Rising critical Microsoft vulnerabilities across Windows, Azure, Dynamics 365, and Office
Target Trend
Summary
Hide ▲
Show ▼
Microsoft’s vulnerability volume stayed broadly stable, but critical flaws doubled year over year across Windows, Azure, Dynamics 365, and Office, increasing the likelihood of high-impact compromise even without a spike in total disclosures. The trend matters because the riskiest issues are now concentrated in privilege escalation and information disclosure flaws, which can enable stealthier access and lateral movement. For defenders, the signal is to prioritize exposure that expands attacker reach rather than relying on headline vulnerability counts alone.
Related Happenings
Microsoft May 2026 Patch Tuesday release
Security Patch Release
First: 13.05.2026 13:36
Last: 13.05.2026 13:36
Sources 1
About this happening:
Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
Microsoft May 2026 Patch Tuesday release
Security Patch ReleaseAbout this happening: Microsoft's **May 13, 2026 Patch Tuesday** release fixed **138 vulnerabilities** across its product portfolio, including **Windows**, **Azure**, and **Edge**. None of the flaws we...
CISA KEV order for BlueHammer patching
Public Sector Action
First: 23.04.2026 14:05
Last: 23.04.2026 14:05
Sources 1
About this happening:
**CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
CISA KEV order for BlueHammer patching
Public Sector ActionAbout this happening: **CISA** ordered **Federal Civilian Executive Branch agencies** to patch **Windows** systems against **CVE-2026-33825** within **two weeks** after adding the flaw to the **KEV Cat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch Release
First: 15.04.2026 00:22
Last: 15.04.2026 00:22
Sources 1
About this happening:
**Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch ReleaseAbout this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
Vulnerability
First: 14.04.2026 20:41
Last: 14.04.2026 20:41
Sources 1
About this happening:
Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
Microsoft SharePoint Server spoofing vulnerability (actively exploited) (CVE-2026-32201)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-32201** in **Microsoft SharePoint Server**, a **spoofing vulnerability** that was **exploited in attacks** and could affect **confidentiality** and **...
Widening enterprise endpoint protection and patch-management gap
Target Trend
First: 24.03.2026 15:15
Last: 24.03.2026 15:15
Sources 1
About this happening:
Enterprise endpoint protection is deteriorating as patch compliance lags, increasing the risk of breaches and downtime across managed devices. A **March 23, 2026** resilience inde...
Widening enterprise endpoint protection and patch-management gap
Target TrendAbout this happening: Enterprise endpoint protection is deteriorating as patch compliance lags, increasing the risk of breaches and downtime across managed devices. A **March 23, 2026** resilience inde...
Timeline
-
19.05.2026 17:00 2 articles · 8d ago
BeyondTrust publishes Microsoft vulnerability trend findings
Initial DisclosureBeyondTrust highlighted Microsoft’s 2025 vulnerability landscape, stating that Microsoft disclosed 1,273 vulnerabilities and that critical issues doubled year over year from 78 to 157. The assessment said risk was concentrated in Elevation of Privilege and Information Disclosure flaws, with sharper critical increases in Microsoft Azure and Dynamics 365, Microsoft Windows Server, and Microsoft Office, and cited CVE-2025-55241 as a critical Entra ID flaw patched in July 2025 that could let an attacker forge tokens accepted across any tenant.
Show sources
- Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation — www.bleepingcomputer.com — 19.05.2026 17:00
- Critical Microsoft Vulnerabilities Doubled: From Exposure to Escalation — www.bleepingcomputer.com — 19.05.2026 17:00