Security Alert (A26-05-17): Multiple Vulnerabilities in Microsoft Products (May 2026)


 

Published on: 13 May 2026

Description:

Microsoft has released security updates addressing multiple vulnerabilities which affect several Microsoft products or components. The list of security updates can be found at:
https://msrc.microsoft.com/update-guide/releaseNote/2026-May

 

Affected Systems:

  • Windows 10, 11, 11 version 26H1
  • Windows Server 2012, 2012 R2, 2016, 2019, 2022, 23H2 Edition, 2025
  • Microsoft Word, Excel 2016
  • Microsoft Word, Excel, PowerPoint for Android
  • Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024
  • Microsoft Office for Android
  • Microsoft Office LTSC for Mac 2021, 2024
  • Microsoft 365 Apps for Enterprise
  • Microsoft 365 Copilot
  • Microsoft 365 Copilot for Android
  • Microsoft SharePoint Enterprise Server 2016
  • Microsoft SharePoint Server 2019
  • Microsoft SharePoint Server Subscription Edition
  • Microsoft SQL Server 2016, 2017, 2019, 2022, 2025
  • Microsoft Visual Studio 2017, 2019, 2022, 2026
  • Microsoft Visual Studio Code
  • Microsoft Visual Studio Code - Live Preview extension
  • Microsoft .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 and 4.8.1
  • .NET 8.0, .NET 9.0 and .NET 10.0 installed on Linux, Mac OS and Windows
  • Microsoft Dynamics 365
  • Microsoft Dynamics 365 Business Central 2024 Release Wave 2
  • Microsoft Dynamics 365 Business Central 2026 Release Wave 1
  • Microsoft Dynamics 365 Business Central Release Wave 1 2025
  • Microsoft Dynamics 365 Business Central Release Wave 2 2025
  • Microsoft Confluence SAML SSO plugin
  • Microsoft Data Formulator
  • Microsoft JIRA SAML SSO plugin
  • Microsoft Teams
  • Office Online Server
  • Power Automate
  • Windows Admin Center

For detailed information of the affected systems, please refer to the corresponding security advisories at vendor's website.

 

Impact:

Depending on the vulnerabilities exploited, a successful attack could lead to remote code execution, denial of service, elevation of privilege, information disclosure, security restriction bypass, spoofing or tampering on an affected system.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog. Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://msrc.microsoft.com/update-guide/releaseNote/2026-May
  • https://www.hkcert.org/security-bulletin/microsoft-monthly-security-update-may-2026
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54518
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21530
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32161
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32170
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32175
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32177
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32185
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32209
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33110
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33112
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33834 (to CVE-2026-33835)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33837 (to CVE-2026-33841)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34329 (to CVE-2026-34334)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34336 (to CVE-2026-34345)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34347
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34350 (to CVE-2026-34351)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35415 (to CVE-2026-35424)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35433
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35436
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35438 (to CVE-2026-35440)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40357 (to CVE-2026-40370)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40374
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40377
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40380
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40382
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40397 (to CVE-2026-40399)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40401 (to CVE-2026-40403)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40405 (to CVE-2026-40408)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40410
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40413 (to CVE-2026-40415)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40417 (to CVE-2026-40421)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41086
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41088 (to CVE-2026-41089)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41094 (to CVE-2026-41097)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41100 (to CVE-2026-41103)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41109
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41610 (to CVE-2026-41614)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42825
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42831 (to CVE-2026-42833)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42896
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42898 (to CVE-2026-42899)


Tag: Microsoft , Windows , Windows Server , Microsoft Office , Word , Excel , PowerPoint , Microsoft 365 Apps , Microsoft 365 Copilot , SharePoint , SQL Server , Visual Studio , Visual Studio Code , .NET , Dynamics 365 , Microsoft Confluence , Microsoft Data Formulator , JIRA , Microsoft Teams , Office Online Server , Power Automate , Windows Admin Center
Tags