Microsoft May / June 2026 Security Updates

NICK ADSL UK · May 12, 2026 at 2:31 PM

May 2026 Security Updates

This release consists of the following 137 Microsoft CVEs:
Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?

Windows Rich Text Edit CVE-2026-21530
M365 Copilot CVE-2026-26129
M365 Copilot CVE-2026-26164
Windows Native WiFi Miniport Driver CVE-2026-32161
Windows Rich Text Edit Control CVE-2026-32170
.NET CVE-2026-32175
.NET CVE-2026-32177
Microsoft Teams CVE-2026-32185
Azure Monitor Agent CVE-2026-32204
Azure Machine Learning CVE-2026-32207
Windows Filtering Platform (WFP) CVE-2026-32209
Azure Managed Instance for Apache Cassandra CVE-2026-33109
Microsoft Office SharePoint CVE-2026-33110
Copilot Chat (Microsoft Edge) CVE-2026-33111
Microsoft Office SharePoint CVE-2026-33112
Azure SDK CVE-2026-33117
Microsoft Dynamics 365 Customer Insights CVE-2026-33821
Microsoft Teams CVE-2026-33823
Azure Machine Learning CVE-2026-33833
Windows Event Logging Service CVE-2026-33834
Windows Cloud Files Mini Filter Driver CVE-2026-33835
Windows TCP/IP CVE-2026-33837
Windows Message Queuing CVE-2026-33838
Windows Win32K - GRFX CVE-2026-33839
Windows Win32K - ICOMP CVE-2026-33840
Windows Kernel CVE-2026-33841
Azure Managed Instance for Apache Cassandra CVE-2026-33844
Microsoft Partner Center CVE-2026-34327
Windows Message Queuing CVE-2026-34329
Windows Win32K - GRFX CVE-2026-34330
Windows Win32K - GRFX CVE-2026-34331
Windows Kernel-Mode Drivers CVE-2026-34332
Windows Win32K - GRFX CVE-2026-34333
Windows TCP/IP CVE-2026-34334 7.8
Windows DWM Core Library CVE-2026-34336
Windows Cloud Files Mini Filter Driver CVE-2026-34337
Windows Telephony Service CVE-2026-34338
Windows LDAP - Lightweight Directory Access Protocol CVE-2026-34339
Windows Projected File System CVE-2026-34340
Windows Link-Layer Discovery Protocol (LLDP) CVE-2026-34341
Windows Print Spooler Components CVE-2026-34342
Windows Application Identity (AppID) Subsystem CVE-2026-34343
Windows Ancillary Function Driver for WinSock CVE-2026-34344
Windows Ancillary Function Driver for WinSock CVE-2026-34345
Windows Win32K - GRFX CVE-2026-34347
Windows Storport Miniport Driver CVE-2026-34350
Windows TCP/IP CVE-2026-34351
Windows Storage Spaces Controller CVE-2026-35415
Windows Ancillary Function Driver for WinSock CVE-2026-35416
Windows Win32K - ICOMP CVE-2026-35417
Windows Cloud Files Mini Filter Driver CVE-2026-35418
Windows DWM Core Library CVE-2026-35419
Windows Kernel CVE-2026-35420
Windows GDI CVE-2026-35421
Windows TCP/IP CVE-2026-35422
Telnet Client CVE-2026-35423
Windows Internet Key Exchange (IKE) Protocol CVE-2026-35424
Azure Cloud Shell CVE-2026-35428
Microsoft Edge for Android CVE-2026-35429
.NET CVE-2026-35433
Azure AI Foundry M365 published agents CVE-2026-35435
Microsoft Office Click-To-Run CVE-2026-35436
Windows Admin Center CVE-2026-35438
Microsoft Office SharePoint CVE-2026-35439
Microsoft Office Word CVE-2026-35440
Microsoft Office SharePoint CVE-2026-40357
Microsoft Office CVE-2026-40358
Microsoft Office Excel CVE-2026-40359
Microsoft Office Excel CVE-2026-40360
Microsoft Office Word CVE-2026-40361
Microsoft Office Excel CVE-2026-40362
Microsoft Office CVE-2026-40363
Microsoft Office Word CVE-2026-40364
Microsoft Office SharePoint CVE-2026-40365
Microsoft Office Word CVE-2026-40366
Microsoft Office Word CVE-2026-40367
Microsoft Office SharePoint CVE-2026-40368
Windows Kernel CVE-2026-40369
SQL Server CVE-2026-40370
Power Automate CVE-2026-40374
Windows Cryptographic Services CVE-2026-40377
Azure Entra ID CVE-2026-40379
Windows Volume Manager Extension Driver CVE-2026-40380
Azure Connected Machine Agent CVE-2026-40381
Windows Telephony Service CVE-2026-40382
Windows Common Log File System Driver CVE-2026-40397
Windows Remote Desktop CVE-2026-40398
Windows TCP/IP CVE-2026-40399
Windows TCP/IP CVE-2026-40401
Windows Hyper-V CVE-2026-40402
Windows Win32K - GRFX CVE-2026-40403
Windows TCP/IP CVE-2026-40405
Windows TCP/IP CVE-2026-40406
Windows Common Log File System Driver CVE-2026-40407
Windows Kernel-Mode Drivers CVE-2026-40408
Windows SMB Client CVE-2026-40410
Windows TCP/IP CVE-2026-40413
Windows TCP/IP CVE-2026-40414
Windows TCP/IP CVE-2026-40415
Microsoft Edge (Chromium-based) CVE-2026-40416
Dynamics Business Central CVE-2026-40417
Microsoft Office Click-To-Run CVE-2026-40418
Microsoft Office CVE-2026-40419
Microsoft Office Click-To-Run CVE-2026-40420
Microsoft Office Word CVE-2026-40421
Windows Admin Center CVE-2026-41086
Windows Ancillary Function Driver for WinSock CVE-2026-41088
Windows Netlogon CVE-2026-41089
Microsoft Data Formulator CVE-2026-41094
Data Deduplication CVE-2026-41095
Microsoft Windows DNS CVE-2026-41096
Windows Secure Boot CVE-2026-41097
M365 Copilot CVE-2026-41100
Microsoft Office Word CVE-2026-41101
Microsoft Office PowerPoint CVE-2026-41102
Microsoft SSO Plugin for Jira & Confluence CVE-2026-41103
Azure Notification Service CVE-2026-41105
Microsoft Edge (Chromium-based) CVE-2026-41107
GitHub Copilot and Visual Studio CVE-2026-41109
Visual Studio Code CVE-2026-41610
Visual Studio Code CVE-2026-41611
Visual Studio Code CVE-2026-41612
Visual Studio Code CVE-2026-41613
M365 Copilot for Desktop CVE-2026-41614
Azure Logic Apps CVE-2026-42823
Windows Telephony Service CVE-2026-42825
Azure DevOps CVE-2026-42826
Azure Monitor Agent CVE-2026-42830
Microsoft Office CVE-2026-42831
Microsoft Office CVE-2026-42832
Microsoft Dynamics 365 (on-premises) CVE-2026-42833
Microsoft Edge (Chromium-based) CVE-2026-42838
Microsoft Edge (Chromium-based) CVE-2026-42891
M365 Copilot CVE-2026-42893
Windows DWM Core Library CVE-2026-42896
Microsoft Dynamics 365 (on-premises) CVE-2026-42898
ASP.NET Core CVE-2026-42899

NICK ADSL UK · May 12, 2026 at 2:32 PM

We are republishing 128 non-Microsoft CVEs:
CNA Tag CVE FAQs? Workarounds? Mitigations?
AMD AMD CPU Branch CVE-2025-54518 No No No
Chrome Microsoft Edge (Chromium-based) CVE-2026-7896
Chrome Microsoft Edge (Chromium-based) CVE-2026-7897
Chrome Microsoft Edge (Chromium-based) CVE-2026-7898
Chrome Microsoft Edge (Chromium-based) CVE-2026-7899
Chrome Microsoft Edge (Chromium-based) CVE-2026-7900
Chrome Microsoft Edge (Chromium-based) CVE-2026-7901
Chrome Microsoft Edge (Chromium-based) CVE-2026-7902
Chrome Microsoft Edge (Chromium-based) CVE-2026-7903
Chrome Microsoft Edge (Chromium-based) CVE-2026-7904
Chrome Microsoft Edge (Chromium-based) CVE-2026-7905
Chrome Microsoft Edge (Chromium-based) CVE-2026-7906
Chrome Microsoft Edge (Chromium-based) CVE-2026-7907
Chrome Microsoft Edge (Chromium-based) CVE-2026-7908
Chrome Microsoft Edge (Chromium-based) CVE-2026-7909
Chrome Microsoft Edge (Chromium-based) CVE-2026-7910
Chrome Microsoft Edge (Chromium-based) CVE-2026-7911
Chrome Microsoft Edge (Chromium-based) CVE-2026-7912
Chrome Microsoft Edge (Chromium-based) CVE-2026-7913
Chrome Microsoft Edge (Chromium-based) CVE-2026-7914
Chrome Microsoft Edge (Chromium-based) CVE-2026-7915
Chrome Microsoft Edge (Chromium-based) CVE-2026-7916
Chrome Microsoft Edge (Chromium-based) CVE-2026-7917
Chrome Microsoft Edge (Chromium-based) CVE-2026-7918
Chrome Microsoft Edge (Chromium-based) CVE-2026-7919
Chrome Microsoft Edge (Chromium-based) CVE-2026-7920
Chrome Microsoft Edge (Chromium-based) CVE-2026-7921
Chrome Microsoft Edge (Chromium-based) CVE-2026-7922
Chrome Microsoft Edge (Chromium-based) CVE-2026-7923
Chrome Microsoft Edge (Chromium-based) CVE-2026-7924
Chrome Microsoft Edge (Chromium-based) CVE-2026-7925
Chrome Microsoft Edge (Chromium-based) CVE-2026-7926
Chrome Microsoft Edge (Chromium-based) CVE-2026-7927
Chrome Microsoft Edge (Chromium-based) CVE-2026-7928
Chrome Microsoft Edge (Chromium-based) CVE-2026-7929
Chrome Microsoft Edge (Chromium-based) CVE-2026-7930
Chrome Microsoft Edge (Chromium-based) CVE-2026-7931
Chrome Microsoft Edge (Chromium-based) CVE-2026-7932
Chrome Microsoft Edge (Chromium-based) CVE-2026-7933
Chrome Microsoft Edge (Chromium-based) CVE-2026-7934
Chrome Microsoft Edge (Chromium-based) CVE-2026-7935
Chrome Microsoft Edge (Chromium-based) CVE-2026-7936
Chrome Microsoft Edge (Chromium-based) CVE-2026-7937
Chrome Microsoft Edge (Chromium-based) CVE-2026-7938
Chrome Microsoft Edge (Chromium-based) CVE-2026-7939
Chrome Microsoft Edge (Chromium-based) CVE-2026-7940
Chrome Microsoft Edge (Chromium-based) CVE-2026-7941
Chrome Microsoft Edge (Chromium-based) CVE-2026-7942
Chrome Microsoft Edge (Chromium-based) CVE-2026-7943
Chrome Microsoft Edge (Chromium-based) CVE-2026-7944
Chrome Microsoft Edge (Chromium-based) CVE-2026-7945
Chrome Microsoft Edge (Chromium-based) CVE-2026-7946
Chrome Microsoft Edge (Chromium-based) CVE-2026-7947
Chrome Microsoft Edge (Chromium-based) CVE-2026-7948
Chrome Microsoft Edge (Chromium-based) CVE-2026-7949
Chrome Microsoft Edge (Chromium-based) CVE-2026-7950
Chrome Microsoft Edge (Chromium-based) CVE-2026-7951
Chrome Microsoft Edge (Chromium-based) CVE-2026-7952
Chrome Microsoft Edge (Chromium-based) CVE-2026-7953
Chrome Microsoft Edge (Chromium-based) CVE-2026-7954
Chrome Microsoft Edge (Chromium-based) CVE-2026-7955
Chrome Microsoft Edge (Chromium-based) CVE-2026-7956
Chrome Microsoft Edge (Chromium-based) CVE-2026-7957
Chrome Microsoft Edge (Chromium-based) CVE-2026-7958
Chrome Microsoft Edge (Chromium-based) CVE-2026-7959
Chrome Microsoft Edge (Chromium-based) CVE-2026-7960
Chrome Microsoft Edge (Chromium-based) CVE-2026-7961
Chrome Microsoft Edge (Chromium-based) CVE-2026-7962
Chrome Microsoft Edge (Chromium-based) CVE-2026-7963
Chrome Microsoft Edge (Chromium-based) CVE-2026-7964
Chrome Microsoft Edge (Chromium-based) CVE-2026-7965
Chrome Microsoft Edge (Chromium-based) CVE-2026-7966
Chrome Microsoft Edge (Chromium-based) CVE-2026-7967
Chrome Microsoft Edge (Chromium-based) CVE-2026-7968
Chrome Microsoft Edge (Chromium-based) CVE-2026-7969
Chrome Microsoft Edge (Chromium-based) CVE-2026-7970
Chrome Microsoft Edge (Chromium-based) CVE-2026-7971
Chrome Microsoft Edge (Chromium-based) CVE-2026-7972
Chrome Microsoft Edge (Chromium-based) CVE-2026-7973
Chrome Microsoft Edge (Chromium-based) CVE-2026-7974
Chrome Microsoft Edge (Chromium-based) CVE-2026-7975
Chrome Microsoft Edge (Chromium-based) CVE-2026-7976
Chrome Microsoft Edge (Chromium-based) CVE-2026-7977
Chrome Microsoft Edge (Chromium-based) CVE-2026-7978
Chrome Microsoft Edge (Chromium-based) CVE-2026-7979
Chrome Microsoft Edge (Chromium-based) CVE-2026-7980
Chrome Microsoft Edge (Chromium-based) CVE-2026-7981
Chrome Microsoft Edge (Chromium-based) CVE-2026-7982
Chrome Microsoft Edge (Chromium-based) CVE-2026-7983
Chrome Microsoft Edge (Chromium-based) CVE-2026-7984
Chrome Microsoft Edge (Chromium-based) CVE-2026-7985
Chrome Microsoft Edge (Chromium-based) CVE-2026-7986
Chrome Microsoft Edge (Chromium-based) CVE-2026-7987
Chrome Microsoft Edge (Chromium-based) CVE-2026-7988
Chrome Microsoft Edge (Chromium-based) CVE-2026-7989
Chrome Microsoft Edge (Chromium-based) CVE-2026-7990
Chrome Microsoft Edge (Chromium-based) CVE-2026-7991
Chrome Microsoft Edge (Chromium-based) CVE-2026-7992
Chrome Microsoft Edge (Chromium-based) CVE-2026-7993
Chrome Microsoft Edge (Chromium-based) CVE-2026-7994
Chrome Microsoft Edge (Chromium-based) CVE-2026-7995
Chrome Microsoft Edge (Chromium-based) CVE-2026-7996
Chrome Microsoft Edge (Chromium-based) CVE-2026-7997
Chrome Microsoft Edge (Chromium-based) CVE-2026-7998
Chrome Microsoft Edge (Chromium-based) CVE-2026-7999
Chrome Microsoft Edge (Chromium-based) CVE-2026-8000
Chrome Microsoft Edge (Chromium-based) CVE-2026-8001
Chrome Microsoft Edge (Chromium-based) CVE-2026-8002
Chrome Microsoft Edge (Chromium-based) CVE-2026-8003
Chrome Microsoft Edge (Chromium-based) CVE-2026-8004
Chrome Microsoft Edge (Chromium-based) CVE-2026-8005
Chrome Microsoft Edge (Chromium-based) CVE-2026-8006
Chrome Microsoft Edge (Chromium-based) CVE-2026-8007
Chrome Microsoft Edge (Chromium-based) CVE-2026-8008
Chrome Microsoft Edge (Chromium-based) CVE-2026-8009
Chrome Microsoft Edge (Chromium-based) CVE-2026-8010
Chrome Microsoft Edge (Chromium-based) CVE-2026-8011
Chrome Microsoft Edge (Chromium-based) CVE-2026-8012
Chrome Microsoft Edge (Chromium-based) CVE-2026-8013
Chrome Microsoft Edge (Chromium-based) CVE-2026-8014
Chrome Microsoft Edge (Chromium-based) CVE-2026-8015
Chrome Microsoft Edge (Chromium-based) CVE-2026-8016
Chrome Microsoft Edge (Chromium-based) CVE-2026-8017
Chrome Microsoft Edge (Chromium-based) CVE-2026-8018
Chrome Microsoft Edge (Chromium-based) CVE-2026-8019
Chrome Microsoft Edge (Chromium-based) CVE-2026-8020
Chrome Microsoft Edge (Chromium-based) CVE-2026-8021
Chrome Microsoft Edge (Chromium-based) CVE-2026-8022

Security Update Guide Blog Posts
Date Blog Post
October 31, 2025 You asked, we delivered: Introducing new features for an improved security experience
October 28, 2025 Understanding CVE-2025-55315: What CISOs, security engineers, and sysadmins should know
October 22, 2025 Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond
November 12, 2024 Toward greater transparency: Publishing machine-readable CSAF files
June 27, 2024 Toward greater transparency: Unveiling Cloud Service CVEs
April 9, 2024 Toward greater transparency: Security Update Guide now shares CWEs for CVEs
January 6, 2023 Publishing CBL-Mariner CVEs on the Security Update Guide CVRF API
January 11, 2022 Coming Soon: New Security Update Guide Notification System
February 9, 2021 Continuing to Listen: Good News about the Security Update Guide API
January 13, 2021 Security Update Guide Supports CVEs Assigned by Industry Partners
December 8, 2020 Security Update Guide: Let’s keep the conversation going
November 9, 2020 Vulnerability Descriptions in the New Version of the Security Update Guide

Relevant Resources

The new Hotpatching feature is now generally available. Please see Hotpatching feature for Windows Server Azure Edition virtual machines (VMs) for more information.

Windows 10 and Windows 11 updates are cumulative. The monthly security release includes all security fixes for vulnerabilities that affect Windows 10 and Windows 11, in addition to non-security updates. The updates are available via the Microsoft Update Catalog. For information on lifecycle and support dates for Windows 10 and Windows 11 operating systems, please see Windows Lifecycle Facts Sheet.

Microsoft is improving Windows Release Notes. For more information, please see What's next for Windows release notes.

A list of the latest servicing stack updates for each operating system can be found in ADV990001. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update.

In addition to security changes for the vulnerabilities, updates include defense-in-depth updates to help improve security-related features.

Customers running Windows Server 2008 R2, or Windows Server 2008 need to purchase the Extended Security Update to continue receiving security updates. See 4522133 for more information.

Known Issues
You can see these in more detail from the Deployments tab by selecting Known Issues column in the Edit Columns panel.

For more information about Windows Known Issues, please see Windows message center (links to currently-supported versions of Windows are in the left pane).

KB Article Applies To
5087420 Windows 11, version 23H2
5087423 Windows Server 2025 Hotpatch
5087424 Windows Server 2022 Hotpatch
5087539 Windows Server 2025
5087541 Windows Server 2022 23H2
5087544 Windows 10, version 21H2, Windows 10, version 22H2
5087545 Windows Server 2022

Released: May 12, 2026

May 2026 Security Updates - Release Notes - Security Update Guide - Microsoft

Log in or Sign up

Microsoft May / June 2026 Security Updates

NICK ADSL UK MajorGeeks Forum Administrator Staff Member

NICK ADSL UK MajorGeeks Forum Administrator Staff Member