Microsoft May 2026 Patch Tuesday release
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft's May 13, 2026 Patch Tuesday release fixed 138 vulnerabilities across its product portfolio, including Windows, Azure, and Edge. None of the flaws were listed as publicly known or under active attack. The update spans both Critical and Important issues, making it a broad monthly remediation cycle for Microsoft customers. Administrators also need to watch a separate Windows Secure Boot certificate rollover before the June 26, 2026 deadline.
Related Happenings
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation Wave
H score41
First: 30.06.2026 11:53
Last: 30.06.2026 11:53
Sources 1
About this happening:
CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Microsoft Defender BlueHammer (CVE-2026-33825) ransomware exploitation wave
Exploitation WaveAbout this happening: CISA has flagged **BlueHammer (CVE-2026-33825)** as exploited in **ransomware campaigns**, expanding the risk to **Windows devices** exposed to privilege escalation. The flaw in *...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch Release
H score32
First: 17.06.2026 20:36
Last: 17.06.2026 20:36
Sources 1
About this happening:
**Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Microsoft releases RoguePlanet Defender security update for CVE-2026-50656
Security Patch ReleaseAbout this happening: **Microsoft** has released a **security update** for **CVE-2026-50656**, remediating **RoguePlanet** in the **Microsoft Malware Protection Engine (mpengine.dll)**. The flaw is a *...
Latest development: 09.07.2026 11:48
Microsoft released security updates for CVE-2026-50656, remediating the RoguePlanet privilege-escalation flaw in Microsoft Malware Protection Engine (mpengine.dll) with version 1.1.26060.3008 and additional defense-in-depth updates. Microsoft said no customer action is required to install the update.
Microsoft security patch release for CVE-2026-42897
Security Patch Release
H score44
First: 10.06.2026 16:44
Last: 10.06.2026 16:44
Sources 1
About this happening:
**Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...
Microsoft security patch release for CVE-2026-42897
Security Patch ReleaseAbout this happening: **Microsoft** released **June 2026 Security Updates** for **Exchange Server 2016**, **Exchange Server 2019**, and **Exchange Server Subscription Edition (SE)** to fix **CVE-2026-4...
Microsoft Windows June 2026 Patch Tuesday zero-day fixes (multiple vulnerabilities)
Security Patch Release
H score40
First: 10.06.2026 12:57
Last: 10.06.2026 12:57
Sources 1
About this happening:
**Microsoft**'s **June 2026 Patch Tuesday** fixed **three Windows zero-days** that could yield **SYSTEM** access or bypass **BitLocker** on vulnerable systems.
Microsoft Windows June 2026 Patch Tuesday zero-day fixes (multiple vulnerabilities)
Security Patch ReleaseAbout this happening: **Microsoft**'s **June 2026 Patch Tuesday** fixed **three Windows zero-days** that could yield **SYSTEM** access or bypass **BitLocker** on vulnerable systems.
Microsoft June 2026 Patch Tuesday record 206-vulnerability update
Security Patch Release
H score55
First: 10.06.2026 12:38
Last: 10.06.2026 12:38
Sources 1
About this happening:
Microsoft shipped a **record 206-vulnerability** update for its software portfolio, including **three publicly disclosed flaws**. The release spans **Critical** and **Important**...
Microsoft June 2026 Patch Tuesday record 206-vulnerability update
Security Patch ReleaseAbout this happening: Microsoft shipped a **record 206-vulnerability** update for its software portfolio, including **three publicly disclosed flaws**. The release spans **Critical** and **Important**...
Timeline
-
01.06.2026 15:30 1 articles · 1mo ago
CCB warns of active exploitation of CVE-2026-41089 in Windows Netlogon
Exploitation ObservedBelgium's Centre for Cybersecurity warned that CVE-2026-41089 in Windows Netlogon is being actively exploited in the wild after Microsoft patched the stack-based buffer overflow during the May 2026 Patch Tuesday. The flaw affects all currently supported Windows Server versions, including Windows Server 2025, and can let an unauthenticated attacker gain remote code execution on targeted domain controllers.
Show sources
- Critical Windows Netlogon RCE flaw now exploited in attacks — www.bleepingcomputer.com — 01.06.2026 15:30
-
13.05.2026 13:36 2 articles · 1mo ago
Microsoft releases May 2026 Patch Tuesday updates
Initial DisclosureMicrosoft released patches for 138 security vulnerabilities across its product portfolio, including CVE-2026-41096 in Windows DNS, CVE-2026-41089 in Windows Netlogon, and multiple Critical and Important flaws in Azure DevOps, Azure Managed Instance for Apache Cassandra, Microsoft Dynamics 365 (on-premises), Azure Logic Apps, Microsoft Teams, Azure Cloud Shell, Azure Entra ID, Windows Hyper-V, Azure SDK, and Microsoft SSO Plugin for Jira & Confluence; none of the flaws were listed as publicly known or under active attack, and 16 issues were identified through the MDASH AI-driven vulnerability discovery system.
Show sources
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36
-
13.05.2026 13:36 1 articles · 1mo ago
Windows Secure Boot certificate rollover deadline approaches
Mitigation Patch UpdateOrganizations must rotate Windows Secure Boot certificates to the 2023 counterparts before the June 26, 2026 deadline because the 2011-issued certificates are set to expire; devices that miss the rollover risk degraded security states or catastrophic boot-level security failures.
Show sources
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36