHCP, de Kernel en TCP/IP. Door de externe bereikbaarheid en de mogelijkheden tot uitvoer van willekeurige code, is het risico op grootschalig misbruik op korte termijn aanwezig. Op dit moment wordt (nog) geen actief misbruik waargenomen en is (nog) geen publieke Proof-of-Concept (PoC) of exploit bekend, maar het NCSC verwacht deze wel op korte termijn en adviseert daarom deze updates met spoed in te zetten.\n\n```\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42904 | 9.60 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42915 | 5.70 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows BitLocker: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45655 | 5.30 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-45658 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-50507 | 6.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45595 | 5.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44803 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-44812 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Push Notifications: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42969 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42971 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42970 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42973 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42978 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42977 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42979 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42991 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41108 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Port Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45640 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34335 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45601 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45598 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45596 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45638 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45603 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42911 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nFunction Discovery Service (fdwsd.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42836 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-10263 | 9.30 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45657 | 9.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-48583 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45653 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42984 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45588 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48568 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48570 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48573 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48575 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48576 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48578 | 7.90 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45654 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nRemote Desktop Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47289 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-47653 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-47654 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-48563 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42909 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42913 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42992 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-44799 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-44801 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42985 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-42993 | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft UxTheme Library (uxtheme.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45606 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45600 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45608 | 6.80 | Toegang tot gevoelige gegevens      | \n| CVE-2026-44815 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nUniversal Plug and Play (upnp.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45599 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-45635 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45605 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows UEFI: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45656 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-8863  | 7.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Hotpatch Monitoring Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42910 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Azure Attestation service and Device Health Attestation Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33828 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45642 | 3.90 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nWindows RDP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45639 | 7.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42908 | 7.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWinlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42989 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Collaborative Translation Framework: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45586 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47288 | 7.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-42903 | 6.50 | Denial-of-Service                   | \n| CVE-2026-42914 | 5.30 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44810 | 8.40 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45636 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Universal Disk Format File System Driver (UDFS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40409 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40404 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42986 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45607 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-47652 | 8.20 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows NT OS Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42980 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42916 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44809 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Projected File System Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42828 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42837 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nUI Automation Manager (uiamanager.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45597 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows HTTP.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47291 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Kinect: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41092 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows SDK: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45593 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Media: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-48574 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Performance Monitor: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42981 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-42974 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45594 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-45604 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Administrator Protection: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42829 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nRole: Windows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45641 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-42972 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Narrator Braille: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-48565 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Server: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45634 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-45602 | 9.10 | Manipulatie van gegevens            | \n|----------------|------|-------------------------------------|\n\nWindows Internet (wininet.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45592 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42987 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nHTTP/2: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-49160 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42912 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42968 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Network Controller (NC) Host Agent: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44805 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-48566 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-45637 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42905 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44811 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44808 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44807 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42983 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44802 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44814 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-44813 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44804 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Boot Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47656 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Program Compatibility Assistant Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45487 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Storage: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47648 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Shell: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42906 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42907 | 6.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nActive Directory Domain Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45648 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-06-09T15:44:28.000000Z"}, {"uuid": "93f9e58e-aa86-4b80-ad15-5978ceea3d44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42834", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mmj6vlmfjn2s", "content": "\ud83d\udfe0 CVE-2026-42834 - High (7.8)\n\nImproper link resolution before file access ('link following') in Azure Portal Windows Admin Cent...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-42834/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-05-23T10:02:36.572994Z"}, {"uuid": "947ed00f-cbf3-4d6c-a7fb-f15a7efb48e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42836", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0181", "content": "Microsoft heeft een groot aantal kwetsbaarheden verholpen in Windows. Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot diverse categorie\u00ebn schade, zoals omschreven in onderstaande tabellen.\n\nTussen deze kwetsbaarheden zitten een zestal zeer ernstige, welke door Microsoft zijn ingeschaald met een CVSS score van 9 en hoger.\nDeze kwetsbaarheden bevinden zich in diverse componenten van Windows die bereikbaar en benaderbaar zijn vanaf netwerkverbindingen, zoals http.sys, DHCP, de Kernel en TCP/IP. Door de externe bereikbaarheid en de mogelijkheden tot uitvoer van willekeurige code, is het risico op grootschalig misbruik op korte termijn aanwezig. Op dit moment wordt (nog) geen actief misbruik waargenomen en is (nog) geen publieke Proof-of-Concept (PoC) of exploit bekend, maar het NCSC verwacht deze wel op korte termijn en adviseert daarom deze updates met spoed in te zetten.\n\n```\nWindows TCP/IP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42904 | 9.60 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42915 | 5.70 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows BitLocker: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45655 | 5.30 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-45658 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-50507 | 6.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Mark of the Web (MOTW): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45595 | 5.40 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Win32K - GRFX: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44803 | 7.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-44812 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Push Notifications: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42969 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42971 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42970 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42973 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42978 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42977 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42979 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42991 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Windows DNS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41108 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Port Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45640 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Ancillary Function Driver for WinSock: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-34335 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45601 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45598 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45596 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45638 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45603 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42911 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nFunction Discovery Service (fdwsd.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42836 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2025-10263 | 9.30 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45657 | 9.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-48583 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45653 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42984 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Secure Boot: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45588 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48568 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48570 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48573 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48575 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48576 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-48578 | 7.90 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45654 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nRemote Desktop Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47289 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-47653 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-47654 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-48563 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42909 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42913 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42992 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-44799 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-44801 | 7.50 | Uitvoeren van willekeurige code     | \n| CVE-2026-42985 | 8.80 | Uitvoeren van willekeurige code     | \n| CVE-2026-42993 | 7.50 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft UxTheme Library (uxtheme.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45606 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Kernel-Mode Drivers: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45600 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Client: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45608 | 6.80 | Toegang tot gevoelige gegevens      | \n| CVE-2026-44815 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nUniversal Plug and Play (upnp.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45599 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-45635 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Bluetooth Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45605 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows UEFI: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45656 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n| CVE-2026-8863  | 7.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Hotpatch Monitoring Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42910 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Azure Attestation service and Device Health Attestation Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-33828 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-45642 | 3.90 | Voordoen als andere gebruiker       | \n|----------------|------|-------------------------------------|\n\nWindows RDP: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45639 | 7.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42908 | 7.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWinlogon: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42989 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Collaborative Translation Framework: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45586 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Kerberos: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47288 | 7.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-42903 | 6.50 | Denial-of-Service                   | \n| CVE-2026-42914 | 5.30 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Cryptographic Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44810 | 8.40 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows NTFS: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45636 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Universal Disk Format File System Driver (UDFS): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-40409 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-40404 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nMicrosoft Graphics Component: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42986 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45607 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-47652 | 8.20 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows NT OS Kernel: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42980 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42916 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Common Log File System Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44809 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Projected File System Filter Driver: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42828 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42837 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nUI Automation Manager (uiamanager.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45597 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows HTTP.sys: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47291 | 9.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nMicrosoft Kinect: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-41092 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows SDK: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45593 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Media: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-48574 | 7.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Performance Monitor: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42981 | 8.10 | Uitvoeren van willekeurige code     | \n| CVE-2026-42974 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nWindows Application Identity (AppID) Subsystem: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45594 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-45604 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Administrator Protection: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42829 | 7.80 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nRole: Windows Hyper-V: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45641 | 8.40 | Uitvoeren van willekeurige code     | \n| CVE-2026-42972 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Narrator Braille: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-48565 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows DHCP Server: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45634 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-45602 | 9.10 | Manipulatie van gegevens            | \n|----------------|------|-------------------------------------|\n\nWindows Internet (wininet.dll): \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45592 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Deployment Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42987 | 8.10 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n\nHTTP/2: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-49160 | 7.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows Telephony Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42912 | 7.00 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42968 | 5.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nWindows Network Controller (NC) Host Agent: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-44805 | 5.50 | Denial-of-Service                   | \n|----------------|------|-------------------------------------|\n\nWindows DWM Core Library: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-48566 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-45637 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42905 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44811 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44808 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44807 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-42983 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44802 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44814 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-44813 | 7.80 | Verkrijgen van verhoogde rechten    | \n| CVE-2026-44804 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Boot Manager: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47656 | 7.90 | Omzeilen van beveiligingsmaatregel  | \n|----------------|------|-------------------------------------|\n\nWindows Program Compatibility Assistant Service: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45487 | 7.80 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Storage: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-47648 | 7.00 | Verkrijgen van verhoogde rechten    | \n|----------------|------|-------------------------------------|\n\nWindows Shell: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-42906 | 5.50 | Toegang tot gevoelige gegevens      | \n| CVE-2026-42907 | 6.50 | Toegang tot gevoelige gegevens      | \n|----------------|------|-------------------------------------|\n\nActive Directory Domain Services: \n|----------------|------|-------------------------------------|\n| CVE-ID         | CVSS | Impact                              |\n|----------------|------|-------------------------------------|\n| CVE-2026-45648 | 8.80 | Uitvoeren van willekeurige code     | \n|----------------|------|-------------------------------------|\n```", "creation_timestamp": "2026-06-09T15:44:28.000000Z"}, {"uuid": "69ea8677-c408-4d35-a626-2b2920a6390e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42835", "type": "seen", "source": "https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review", "content": "I\u2019ve made it through Pwn2Own Berlin, had a little vacation, and now I\u2019m back for Patch Tuesday. Microsoft and Adobe didn\u2019t disappoint. In fact, they have heralded my return with the largest Patch Tuesday release ever. Thanks? Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. If you\u2019d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.\nAdobe Patches for June 2026\nFor May, June released 11 bulletins addressing 123 unique CVEs in Adobe Acrobat Reader, ColdFusion, Experience Manager, Experience Manager Forms, InDesign, InCopy, Substance 3D Sampler, Content Credentials SDK, Dreamweaver, Format Plugins, and Adobe Campaign Classic.\nHere\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-66\n    Adobe Campaign Classic\n    2\n    Critical\n    10.0\n    No\n    1\n  \n  \n    APSB26-64\n    Adobe ColdFusion\n    7\n    Critical\n    9.6\n    No\n    1\n  \n  \n    APSB26-63\n    Adobe Acrobat Reader\n    20\n    Critical\n    7.8\n    No\n    2\n  \n  \n    APSB26-57\n    Adobe Experience Manager Forms\n    3\n    Critical\n    9.3\n    No\n    2\n  \n  \n    APSB26-62\n    Adobe Dreamweaver\n    5\n    Critical\n    8.6\n    No\n    3\n  \n  \n    APSB26-65\n    Adobe Format Plugins\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-59\n    Adobe InCopy\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-58\n    Adobe InDesign\n    12\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-60\n    Adobe Substance 3D Sampler\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-61\n    Content Credentials SDK\n    8\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-56\n    Adobe Experience Manager\n    57\n    Important\n    5.4\n    No\n    3\n  \n\n    TOTAL\n    11 bulletins\n    123\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nObviously, the update for Campaign Classic should be on the top of your deployment list if you\u2019re a user. A CVSS 10 is rare; two in the same bulletin is pretty much a unicorn. Adobe says there are no active attacks, but I would expect heavy research into creating one. The update for Coldfusion is also a Priority 1, but again, no known attacks is the wild. I suspect the Reader patch will also receive a lot of attention as malicious PDFs are common in ransomware attacks. The update for Experience Manager may be large, but it\u2019s mostly just cross-site scripting (XSS) bugs.\nMicrosoft Patches for June 2026\nThis month, Microsoft released a new record 208 CVEs Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Github Copilot, Defender, Exchange Server, Hyper-V, Secure Boot, and BitLocker. At least, that\u2019s my count. Microsoft\u2019s tools seem to be having some issues, as they initially included a CVE from 2020 in this release. Regardless, the count is over 200, and I counted several times.\nOne of these bugs came through the ZDI program, but bugs submitted during Pwn2Own Berlin remain unpatched. If you include the Chromium and other third-party bugs, the total CVE count for June comes to a staggering 571 CVEs. 38 of these cases are rated Critical while the rest are rated Important in severity.\nI\u2019ve been counting CVEs on Patch Tuesday since 2017, and this is by far the largest monthly release in that time. The previous record was 177 set last year. It is extraordinary that Microsoft can produce so many patches in a single month, but it does raise concerns. How many of these cases were found using AI tools? How many patches were generated using AI to assist in coding or testing? What quality issues may exist in these patches? And likely most importantly, is this the new normal? The last two months were also large releases. Should sysadmins adjust their processes for prioritization and patch deployment based on this new volume of updates? Unfortunately, Microsoft is not providing those answers right now. Hopefully that changes in the future. BTW \u2013 just a note \u2013 the current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018.\nOne of the bugs patched by Microsoft this month is listed as under active exploitation and three others are listed as publicly known at the time of release. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with the bug being exploited in the wild.\n-   CVE-2026-41091 - Microsoft Defender Elevation of Privilege VulnerabilitySince Microsoft doesn\u2019t provide info on how widespread exploitation is, we must read some tea leaves. For this patch, several different people were acknowledged, which indicates multiple parties say this is in the wild, meaning exploitation is likely significant. The good news is that most people won\u2019t need to take action as Defender updates itself. However, if you don\u2019t have this configured or are in an isolated environment, you\u2019ll need to update to the latest version.\n-    CVE-2026-45657 - Windows Kernel Remote Code Execution VulnerabilityThis CVSS 9.8 bug allows remote, unauthenticated attackers to execute code at SYSTEM level without user interaction. Yup \u2013 this is wormable. The problem lies in the way the kernel handles TCP/IP. This was listed as \u201cExploitation Less Likely\u201d by Microsoft, but rest assured that every researcher and bug shop on the planet is reversing this patch right now trying to create an exploit. Test and deploy this patch quickly.\n-    CVE-2026-47291 - HTTP.sys Remote Code Execution VulnerabilityOur second CVSS 9.8 bug of the month, this also allows remote, unauthenticated attackers to execute code on affected systems without user interaction. However, there is a caveat. Systems using the default MaxRequestBytes registry value used by the Windows HTTP stack are not affected by this bug. You can edit your registry settings if you need protection while you test and deploy the patch. The bulletin includes instructions and even a PowerShell script for doing this action. Microsoft lists this as \u201cExploitation more likely\u201d, so I would definitely check your registry settings.\n-    CVE-2026-44815 - DHCP Client Service Remote Code Execution VulnerabilityHere\u2019s another CVSS 9.8 that has an odd incongruity. Although the CVSS says no permissions are required for exploitation, the write-up states it must be an \u201cauthenticated\u201d user. I would err on the side of caution here and believe the CVSS. If that\u2019s correct, then we have another bug where a remote, unauthenticated attacker could execute code on affected systems without user interaction. And since the DHCP client is on every OS, it\u2019s a juicy target. This is another one to test and deploy with haste.\n-    CVE-2026-45585/CVE-2026-50507 - Windows BitLocker Security Feature Bypass VulnerabilityIf you\u2019ve followed the ongoing saga of Nightmare Eclipse vs. MSRC, the bugs should look familiar. One is definitely a fix for \u201cYellowKey\u201d, while the other appears to be a fix for \u201cGreenPlasma\u201d. The researcher has promised a \u201cbone shattering\u201d drop on June 14, so let\u2019s hope Microsoft is able to reach some understanding with the researcher before more 0-days are released. Also, there is a script provided by Microsoft as a mitigation, but the better strategy is to test and deploy the updates.\n Here\u2019s the full list of CVEs released by Microsoft for June 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"6\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  XI\n  Type\n \n \n  <span>CVE-2026-41091</span>\n  Microsoft Defender\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  Yes\n  Yes\n  0\n  EoP\n \n \n  <span>CVE-2026-49160</span>\n  HTTP.sys Denial of\n  Service Vulnerability\n  Important\n  7.5\n  Yes\n  No\n  1\n  DoS\n \n \n  <span>CVE-2026-50507</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  6.8\n  Yes\n  No\n  1\n  SFB\n \n \n  <span>CVE-2026-45586</span>\n  Windows Collaborative\n  Translation Framework (CTFMON) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  Yes\n  No\n  1\n  EoP\n \n \n  <span>CVE-2025-10263 *</span>\n  ARM: CVE-2025-10263\n  Completion of affected memory accesses might not be guaranteed by completion\n  of a TLBI [kernel]\n  Critical\n  9.3\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48567</span>\n  Azure HorizonDB<span>  </span>Elevation of Privilege Vulnerability\n  Critical\n  10\n  No\n  No\n  N/A\n  EoP\n \n \n  <span>CVE-2026-32193</span>\n  Azure Kubernetes\n  Service (AKS) Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-47644</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44815</span>\n  DHCP Client Service\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47291</span>\n  HTTP.sys Remote Code\n  Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-42824</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-45476</span>\n  Microsoft Azure\n  Network Adapter Elevation of Privilege Vulnerability\n  Critical\n  8.2\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44810</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48579</span>\n  Microsoft Exchange\n  Online Information Disclosure Vulnerability\n  Critical\n  9.1\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-47655</span>\n  Microsoft Graph\n  Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-45497</span>\n  Microsoft M365 Copilot\n  Remote Code Execution Vulnerability\n  Critical\n  7.7\n  No\n  No\n  N/A\n  RCE\n \n \n  <span>CVE-2026-45460</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Critical\n  4.7\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45472</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45474</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45461</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45463</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45456</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45458</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47635</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-26142</span>\n  Nuance PowerScribe\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47289</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47654</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-48563</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42992</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44799</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44801</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42985</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-45648</span>\n  Windows Active\n  Directory Domain Services Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42987</span>\n  Windows Deployment\n  Services (WDS) Remote Code Execution\n  Critical\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-33828</span>\n  Windows Device Health\n  Attestation (DHA) Elevation of Privilege Vulnerability\n  Critical\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-44803</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-44812</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-45607</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45641</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47652</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.2\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47288</span>\n  Windows Kerberos Key\n  Distribution Center (KDC) Remote Code Execution\n  Critical\n  7.1\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-45657</span>\n  Windows Kernel Remote\n  Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-48574</span>\n  Windows Media Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45490</span>\n  .NET SDK Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45491</span>\n  .NET Tampering\n  Vulnerability\n  Important\n  6.2\n  No\n  No\n  3\n  Tampering\n \n \n  <span>CVE-2026-45591</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-47643</span>\n  Azure Stack Edge\n  Remote Code Execution Vulnerability\n  Important\n  9.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-41098</span>\n  Azure Stack Edge\n  Spoofing Vulnerability\n  Important\n  8.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45642</span>\n  Microsoft Azure\n  Attestation service and Device Health Attestation Service Spoofing\n  Vulnerability\n  Important\n  3.9\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45650</span>\n  Microsoft Bing Search\n  Spoofing Vulnerability\n  Important\n  4.3\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45637</span>\n  Microsoft DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45647</span>\n  Microsoft Defender for\n  Endpoint for Mac Elevation of Privilege Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-40371</span>\n  Microsoft Dynamics 365\n  (on-premises) Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44822</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  8.2\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45455</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45469</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44817</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-44818</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44820</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44823</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45459</span>\n  Microsoft Excel\n  Security Feature Bypass Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45504</span>\n  Microsoft Exchange\n  Server Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45502</span>\n  Microsoft Exchange\n  Server Information Disclosure Vulnerability\n  Important\n  5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45503</span>\n  Microsoft Exchange\n  Server Information Disclosure Vulnerability\n  Important\n  8.1\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45583</span>\n  Microsoft Exchange\n  Server Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45500</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  6.1\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45501</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47631</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-42986</span>\n  Microsoft Graphics\n  Component Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-41092</span>\n  Microsoft Kinect\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45644</span>\n  Microsoft Live Share\n  Canvas SDK Elevation of Privilege Vulnerability\n  Important\n  8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47293</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45485</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44821</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45483</span>\n  Microsoft Office\n  Project Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45475</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44819</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44824</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45645</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-49161</span>\n  Microsoft PC Manager\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  SFB\n \n \n  <span>CVE-2026-42902</span>\n  Microsoft PowerToys\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45484</span>\n  Microsoft SharePoint\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45454</span>\n  Microsoft SharePoint\n  Remote Code Execution Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47298</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45467</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45468</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45479</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45453</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47636</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47637</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47638</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47639</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-47641</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-33113</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45462</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45464</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45465</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47634</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  7.3\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-47640</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-45481</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  7.3\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-48560</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-48562</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-42835</span>\n  Microsoft Teams for\n  Android Information Disclosure Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45606</span>\n  Microsoft UxTheme\n  Library (uxtheme.dll) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-45482</span>\n  Microsoft Visual\n  Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability\n  Important\n  8.4\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45466</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45471</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45486</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45643</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45457</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42980</span>\n  NT OS Kernel Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-42916</span>\n  NT OS Kernel Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45649</span>\n  Office for Android\n  Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-47653</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42909</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42913</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42993</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45588</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48568</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48570</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48573</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48575</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48576</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48578</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45654</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45656</span>\n  UEFI Secure Boot\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-8863</span>\n  UEFI Secure Boot\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-40376</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47281</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  9.6\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-47284</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-47292</span>\n  Visual Studio Code\n  MSSQL Extension Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-48569</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  7.1\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-47287</span>\n  Visual Studio Code\n  Tampering Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Tampering\n \n \n  <span>CVE-2026-42829</span>\n  Windows Administrator\n  Protection Secure Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  \n \n \n  <span>CVE-2026-34335</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45601</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45598</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45596</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45638</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45603</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42911</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45594</span>\n  Windows Application\n  Identity (AppID) Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45655</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  5.3\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45658</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  SFB\n \n \n  <span>CVE-2026-45640</span>\n  Windows Bluetooth Port\n  Driver Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45605</span>\n  Windows Bluetooth\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47656</span>\n  Windows Boot Manager\n  Security Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-44809</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45634</span>\n  Windows DHCP Client\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45608</span>\n  Windows DHCP Client\n  Information Disclosure Vulnerability\n  Important\n  6.8\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-41108</span>\n  Windows DNS Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42905</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-44811</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44808</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44807</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42983</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44802</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44813</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44804</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48566</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44814</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45602</span>\n  Windows Dynamic Host\n  Configuration Protocol (DHCP) Tampering Vulnerability\n  Important\n  9.1\n  No\n  No\n  2\n  Tampering\n \n \n  <span>CVE-2026-42836</span>\n  Windows Function\n  Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42910</span>\n  Windows Hotpatch\n  Monitoring Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42972</span>\n  Windows Hyper-V\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45592</span>\n  Windows Internet\n  (wininet.dll) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42903</span>\n  Windows Kerberos\n  Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  3\n  DoS\n \n \n  <span>CVE-2026-42914</span>\n  Windows Kerberos\n  Denial of Service Vulnerability\n  Important\n  5.3\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-48583</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45653</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42984</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45600</span>\n  Windows Kernel-Mode\n  Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45604</span>\n  Windows Managed\n  Installer Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45595</span>\n  Windows Mark of the\n  Web Security Feature Bypass Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45636</span>\n  Windows NTFS Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-50508</span>\n  Windows NTLM Spoofing\n  Vulnerability\n  Important\n  6.5\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-48565</span>\n  Windows Narrator\n  Braille Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44805</span>\n  Windows Network\n  Controller (NC) Host Agent Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  DoS\n \n \n  <span>CVE-2026-42981</span>\n  Windows Performance\n  Monitor Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42974</span>\n  Windows Performance\n  Monitor Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45487</span>\n  Windows Program\n  Compatibility Assistant Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42828</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42837</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42969</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-42971</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42970</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42973</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42978</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42977</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42979</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42991</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45639</span>\n  Windows Remote Desktop\n  Protocol (RDP) Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42908</span>\n  Windows Remote Desktop\n  Protocol (RDP) Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45593</span>\n  Windows SDK Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42906</span>\n  Windows Shell\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42907</span>\n  Windows Shell\n  Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-47648</span>\n  Windows Storage\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42915</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  5.7\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-42904</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  9.6\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42968</span>\n  Windows Telephony\n  Server Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42912</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45597</span>\n  Windows UI Automation\n  Manager (uiamanager.dll) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45599</span>\n  Windows UPnP Device\n  Host Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45635</span>\n  Windows UPnP Device\n  Host Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-40409</span>\n  Windows Universal Disk\n  Format File System Driver (UDFS) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-40404</span>\n  Windows Universal Disk\n  Format File System Driver (UDFS) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42989</span>\n  Winlogon\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n \n  \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this release, the scariest-looking one is actually nothing to concern yourself with at all. The CVSS 10 bug in Azure HorizonDB has already been addressed by Microsoft and is just being documented now. That\u2019s also the case for five others. Of course, there wouldn\u2019t be a release without Office bugs that have the Preview Pane as an attack vector. There are multiple in June. There\u2019s a handful of bugs in the Remote Desktop Client, but these rely on connecting to a malicious RDP server. There are three patches for Hyper-V that allow for guest-to-host code execution. The bug in Active Directory requires authentication, but any authenticated user can hit it. For the Windows Directory Service vulnerability, it needs to be listening for TFTP. You have blocked that everywhere, right? The bug in Azure Network Adapter is somewhat unique as you need to update your Linux kernel to be protected. The bug in Azure Kubernetes allows an attacker to break out of a container and gain control of the AKS worker node. Finally, the bug in the Kerberos Key Distribution Center (KDC) seems unlikely, but if exploited, it could allow authenticated attackers to get code execution on affected systems.\nMoving on to the other code execution bugs, there are the ubiquitous open-an-own bugs in Office components like Excel and Word. The code injection bug in Exchange Server looks troubling, but it requires a machine-in-the-middle (MiTM), so exploitation is unlikely. The bugs in SharePoint require authentication, but you should note that the patch applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. The two bugs in UPnP are interesting. Both can lead to code execution by causing an error during the handling of specially crafted data, which could lead to a Use After Free (UAF) bug. The bugs in RDP Client all require connecting to a malicious RDP server, but it\u2019s not clear why some are rated Critical and some are rated Important. The NTFS vulnerability requires a user to mount a virtual hard drive on an affected system. The last RCE bug this month is in Azure Stack Edge and requires the attacker to send a specially crafted file upload request that includes a manipulated file name or path, leading to code execution.\nThere are more than 60 Elevation of Privilege (EoP) bugs in this month\u2019s release, and as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. A notable exception is in Exchange Server, where a user on Outlook Web Access (OWA) could gain access to other mailboxes. The bug in Visual Studio Code could allow attackers to gain permissions associated with the MCP Server\u2019s managed identity. The bugs in Windows SDK and Windows UI Automation Manager could let attacker go from low integrity up to medium integrity code execution. The bug in Bluetooth just allows \u201celevated\u201d privileges without really describing what elevated might be. \nMoving on to the more than 20 security feature bypass (SFB) bugs in the June release, there are a total of 10 that impact Secure Boot. All carry scope change (S:C) in the CVSS, meaning successful exploitation affects security boundaries beyond the vulnerable component itself \u2014 specifically the ability to load untrusted code at boot, bypass Virtual Secure Mode, and undermine boot integrity guarantees. CVE-2026-45654 explicitly calls out VSM exposure. The bulk of these are credited to Alon Leviev (STORM), which is notable given his prior BootKitty/BlackLotus-adjacent research. The bugs in the Windows Boot Manager have a similar impact as the Secure Boot bugs. The UEFI Secure Boot vulnerabilities go a layer deeper. They require either local admin or physical access but could allow for the running of untrusted code even before the OS loads. Rootkits anyone? The four bugs in BitLocker all require physical access but could yield encrypted data if exploited. The bug in Windows Administration Protection allows attackers to bypass the feature that prevents standard-user apps from performing admin-level actions. The bug in Visual Studio Copilot Chat could be the most interesting non-boot bug here as it allows authentication impersonation. Mark of the Web (MotW) and Excel vulns could bypass user warnings. Lastly, the bug in PC Manager bypasses expected user controls. \nTurning our attention to the mass of spoofing bugs in the release, we instantly see 18 impacting SharePoint Server. Fortunately, these are simply cross-site scripting (XSS) bugs. It\u2019s the Exchange bugs we should really watch for. One is an XSS that an attacker can exploit by convincing an Exchange administrator to open a malicious link or message, which then runs code in the admin's web session. That's a meaningful privilege escalation path. Another is listed as an SSRF-based attack, but no other details are available. The last is a lower-impact XSS with limited confidentiality/integrity loss. The bug in Bing Search (remember Bing?) is a classic search result spoofing. The bug in Azure Stack Edge is interesting as it could allow access to resources outside the vulnerable component's security boundary. The bug in Office for Android requires user interaction. The Office Project Server bug is an authenticated XSS with low impact. The final spoofing bug is in Azure Attestation but has already been addressed. You should still verify you are protected by following the instructions in the write-up from Microsoft.\nThere are 30 different information disclosure bugs in this release, and fortunately, the vast majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The two bugs in Visual Studio require user interaction and could \u201cdisclose information over a network.\u201d How obtuse. The bug in GitHub Copilot and Visual Studio Code could disclose discloses a sign-in access token for a user's work account. That's a meaningful credential exposure, not just random memory. That leaves the two bugs in Exchange Server. One could allow an authenticated user to gain information about which network services that the Exchange server can reach. The other sounds much like the spoofing bug in OWA as it allows attackers to see information in mailboxes they should not have access to.\nI\u2019ve never been a fan of the \u201ctampering\u201d category, as it could mean so many different things. For example, the bug in .NET simply says it could allow an unauthorized attacker to perform tampering locally. Similarly, the bug in Visual Studio says the same, expect here the tampering occurs over a network. Microsoft doesn\u2019t even bother with a CWE for the tampering bug in the DHCP Server, so your guess is as good as mine.\nThere are seven DoS bugs in the June release, and as usual, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting is the bug in HTTP.sys, which is listed as publicly known. This is an uncontrolled resource consumption, rated \"Exploitation More Likely,\" and publicly disclosed. Since, HTTP.sys sits at the core of IIS and Windows web services, a network-accessible DoS here can take down any Windows server running HTTP-based services. Based on the Acknowledgement, it looks like this bug may have been found using AI. There are no real details for the other bugs, but based simply on the impact, I would focus on the Kerberos and TCP/IP bugs if you had to prioritize.\nNo new advisories are being released this month.\nLooking Ahead\nThe next Patch Tuesday will be on July 14 and will be the last one before Black Hat/DEFCON. It\u2019s usually a big release, so strap in and hang on. I\u2019ll be back then to give you my full thoughts. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!\n ", "creation_timestamp": "2026-06-09T16:12:18.000000Z"}, {"uuid": "5fa91dab-bc9d-41a2-a6f3-e56eeee29efc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-42835", "type": "seen", "source": "https://advisories.ncsc.nl/advisory?id=NCSC-2026-0182", "content": "", "creation_timestamp": "2026-06-09T11:04:53.000000Z"}, {"uuid": "39f831c1-3f8c-4f9e-b93e-f48b648a52e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-42837", "type": "seen", "source": "https://www.thezdi.com/blog/2026/6/9/the-june-2026-security-update-review", "content": "I\u2019ve made it through Pwn2Own Berlin, had a little vacation, and now I\u2019m back for Patch Tuesday. Microsoft and Adobe didn\u2019t disappoint. In fact, they have heralded my return with the largest Patch Tuesday release ever. Thanks? Take a break from your regularly scheduled activities and let\u2019s take a look at the latest security patches from Adobe and Microsoft. If you\u2019d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release.\nAdobe Patches for June 2026\nFor May, June released 11 bulletins addressing 123 unique CVEs in Adobe Acrobat Reader, ColdFusion, Experience Manager, Experience Manager Forms, InDesign, InCopy, Substance 3D Sampler, Content Credentials SDK, Dreamweaver, Format Plugins, and Adobe Campaign Classic.\nHere\u2019s this month\u2019s overview table:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n<colgroup>\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n  <col />\n</colgroup>\n\n<tfoot>\n  \n</tfoot>\n\n\n  \n    Bulletin ID\n    Product\n    CVE Count\n    Highest Severity\n    Highest CVSS\n    Exploited\n    Deployment Priority\n  \n\n\n  \n    APSB26-66\n    Adobe Campaign Classic\n    2\n    Critical\n    10.0\n    No\n    1\n  \n  \n    APSB26-64\n    Adobe ColdFusion\n    7\n    Critical\n    9.6\n    No\n    1\n  \n  \n    APSB26-63\n    Adobe Acrobat Reader\n    20\n    Critical\n    7.8\n    No\n    2\n  \n  \n    APSB26-57\n    Adobe Experience Manager Forms\n    3\n    Critical\n    9.3\n    No\n    2\n  \n  \n    APSB26-62\n    Adobe Dreamweaver\n    5\n    Critical\n    8.6\n    No\n    3\n  \n  \n    APSB26-65\n    Adobe Format Plugins\n    2\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-59\n    Adobe InCopy\n    3\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-58\n    Adobe InDesign\n    12\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-60\n    Adobe Substance 3D Sampler\n    4\n    Critical\n    7.8\n    No\n    3\n  \n  \n    APSB26-61\n    Content Credentials SDK\n    8\n    Critical\n    7.5\n    No\n    3\n  \n  \n    APSB26-56\n    Adobe Experience Manager\n    57\n    Important\n    5.4\n    No\n    3\n  \n\n    TOTAL\n    11 bulletins\n    123\n    \n    \n    \n    \n  \n\n\n\n  \n\n\n\n\n  \nObviously, the update for Campaign Classic should be on the top of your deployment list if you\u2019re a user. A CVSS 10 is rare; two in the same bulletin is pretty much a unicorn. Adobe says there are no active attacks, but I would expect heavy research into creating one. The update for Coldfusion is also a Priority 1, but again, no known attacks is the wild. I suspect the Reader patch will also receive a lot of attention as malicious PDFs are common in ransomware attacks. The update for Experience Manager may be large, but it\u2019s mostly just cross-site scripting (XSS) bugs.\nMicrosoft Patches for June 2026\nThis month, Microsoft released a new record 208 CVEs Windows and Windows components, Office and Office Components, Microsoft Edge (Chromium-based), Azure, .NET and Visual Studio, Github Copilot, Defender, Exchange Server, Hyper-V, Secure Boot, and BitLocker. At least, that\u2019s my count. Microsoft\u2019s tools seem to be having some issues, as they initially included a CVE from 2020 in this release. Regardless, the count is over 200, and I counted several times.\nOne of these bugs came through the ZDI program, but bugs submitted during Pwn2Own Berlin remain unpatched. If you include the Chromium and other third-party bugs, the total CVE count for June comes to a staggering 571 CVEs. 38 of these cases are rated Critical while the rest are rated Important in severity.\nI\u2019ve been counting CVEs on Patch Tuesday since 2017, and this is by far the largest monthly release in that time. The previous record was 177 set last year. It is extraordinary that Microsoft can produce so many patches in a single month, but it does raise concerns. How many of these cases were found using AI tools? How many patches were generated using AI to assist in coding or testing? What quality issues may exist in these patches? And likely most importantly, is this the new normal? The last two months were also large releases. Should sysadmins adjust their processes for prioritization and patch deployment based on this new volume of updates? Unfortunately, Microsoft is not providing those answers right now. Hopefully that changes in the future. BTW \u2013 just a note \u2013 the current number of CVEs shipped by Microsoft this year exceeds the total number of CVEs shipped in all of 2018.\nOne of the bugs patched by Microsoft this month is listed as under active exploitation and three others are listed as publicly known at the time of release. Let\u2019s take a closer look at some of the more interesting updates for this month, starting with the bug being exploited in the wild.\n-   CVE-2026-41091 - Microsoft Defender Elevation of Privilege VulnerabilitySince Microsoft doesn\u2019t provide info on how widespread exploitation is, we must read some tea leaves. For this patch, several different people were acknowledged, which indicates multiple parties say this is in the wild, meaning exploitation is likely significant. The good news is that most people won\u2019t need to take action as Defender updates itself. However, if you don\u2019t have this configured or are in an isolated environment, you\u2019ll need to update to the latest version.\n-    CVE-2026-45657 - Windows Kernel Remote Code Execution VulnerabilityThis CVSS 9.8 bug allows remote, unauthenticated attackers to execute code at SYSTEM level without user interaction. Yup \u2013 this is wormable. The problem lies in the way the kernel handles TCP/IP. This was listed as \u201cExploitation Less Likely\u201d by Microsoft, but rest assured that every researcher and bug shop on the planet is reversing this patch right now trying to create an exploit. Test and deploy this patch quickly.\n-    CVE-2026-47291 - HTTP.sys Remote Code Execution VulnerabilityOur second CVSS 9.8 bug of the month, this also allows remote, unauthenticated attackers to execute code on affected systems without user interaction. However, there is a caveat. Systems using the default MaxRequestBytes registry value used by the Windows HTTP stack are not affected by this bug. You can edit your registry settings if you need protection while you test and deploy the patch. The bulletin includes instructions and even a PowerShell script for doing this action. Microsoft lists this as \u201cExploitation more likely\u201d, so I would definitely check your registry settings.\n-    CVE-2026-44815 - DHCP Client Service Remote Code Execution VulnerabilityHere\u2019s another CVSS 9.8 that has an odd incongruity. Although the CVSS says no permissions are required for exploitation, the write-up states it must be an \u201cauthenticated\u201d user. I would err on the side of caution here and believe the CVSS. If that\u2019s correct, then we have another bug where a remote, unauthenticated attacker could execute code on affected systems without user interaction. And since the DHCP client is on every OS, it\u2019s a juicy target. This is another one to test and deploy with haste.\n-    CVE-2026-45585/CVE-2026-50507 - Windows BitLocker Security Feature Bypass VulnerabilityIf you\u2019ve followed the ongoing saga of Nightmare Eclipse vs. MSRC, the bugs should look familiar. One is definitely a fix for \u201cYellowKey\u201d, while the other appears to be a fix for \u201cGreenPlasma\u201d. The researcher has promised a \u201cbone shattering\u201d drop on June 14, so let\u2019s hope Microsoft is able to reach some understanding with the researcher before more 0-days are released. Also, there is a script provided by Microsoft as a mitigation, but the better strategy is to test and deploy the updates.\n Here\u2019s the full list of CVEs released by Microsoft for June 2026:\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n  \n  \n\n\n\n\n  \n    \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n <col width=\"144\" />\n <col width=\"256\" />\n <col span=\"6\" width=\"104\" />\n \n\n  CVE\n  Title\n  Severity\n  CVSS\n  Public\n  Exploited\n  XI\n  Type\n \n \n  <span>CVE-2026-41091</span>\n  Microsoft Defender\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  Yes\n  Yes\n  0\n  EoP\n \n \n  <span>CVE-2026-49160</span>\n  HTTP.sys Denial of\n  Service Vulnerability\n  Important\n  7.5\n  Yes\n  No\n  1\n  DoS\n \n \n  <span>CVE-2026-50507</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  6.8\n  Yes\n  No\n  1\n  SFB\n \n \n  <span>CVE-2026-45586</span>\n  Windows Collaborative\n  Translation Framework (CTFMON) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  Yes\n  No\n  1\n  EoP\n \n \n  <span>CVE-2025-10263 *</span>\n  ARM: CVE-2025-10263\n  Completion of affected memory accesses might not be guaranteed by completion\n  of a TLBI [kernel]\n  Critical\n  9.3\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48567</span>\n  Azure HorizonDB<span>  </span>Elevation of Privilege Vulnerability\n  Critical\n  10\n  No\n  No\n  N/A\n  EoP\n \n \n  <span>CVE-2026-32193</span>\n  Azure Kubernetes\n  Service (AKS) Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-47644</span>\n  Copilot Chat\n  (Microsoft Edge) Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44815</span>\n  DHCP Client Service\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47291</span>\n  HTTP.sys Remote Code\n  Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-42824</span>\n  M365 Copilot\n  Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-45476</span>\n  Microsoft Azure\n  Network Adapter Elevation of Privilege Vulnerability\n  Critical\n  8.2\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44810</span>\n  Microsoft\n  Cryptographic Services Elevation of Privilege Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48579</span>\n  Microsoft Exchange\n  Online Information Disclosure Vulnerability\n  Critical\n  9.1\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-47655</span>\n  Microsoft Graph\n  Information Disclosure Vulnerability\n  Critical\n  6.5\n  No\n  No\n  N/A\n  Info\n \n \n  <span>CVE-2026-45497</span>\n  Microsoft M365 Copilot\n  Remote Code Execution Vulnerability\n  Critical\n  7.7\n  No\n  No\n  N/A\n  RCE\n \n \n  <span>CVE-2026-45460</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Critical\n  4.7\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45472</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45474</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45461</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45463</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45456</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45458</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47635</span>\n  Microsoft Outlook and\n  Word Remote Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-26142</span>\n  Nuance PowerScribe\n  Remote Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47289</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47654</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-48563</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42992</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44799</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44801</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42985</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-45648</span>\n  Windows Active\n  Directory Domain Services Remote Code Execution Vulnerability\n  Critical\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42987</span>\n  Windows Deployment\n  Services (WDS) Remote Code Execution\n  Critical\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-33828</span>\n  Windows Device Health\n  Attestation (DHA) Elevation of Privilege Vulnerability\n  Critical\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-44803</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-44812</span>\n  Windows Graphics\n  Component Remote Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  1\n  RCE\n \n \n  <span>CVE-2026-45607</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45641</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.4\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47652</span>\n  Windows Hyper-V Remote\n  Code Execution Vulnerability\n  Critical\n  8.2\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47288</span>\n  Windows Kerberos Key\n  Distribution Center (KDC) Remote Code Execution\n  Critical\n  7.1\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-45657</span>\n  Windows Kernel Remote\n  Code Execution Vulnerability\n  Critical\n  9.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-48574</span>\n  Windows Media Remote\n  Code Execution Vulnerability\n  Critical\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45490</span>\n  .NET SDK Elevation of\n  Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45491</span>\n  .NET Tampering\n  Vulnerability\n  Important\n  6.2\n  No\n  No\n  3\n  Tampering\n \n \n  <span>CVE-2026-45591</span>\n  ASP.NET Core Denial of\n  Service Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-47643</span>\n  Azure Stack Edge\n  Remote Code Execution Vulnerability\n  Important\n  9.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-41098</span>\n  Azure Stack Edge\n  Spoofing Vulnerability\n  Important\n  8.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45642</span>\n  Microsoft Azure\n  Attestation service and Device Health Attestation Service Spoofing\n  Vulnerability\n  Important\n  3.9\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45650</span>\n  Microsoft Bing Search\n  Spoofing Vulnerability\n  Important\n  4.3\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45637</span>\n  Microsoft DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45647</span>\n  Microsoft Defender for\n  Endpoint for Mac Elevation of Privilege Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-40371</span>\n  Microsoft Dynamics 365\n  (on-premises) Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44822</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  8.2\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45455</span>\n  Microsoft Excel\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45469</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44817</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-44818</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44820</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44823</span>\n  Microsoft Excel Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45459</span>\n  Microsoft Excel\n  Security Feature Bypass Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45504</span>\n  Microsoft Exchange\n  Server Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45502</span>\n  Microsoft Exchange\n  Server Information Disclosure Vulnerability\n  Important\n  5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45503</span>\n  Microsoft Exchange\n  Server Information Disclosure Vulnerability\n  Important\n  8.1\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45583</span>\n  Microsoft Exchange\n  Server Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45500</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  6.1\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45501</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47631</span>\n  Microsoft Exchange\n  Server Spoofing Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-42986</span>\n  Microsoft Graphics\n  Component Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-41092</span>\n  Microsoft Kinect\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45644</span>\n  Microsoft Live Share\n  Canvas SDK Elevation of Privilege Vulnerability\n  Important\n  8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47293</span>\n  Microsoft Office\n  Click-To-Run Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45485</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44821</span>\n  Microsoft Office\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45483</span>\n  Microsoft Office\n  Project Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45475</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44819</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-44824</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45645</span>\n  Microsoft Office\n  Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-49161</span>\n  Microsoft PC Manager\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  SFB\n \n \n  <span>CVE-2026-42902</span>\n  Microsoft PowerToys\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45484</span>\n  Microsoft SharePoint\n  Elevation of Privilege Vulnerability\n  Important\n  8.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45454</span>\n  Microsoft SharePoint\n  Remote Code Execution Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-47298</span>\n  Microsoft SharePoint\n  Server Remote Code Execution Vulnerability\n  Important\n  8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45467</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45468</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45479</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45453</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47636</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47637</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47638</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47639</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-47641</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-33113</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45462</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45464</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-45465</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-47634</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  7.3\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-47640</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-45481</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  7.3\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-48560</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-48562</span>\n  Microsoft SharePoint\n  Server Spoofing Vulnerability\n  Important\n  4.6\n  No\n  No\n  2\n  Spoofing\n \n \n  <span>CVE-2026-42835</span>\n  Microsoft Teams for\n  Android Information Disclosure Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45606</span>\n  Microsoft UxTheme\n  Library (uxtheme.dll) Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-45482</span>\n  Microsoft Visual\n  Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability\n  Important\n  8.4\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45466</span>\n  Microsoft Word\n  Information Disclosure Vulnerability\n  Important\n  3.3\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45471</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45486</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45643</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45457</span>\n  Microsoft Word Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42980</span>\n  NT OS Kernel Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-42916</span>\n  NT OS Kernel Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45649</span>\n  Office for Android\n  Spoofing Vulnerability\n  Important\n  7.1\n  No\n  No\n  3\n  Spoofing\n \n \n  <span>CVE-2026-47653</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  8.8\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42909</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42913</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  3\n  RCE\n \n \n  <span>CVE-2026-42993</span>\n  Remote Desktop Client\n  Remote Code Execution Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45588</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48568</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48570</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48573</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48575</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48576</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-48578</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45654</span>\n  Secure Boot Security\n  Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45656</span>\n  UEFI Secure Boot\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-8863</span>\n  UEFI Secure Boot\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-40376</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47281</span>\n  Visual Studio Code\n  Elevation of Privilege Vulnerability\n  Important\n  9.6\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-47284</span>\n  Visual Studio Code\n  Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-47292</span>\n  Visual Studio Code\n  MSSQL Extension Remote Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-48569</span>\n  Visual Studio Code\n  Security Feature Bypass Vulnerability\n  Important\n  7.1\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-47287</span>\n  Visual Studio Code\n  Tampering Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Tampering\n \n \n  <span>CVE-2026-42829</span>\n  Windows Administrator\n  Protection Secure Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  \n \n \n  <span>CVE-2026-34335</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45601</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45598</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45596</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45638</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45603</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42911</span>\n  Windows Ancillary\n  Function Driver for WinSock Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45594</span>\n  Windows Application\n  Identity (AppID) Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45655</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  5.3\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45658</span>\n  Windows BitLocker\n  Security Feature Bypass Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  SFB\n \n \n  <span>CVE-2026-45640</span>\n  Windows Bluetooth Port\n  Driver Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45605</span>\n  Windows Bluetooth\n  Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-47656</span>\n  Windows Boot Manager\n  Security Feature Bypass Vulnerability\n  Important\n  7.9\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-44809</span>\n  Windows Common Log\n  File System Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45634</span>\n  Windows DHCP Client\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-45608</span>\n  Windows DHCP Client\n  Information Disclosure Vulnerability\n  Important\n  6.8\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-41108</span>\n  Windows DNS Client\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42905</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n  <span>CVE-2026-44811</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44808</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44807</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42983</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44802</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44813</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44804</span>\n  Windows DWM Core\n  Library Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-48566</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-44814</span>\n  Windows DWM Core\n  Library Information Disclosure<span> \n  </span>Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45602</span>\n  Windows Dynamic Host\n  Configuration Protocol (DHCP) Tampering Vulnerability\n  Important\n  9.1\n  No\n  No\n  2\n  Tampering\n \n \n  <span>CVE-2026-42836</span>\n  Windows Function\n  Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42910</span>\n  Windows Hotpatch\n  Monitoring Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42972</span>\n  Windows Hyper-V\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45592</span>\n  Windows Internet\n  (wininet.dll) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42903</span>\n  Windows Kerberos\n  Denial of Service Vulnerability\n  Important\n  6.5\n  No\n  No\n  3\n  DoS\n \n \n  <span>CVE-2026-42914</span>\n  Windows Kerberos\n  Denial of Service Vulnerability\n  Important\n  5.3\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-48583</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45653</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42984</span>\n  Windows Kernel\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45600</span>\n  Windows Kernel-Mode\n  Driver Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45604</span>\n  Windows Managed\n  Installer Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45595</span>\n  Windows Mark of the\n  Web Security Feature Bypass Vulnerability\n  Important\n  5.4\n  No\n  No\n  2\n  SFB\n \n \n  <span>CVE-2026-45636</span>\n  Windows NTFS Remote\n  Code Execution Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-50508</span>\n  Windows NTLM Spoofing\n  Vulnerability\n  Important\n  6.5\n  No\n  No\n  1\n  Spoofing\n \n \n  <span>CVE-2026-48565</span>\n  Windows Narrator\n  Braille Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-44805</span>\n  Windows Network\n  Controller (NC) Host Agent Denial of Service Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  DoS\n \n \n  <span>CVE-2026-42981</span>\n  Windows Performance\n  Monitor Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-42974</span>\n  Windows Performance\n  Monitor Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45487</span>\n  Windows Program\n  Compatibility Assistant Service Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42828</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42837</span>\n  Windows Projected File\n  System Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42969</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  3\n  Info\n \n \n  <span>CVE-2026-42971</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42970</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42973</span>\n  Windows Push\n  Notification Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42978</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42977</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42979</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42991</span>\n  Windows Push\n  Notifications Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45639</span>\n  Windows Remote Desktop\n  Protocol (RDP) Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42908</span>\n  Windows Remote Desktop\n  Protocol (RDP) Information Disclosure Vulnerability\n  Important\n  7.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-45593</span>\n  Windows SDK Elevation\n  of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42906</span>\n  Windows Shell\n  Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42907</span>\n  Windows Shell\n  Information Disclosure Vulnerability\n  Important\n  6.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-47648</span>\n  Windows Storage\n  Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42915</span>\n  Windows TCP/IP Denial\n  of Service Vulnerability\n  Important\n  5.7\n  No\n  No\n  2\n  DoS\n \n \n  <span>CVE-2026-42904</span>\n  Windows TCP/IP\n  Elevation of Privilege Vulnerability\n  Important\n  9.6\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-42968</span>\n  Windows Telephony\n  Server Information Disclosure Vulnerability\n  Important\n  5.5\n  No\n  No\n  2\n  Info\n \n \n  <span>CVE-2026-42912</span>\n  Windows Telephony\n  Service Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-45597</span>\n  Windows UI Automation\n  Manager (uiamanager.dll) Elevation of Privilege Vulnerability\n  Important\n  7\n  No\n  No\n  3\n  EoP\n \n \n  <span>CVE-2026-45599</span>\n  Windows UPnP Device\n  Host Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-45635</span>\n  Windows UPnP Device\n  Host Remote Code Execution Vulnerability\n  Important\n  8.1\n  No\n  No\n  2\n  RCE\n \n \n  <span>CVE-2026-40409</span>\n  Windows Universal Disk\n  Format File System Driver (UDFS) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-40404</span>\n  Windows Universal Disk\n  Format File System Driver (UDFS) Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  2\n  EoP\n \n \n  <span>CVE-2026-42989</span>\n  Winlogon\n  Elevation of Privilege Vulnerability\n  Important\n  7.8\n  No\n  No\n  1\n  EoP\n \n \n \n  \n  \n  \n  \n  \n  \n  \n  \n \n \n\n\n\n\n\n\n\n\n\n\n\n\n  \n\n\n\n\n  \n* Indicates this CVE had been released by a third party and is now being included in Microsoft releases.\n\u2020 Indicates further administrative actions are required to fully address the vulnerability.\n \nLooking at the other Critical-rated bugs in this release, the scariest-looking one is actually nothing to concern yourself with at all. The CVSS 10 bug in Azure HorizonDB has already been addressed by Microsoft and is just being documented now. That\u2019s also the case for five others. Of course, there wouldn\u2019t be a release without Office bugs that have the Preview Pane as an attack vector. There are multiple in June. There\u2019s a handful of bugs in the Remote Desktop Client, but these rely on connecting to a malicious RDP server. There are three patches for Hyper-V that allow for guest-to-host code execution. The bug in Active Directory requires authentication, but any authenticated user can hit it. For the Windows Directory Service vulnerability, it needs to be listening for TFTP. You have blocked that everywhere, right? The bug in Azure Network Adapter is somewhat unique as you need to update your Linux kernel to be protected. The bug in Azure Kubernetes allows an attacker to break out of a container and gain control of the AKS worker node. Finally, the bug in the Kerberos Key Distribution Center (KDC) seems unlikely, but if exploited, it could allow authenticated attackers to get code execution on affected systems.\nMoving on to the other code execution bugs, there are the ubiquitous open-an-own bugs in Office components like Excel and Word. The code injection bug in Exchange Server looks troubling, but it requires a machine-in-the-middle (MiTM), so exploitation is unlikely. The bugs in SharePoint require authentication, but you should note that the patch applies to both SharePoint Server 2016 and SharePoint Enterprise Server 2016. The two bugs in UPnP are interesting. Both can lead to code execution by causing an error during the handling of specially crafted data, which could lead to a Use After Free (UAF) bug. The bugs in RDP Client all require connecting to a malicious RDP server, but it\u2019s not clear why some are rated Critical and some are rated Important. The NTFS vulnerability requires a user to mount a virtual hard drive on an affected system. The last RCE bug this month is in Azure Stack Edge and requires the attacker to send a specially crafted file upload request that includes a manipulated file name or path, leading to code execution.\nThere are more than 60 Elevation of Privilege (EoP) bugs in this month\u2019s release, and as usual, most simply lead to local attackers executing their code at SYSTEM-level privileges or administrative privileges, so there\u2019s not much to add without further technical details about the bugs themselves. A notable exception is in Exchange Server, where a user on Outlook Web Access (OWA) could gain access to other mailboxes. The bug in Visual Studio Code could allow attackers to gain permissions associated with the MCP Server\u2019s managed identity. The bugs in Windows SDK and Windows UI Automation Manager could let attacker go from low integrity up to medium integrity code execution. The bug in Bluetooth just allows \u201celevated\u201d privileges without really describing what elevated might be. \nMoving on to the more than 20 security feature bypass (SFB) bugs in the June release, there are a total of 10 that impact Secure Boot. All carry scope change (S:C) in the CVSS, meaning successful exploitation affects security boundaries beyond the vulnerable component itself \u2014 specifically the ability to load untrusted code at boot, bypass Virtual Secure Mode, and undermine boot integrity guarantees. CVE-2026-45654 explicitly calls out VSM exposure. The bulk of these are credited to Alon Leviev (STORM), which is notable given his prior BootKitty/BlackLotus-adjacent research. The bugs in the Windows Boot Manager have a similar impact as the Secure Boot bugs. The UEFI Secure Boot vulnerabilities go a layer deeper. They require either local admin or physical access but could allow for the running of untrusted code even before the OS loads. Rootkits anyone? The four bugs in BitLocker all require physical access but could yield encrypted data if exploited. The bug in Windows Administration Protection allows attackers to bypass the feature that prevents standard-user apps from performing admin-level actions. The bug in Visual Studio Copilot Chat could be the most interesting non-boot bug here as it allows authentication impersonation. Mark of the Web (MotW) and Excel vulns could bypass user warnings. Lastly, the bug in PC Manager bypasses expected user controls. \nTurning our attention to the mass of spoofing bugs in the release, we instantly see 18 impacting SharePoint Server. Fortunately, these are simply cross-site scripting (XSS) bugs. It\u2019s the Exchange bugs we should really watch for. One is an XSS that an attacker can exploit by convincing an Exchange administrator to open a malicious link or message, which then runs code in the admin's web session. That's a meaningful privilege escalation path. Another is listed as an SSRF-based attack, but no other details are available. The last is a lower-impact XSS with limited confidentiality/integrity loss. The bug in Bing Search (remember Bing?) is a classic search result spoofing. The bug in Azure Stack Edge is interesting as it could allow access to resources outside the vulnerable component's security boundary. The bug in Office for Android requires user interaction. The Office Project Server bug is an authenticated XSS with low impact. The final spoofing bug is in Azure Attestation but has already been addressed. You should still verify you are protected by following the instructions in the write-up from Microsoft.\nThere are 30 different information disclosure bugs in this release, and fortunately, the vast majority of these simply result in info leaks consisting of unspecified memory contents or memory addresses. The two bugs in Visual Studio require user interaction and could \u201cdisclose information over a network.\u201d How obtuse. The bug in GitHub Copilot and Visual Studio Code could disclose discloses a sign-in access token for a user's work account. That's a meaningful credential exposure, not just random memory. That leaves the two bugs in Exchange Server. One could allow an authenticated user to gain information about which network services that the Exchange server can reach. The other sounds much like the spoofing bug in OWA as it allows attackers to see information in mailboxes they should not have access to.\nI\u2019ve never been a fan of the \u201ctampering\u201d category, as it could mean so many different things. For example, the bug in .NET simply says it could allow an unauthorized attacker to perform tampering locally. Similarly, the bug in Visual Studio says the same, expect here the tampering occurs over a network. Microsoft doesn\u2019t even bother with a CWE for the tampering bug in the DHCP Server, so your guess is as good as mine.\nThere are seven DoS bugs in the June release, and as usual, Microsoft provides little to no actionable information about the vulnerabilities. The most interesting is the bug in HTTP.sys, which is listed as publicly known. This is an uncontrolled resource consumption, rated \"Exploitation More Likely,\" and publicly disclosed. Since, HTTP.sys sits at the core of IIS and Windows web services, a network-accessible DoS here can take down any Windows server running HTTP-based services. Based on the Acknowledgement, it looks like this bug may have been found using AI. There are no real details for the other bugs, but based simply on the impact, I would focus on the Kerberos and TCP/IP bugs if you had to prioritize.\nNo new advisories are being released this month.\nLooking Ahead\nThe next Patch Tuesday will be on July 14 and will be the last one before Black Hat/DEFCON. It\u2019s usually a big release, so strap in and hang on. I\u2019ll be back then to give you my full thoughts. Until then, stay safe, happy patching, and may all your reboots be smooth and clean!\n ", "creation_timestamp": "2026-06-09T16:12:18.000000Z"}]}