ON May 12, 2026, Microsoft released patches for 137 vulnerabilities during Patch Tuesday. Key highlights include:
1. **CVE-2026-41089**: A critical RCE in Windows Netlogon, CVSS score 9.8, allowing SYSTEM privilege escalation without user interaction.
2. **CVE-2026-41096**: Critical RCE in the Windows DNS client, CVSS score 9.8, though exploitation is seen as less likely due to mitigations in place.
3. **CVE-2026-41103**: Critical elevation of privilege vulnerability in the Entra ID auth plugin for JIRA/Confluence, with exploitation rated more likely.
4. Microsoft's WARP team has been acknowledged for multiple vulnerabilities, suggesting advanced AI research efforts.
5. **Lifecycle Updates**: No major updates, though .NET 9 STS has an extended support end date.
Additionally, detailed vulnerability charts and tables categorized by impact and type provide further insights into the month’s security landscape.