- 125/2026
- Critical
Microsoft has released its monthly patch of security updates, known as Patch Tuesday. The mentioned patch addressed 120 flaws across multiple products. Microsoft has addressed multiple vulnerabilities in this release that could allow attackers to gain elevated privileges, perform spoofing attacks, bypass security restrictions, obtain sensitive information, conduct denial-of-service attacks, or execute arbitrary code and gain access to the affected systems.
May’s Patch Tuesday was released to fix security flaws in several Microsoft products, such as Microsoft .NET, Azure Monitor Agent, Windows Admin Center, Microsoft Visual Studio and Visual Studio Code, Power Automate, Microsoft Edge, Windows TCP/IP, Windows Kernel, Windows Hyper-V, Microsoft Teams, Microsoft SQL Server, Windows Admin Center, and Microsoft Office.
Sample of the addressed vulnerabilities:
1. Azure Logic Apps Elevation of Privilege Vulnerability (CVE-2026-42823):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability (CVE-2026-42898):
- CVSS: 9.9
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Access
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.