Randy Franklin Smith's Ultimate Windows Security

Upcoming Webinars

Identity-First Security for AI Agents: Defending a New Attack Surface Across Cloud and SaaS
Forget Prompt Injection: Your First M365 Copilot Security Job Is Paying Off Years of Permission Debt

Webinar Library

Latest Blogs

How to Detect Pass-the-Hash Attacks Blog Series

Come meet Randy in Orlando at Microsoft Ignite at Quest's Booth #1818

Detecting Pass-the-Hash with Honeypots

Catch Malware Hiding in WMI with Sysmon

For of all sad words of tongue or pen, the saddest are these: 'We weren’t logging’

Experimenting with Windows Security: Controls for Enforcing Policies

Sysmon Event IDs 1, 6, 7 Report All the Binary Code Executing on Your Network

Yet Another Ransomware Can That Can be Immediately Detected with Process Tracking on Workstations

Cracking AD Passwords with NTDSXtract, Dsusers.py and John the Ripper

Cracking local windows passwords with Mimikatz, LSA dump and Hashcat

Top Resources

Security Log

Additional Resources

May, 2026: Patch Tuesday - Surprise! No Zero Days This Month!

Welcome to my May 2026 Patch Tuesday newsletter. Today Microsoft released 118 updates and an additional 28 since our previous Patch Tuesday newsletter for a total of 146 updates in the past 30 days. In comparison to last month, this month is fairly light. Believe it or not, we have zero zero-days this month. Yes, you heard me right, zero.

So then, what is our biggest threat this month? Well, we do have 38 critically rated updates from Microsoft. CVE-2026-41103 is our highest rated critical update with a CVSS score of 9.1/7.9. The good thing about this elevation of privilege vulnerability is that it only affects the Confluence SAML SSO and JIRA SAML SSO plugins. So our highest rated threat doesn't affect a mainstream application like the OS or one of the products in the Office family.

Honestly, I don't have much to talk to you about this month since it is a light month for patches. One thing I do want to mention is something that happened a couple Sundays ago on May 3rd. I woke up to what should have been an easy Sunday morning and instantly began to panic along with my security team as we saw a flurry of alerts in our security detection software. I'm sure some of you may have received the same alerts related to "Certigent". Most PC's in our organization were being flagged for security threats. Imagine my surprise when a high sev malware incident alerted that "Certigent high-severity malware was detected" on almost all our endpoints! I'm happy to report that after a little bit of digging we were able to stand down as most reported this was a false flag. You can read more about the cause of the alerts here.

I'd also like to give some attention to our newsletter sponsor this month; Action1:

Vulnerability Digest from Action1

Join Action1 this Wednesday, May 13, for a live webinar covering the most critical Patch Tuesday updates and third-party vulnerabilities. Get actionable recommendations on which patches to prioritize first, plus practical tips for securing all your endpoints in less than 24 hours.

Register now to reserve your spot.

Happy patching!

Patch data provided by:
Technology	Products Affected	Severity	Reference	Workaround/ Exploited / Publicly Disclosed	Vulnerability Info
Windows	Windows 10, 11 Server 2012, 2012 R2, 2016, 2019, 2022, 2025 including Server Core Installations Windows Admin Center	Critical	CVE-2026-21530 CVE-2026-32161 CVE-2026-32170 CVE-2026-32209 CVE-2026-33834 CVE-2026-33835 CVE-2026-33837 CVE-2026-33838 CVE-2026-33839 CVE-2026-33840 CVE-2026-33841 CVE-2026-34329 CVE-2026-34330 CVE-2026-34331 CVE-2026-34332 CVE-2026-34333 CVE-2026-34334 CVE-2026-34336 CVE-2026-34337 CVE-2026-34338 CVE-2026-34339 CVE-2026-34340 CVE-2026-34341 CVE-2026-34342 CVE-2026-34343 CVE-2026-34344 CVE-2026-34345 CVE-2026-34347 CVE-2026-34350 CVE-2026-34351 CVE-2026-35415 CVE-2026-35416 CVE-2026-35417 CVE-2026-35418 CVE-2026-35419 CVE-2026-35420 CVE-2026-35421 CVE-2026-35422 CVE-2026-35423 CVE-2026-35424 CVE-2026-35438 CVE-2026-40369 CVE-2026-40377 CVE-2026-40380 CVE-2026-40382 CVE-2026-40397 CVE-2026-40398 CVE-2026-40399 CVE-2026-40401 CVE-2026-40402 CVE-2026-40403 CVE-2026-40405 CVE-2026-40406 CVE-2026-40407 CVE-2026-40408 CVE-2026-40410 CVE-2026-40413 CVE-2026-40414 CVE-2026-40415 CVE-2026-41088 CVE-2026-41089 CVE-2026-41095 CVE-2026-41096 CVE-2026-41097 CVE-2026-42825 CVE-2026-42896	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass
Edge	Edge (Chromium-based) for Android Copilot Chat	Critical	CVE-2026-33111 CVE-2026-35429 CVE-2026-40416 CVE-2026-41107 CVE-2026-42838 CVE-2026-42891	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Spoofing
Office	365 Apps for Enterprise Excel/Word 2016 Office 2016, 2019 LTSC 2021, 2024 including for Mac Teams Teams, Office, Excel, Powerpoint for Android Outlook for iOS Office Online Server	Critical	CVE-2026-32185 CVE-2026-33823 CVE-2026-35436 CVE-2026-35440 CVE-2026-40358 CVE-2026-40359 CVE-2026-40360 CVE-2026-40361 CVE-2026-40362 CVE-2026-40363 CVE-2026-40364 CVE-2026-40366 CVE-2026-40367 CVE-2026-40418 CVE-2026-40419 CVE-2026-40420 CVE-2026-40421 CVE-2026-41102 CVE-2026-42831 CVE-2026-42832 CVE-2026-42893	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution Spoofing Tampering
SharePoint	Enterprise Server 2016 Server 2019 Server Subscription Edition	Critical	CVE-2026-33110 CVE-2026-33112 CVE-2026-35439 CVE-2026-40357 CVE-2026-40365 CVE-2026-40367 CVE-2026-40368	Workaround: No Exploited: No Public: No	Remote Code Execution
Azure	AI Foundry Cloud Shell Connected Machine Agent IOT Central Logic Apps Machine Learning Managed Instance for Apache Cassandra Monitor Action Group notification system Monitor Agent including Metrics Extension SDK for Java Confluence SAML SSO plugin Enterprise Security Token Service (ESTS) Entra ID JIRA SAML SSO plugin Partner Center Purview eDiscovery Admin Center in Azure Portal	Critical	CVE-2026-21515 CVE-2026-24303 CVE-2026-26150 CVE-2026-32204 CVE-2026-32207 CVE-2026-33109 CVE-2026-33117 CVE-2026-33833 CVE-2026-33844 CVE-2026-34327 CVE-2026-35428 CVE-2026-35431 CVE-2026-35435 CVE-2026-40379 CVE-2026-40381 CVE-2026-41086 CVE-2026-41103 CVE-2026-41105 CVE-2026-42823 CVE-2026-42830	Workaround: No Exploited: No Public: No	Elevation of Privilege Remote Code Execution Security Feature Bypass Spoofing
Developer Tools	.NET 10, 9 and 8 installed on Linux, MacOS and Windows ASP.NET Core 10.0 Azure DevOps .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, 4.8.1 Data Formulator Visual Studio 2017 15.9 - 15.0 Visual Studio 2019 16.11 - 16.0 Visual Studio 2022 17.14/17.12 Visual Studio 2026 18.5 Visual Studio Code including Live Preview extension	Critical	CVE-2026-32175 CVE-2026-32177 CVE-2026-35433 CVE-2026-40372 CVE-2026-41094 CVE-2026-41109 CVE-2026-41610 CVE-2026-41611 CVE-2026-41612 CVE-2026-41613 CVE-2026-42826 CVE-2026-42899	Workaround: No Exploited: No Public: No	Denial of Service Elevation of Privilege Information Disclosure Remote Code Execution Security Feature Bypass Tampering
SQL Server	2016 SP3 GDR and Azure Connect Feature Pack 2017 CU31/GDR 2019 CU32/GDR 2022 CU24/GDR 2025 CU4/GDR	Important	CVE-2026-40370	Workaround: No Exploited: No Public: No	Remote Code Execution
Dynamics	365 Customer Insights 365 (online/on-premises v9.1) 365 Business Central 2024 Release Wave 2 365 Business Central 2026 Release Wave 1 365 Business Central Release Wave 1 and 2 Power Apps Power Automate for Desktop	Critical	CVE-2026-32172 CVE-2026-32210 CVE-2026-33821 CVE-2026-40374 CVE-2026-40417 CVE-2026-42833 CVE-2026-42898	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution Spoofing
Apps	365 CoPilot also for Android, Desktop 365 Copilot's Business Chat Word for Android Bing	Critical	CVE-2026-26129 CVE-2026-26164 CVE-2026-33102 CVE-2026-33819 CVE-2026-41100 CVE-2026-41101 CVE-2026-41614 CVE-2026-42832	Workaround: No Exploited: No Public: No	Elevation of Privilege Information Disclosure Remote Code Execution Spoofing

Send me this chart next Patch Tuesday.

User name:
Password:
	/ Forgot?
	Register

May 2026 Patch Tuesday	"Patch Tuesday - Surprise! No Zero Days This Month! " - sponsored by Action1

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2026 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.