{"id":248472,"date":"2026-05-13T04:15:00","date_gmt":"2026-05-13T08:15:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/13\/microsoft-fixes-17-critical-flaws-in-may-patch-tuesday\/"},"modified":"2026-05-18T11:10:20","modified_gmt":"2026-05-18T15:10:20","slug":"microsoft-fixes-17-critical-flaws-in-may-patch-tuesday","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/13\/microsoft-fixes-17-critical-flaws-in-may-patch-tuesday\/","title":{"rendered":"Microsoft Fixes 17 Critical Flaws in May Patch Tuesday"},"content":{"rendered":"<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-17-critical-flaws-may\/\">Microsoft Fixes 17 Critical Flaws in May Patch Tuesday<\/a><\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-17-critical-flaws-may\/\">https:\/\/www.infosecurity-magazine.com\/news\/microsoft-17-critical-flaws-may\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-13 04:15:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.infosecurity-magazine.com\">www.infosecurity-magazine.com<\/a><\/p>\n<p>Microsoft has published security updates to fix 120 CVEs in the May Patch Tuesday, 16 of which were discovered by a new multi-model agentic security system.<\/p>\n<p>The overall list included 17 critical vulnerabilities, 14 of which were classed as remote code execution (RCE),\u00a0two were elevation of privilege (EoP) flaws\u00a0and one was an information disclosure vulnerability.<\/p>\n<p>In total, the majority of the 120 CVEs listed were EoP (61), RCE (31) and information disclosure (14).<\/p>\n<p>Read more on Patch Tuesday: Microsoft Fixes Two Zero-Days in April Patch Tuesday<\/p>\n<p>Adam Barnett, principal software engineer at Rapid7, urged \u201canyone responsible for securing a domain controller\u201d to prioritize CVE-2026-41089 for remediation.<\/p>\n<p>It\u2019s a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8 which could give attackers system privileges on the domain controller, Barnett warned.<\/p>\n<p>\u201cFor most pentesters, that\u2019s the point at which the customer report more or less writes itself,\u201d he continued. \u201cNo privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.\u201d<\/p>\n<p>Also top of mind for sysadmins should be CVE-2026-41096 \u2013 a critical RCE in the Windows DNS client implementation with a CVSS score of 9.8.<\/p>\n<p>\u201cBecause DNS is a core networking service used across enterprise environments, exploitation could impact\u00a0a large number of\u00a0systems rapidly,\u201d warned Action1 director of vulnerability research, Jack Bicer.\u00a0\u201cSuccessful attacks may lead to widespread endpoint compromise, ransomware deployment, credential harvesting, and operational disruption across corporate networks.\u201d\u00a0<\/p>\n<p>Bicer also flagged CVE-2026-42898, a critical RCE bug in Microsoft Dynamics 365 On-Premises. It could allow an authenticated attacker with low privileges to execute malicious code over the network by manipulating process&#8230;<\/p>\n<p><a href=\"https:\/\/www.infosecurity-magazine.com\/news\/microsoft-17-critical-flaws-may\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft Fixes 17 Critical Flaws in May Patch Tuesday https:\/\/www.infosecurity-magazine.com\/news\/microsoft-17-critical-flaws-may\/ Publish Date: 2026-05-13 04:15:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":248473,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/assets.infosecurity-magazine.com\/webpage\/og\/39253098-76d3-4ce2-907a-40d9bca56924.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[31,27],"class_list":["post-248472","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-exploit","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248472"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=248472"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248472\/revisions"}],"predecessor-version":[{"id":248474,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/248472\/revisions\/248474"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/248473"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=248472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=248472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=248472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}