Microsoft May 2026 Patch Tuesday release
Security Patch Release
Summary
Hide ▲
Show ▼
Microsoft's May 13, 2026 Patch Tuesday release fixed 138 vulnerabilities across its product portfolio, including Windows, Azure, and Edge. None of the flaws were listed as publicly known or under active attack. The update spans both Critical and Important issues, making it a broad monthly remediation cycle for Microsoft customers. Administrators also need to watch a separate Windows Secure Boot certificate rollover before the June 26, 2026 deadline.
Related Happenings
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch Release
First: 21.05.2026 10:49
Last: 21.05.2026 10:49
Sources 1
About this happening:
Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Microsoft security patch release for CVE-2026-41091 and CVE-2026-45498
Security Patch ReleaseAbout this happening: Microsoft rolled out security updates for Defender and related malware protection components to address two zero-days: CVE-2026-41091 and CVE-2026-45498. The fixes cover affected...
Latest development: 21.05.2026 12:52
Microsoft released patches for Microsoft Defender Antimalware Platform version 4.18.26040.7 to address CVE-2026-41091, a link-following privilege-escalation flaw that can let an authorized attacker elevate privileges locally to System, and CVE-2026-45498, a denial-of-service flaw. Microsoft said both vulnerabilities were publicly disclosed and exploited in the wild as zero-days. CISA added both flaws to its Known Exploited Vulnerabilities (KEV) list and urged federal agencies to patch them by June 3.
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/Mitigation
First: 20.05.2026 10:31
Last: 20.05.2026 10:31
Sources 1
About this happening:
Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Windows BitLocker YellowKey mitigation guidance (CVE-2026-45585)
Advisory/MitigationAbout this happening: Microsoft issued **mitigation guidance** for **YellowKey**, a **Windows BitLocker zero-day** that can expose **BitLocker-protected drives** before the security update is available...
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
Target Trend
First: 19.05.2026 17:00
Last: 19.05.2026 17:00
Sources 1
About this happening:
Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
Target TrendAbout this happening: Microsoft’s vulnerability volume stayed broadly stable, but **critical flaws** doubled year over year across **Windows, Azure, Dynamics 365, and Office**, increasing the likelihoo...
Microsoft Windows 11 KB5089549 cumulative update
Security Patch Release
First: 18.05.2026 11:33
Last: 18.05.2026 11:33
Sources 1
About this happening:
Microsoft's **KB5089549** **Windows 11** security update is failing to install on some systems, forcing affected devices to roll back during reboot. The problem is tied to a nearl...
Microsoft Windows 11 KB5089549 cumulative update
Security Patch ReleaseAbout this happening: Microsoft's **KB5089549** **Windows 11** security update is failing to install on some systems, forcing affected devices to roll back during reboot. The problem is tied to a nearl...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/Service
First: 15.05.2026 17:49
Last: 15.05.2026 17:49
Sources 1
About this happening:
**Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Microsoft Edge stops loading saved passwords into cleartext memory at startup
Security Tool/ServiceAbout this happening: **Microsoft Edge** is changing its built-in password manager so **saved passwords** are no longer loaded into **process memory in clear text** at startup, reducing the risk of loc...
Timeline
-
13.05.2026 13:36 2 articles · 14d ago
Microsoft releases May 2026 Patch Tuesday updates
Initial DisclosureMicrosoft released patches for 138 security vulnerabilities across its product portfolio, including CVE-2026-41096 in Windows DNS, CVE-2026-41089 in Windows Netlogon, and multiple Critical and Important flaws in Azure DevOps, Azure Managed Instance for Apache Cassandra, Microsoft Dynamics 365 (on-premises), Azure Logic Apps, Microsoft Teams, Azure Cloud Shell, Azure Entra ID, Windows Hyper-V, Azure SDK, and Microsoft SSO Plugin for Jira & Confluence; none of the flaws were listed as publicly known or under active attack, and 16 issues were identified through the MDASH AI-driven vulnerability discovery system.
Show sources
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36
-
13.05.2026 13:36 1 articles · 14d ago
Windows Secure Boot certificate rollover deadline approaches
Mitigation Patch UpdateOrganizations must rotate Windows Secure Boot certificates to the 2023 counterparts before the June 26, 2026 deadline because the 2011-issued certificates are set to expire; devices that miss the rollover risk degraded security states or catastrophic boot-level security failures.
Show sources
- Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws — thehackernews.com — 13.05.2026 13:36