Microsoft’s May 2026 Patch Tuesday Updates Fix 30 Critical Flaws

Microsoft patches 138 vulnerabilities in May 2026 updates while adding new Windows 11 features, stability fixes, and other enhancements.

Windows update hero image

Key Takeaways:

  • Microsoft fixed 138 security flaws across major products.
  • Several critical bugs could enable remote system takeover.
  • Windows 11 gains new accessibility, and stability upgrades.

Microsoft has released the May 2026 Patch Tuesday updates for Windows 11. This month, Microsoft has fixed a total of 138 security flaws in Windows, Office, Microsoft Edge, Azure, .NET and Visual Studio, Copilot Chat, GitHub Copilot, and Microsoft 365 Copilot.

On the quality and experience updates front, the KB5089548 update (26H1) brings enhancements to Narrator and strengthens Smart App Control. It also enhances pen settings and introduces a redesigned “About” page in Settings. It also adds more Microsoft 365 promotions within Settings and delivers small usability improvements to File Explorer.

138 vulnerabilities fixed in the May 2026 Patch Tuesday updates

According to the Zero Day Initiative, Microsoft’s May 2026 Patch Tuesday Updates include fixes for 138 vulnerabilities. Among these, only 30 are categorized as “Critical,” 3 are deemed “Moderate,” one is rated ” Low, ” and the rest carry an “Important” severity rating. Let’s take a look at some of the more interesting updates for this month.

  • CVE-2026-41096: This is a critical Windows vulnerability in the DNS client caused by a memory overflow flaw, which can be triggered remotely by sending a specially crafted DNS response. If exploited, it allows an attacker to run arbitrary code on the target system without authentication, which potentially leads to full system compromise.
  • CVE‑2026‑41089: This is a critical vulnerability in Windows Netlogon that allows an unauthenticated attacker to execute code on a domain controller by sending a specially crafted network request. It can give attackers powerful control over authentication systems that potentially leads to full domain compromise.
  • CVE‑2026‑42898: This is a critical code‑injection flaw in Microsoft Dynamics 365 (on‑premises) that allows an authenticated attacker to execute malicious code over a network. If exploited, it can lead to full system compromise, allowing attackers access to modify or disrupt sensitive data and services.
  • CVE-2026-40415: This is a high‑severity vulnerability in the Windows TCP/IP stack caused by a use‑after‑free memory error, which can be triggered remotely using specially crafted network packets. It could allow an unauthenticated attacker to execute arbitrary code over the network, potentially taking full control of the affected system

Here’s the complete list of resolved vulnerabilities in the May 2026 Patch Tuesday updates:

TagCVEBase ScoreCVSS VectorExploitabilityFAQs?Workarounds?Mitigations?
Windows Rich Text EditCVE-2026-215306.7CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
M365 CopilotCVE-2026-261297.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CN/AYesNoNo
M365 CopilotCVE-2026-261647.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Native WiFi Miniport DriverCVE-2026-321617.5CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Rich Text Edit ControlCVE-2026-321706.7CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
.NETCVE-2026-321754.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
.NETCVE-2026-321777.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft TeamsCVE-2026-321855.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Azure Monitor AgentCVE-2026-322047.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure Machine LearningCVE-2026-322078.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C YesNoNo
Windows Filtering Platform (WFP)CVE-2026-322094.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Azure Managed Instance for Apache CassandraCVE-2026-331099.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CN/AYesNoNo
Microsoft Office SharePointCVE-2026-331108.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Copilot Chat (Microsoft Edge)CVE-2026-331117.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2026-331128.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure SDKCVE-2026-331179.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Dynamics 365 Customer InsightsCVE-2026-338217.7CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:CN/AYesNoNo
Microsoft TeamsCVE-2026-338239.6CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:U/RL:O/RC:CN/AYesNoNo
Azure Machine LearningCVE-2026-338338.2CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Event Logging ServiceCVE-2026-338347.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Cloud Files Mini Filter DriverCVE-2026-338357.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows TCP/IPCVE-2026-338377.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Message QueuingCVE-2026-338387.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Win32K – GRFXCVE-2026-338397CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Win32K – ICOMPCVE-2026-338407.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows KernelCVE-2026-338417.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Azure Managed Instance for Apache CassandraCVE-2026-338449CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CN/AYesNoNo
Microsoft Partner CenterCVE-2026-343278.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:CN/AYesNoNo
Windows Message QueuingCVE-2026-343298.8CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Win32K – GRFXCVE-2026-343307.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Win32K – GRFXCVE-2026-343317CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Kernel-Mode DriversCVE-2026-343328CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Win32K – GRFXCVE-2026-343337.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows TCP/IPCVE-2026-343347.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows DWM Core LibraryCVE-2026-343367.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Cloud Files Mini Filter DriverCVE-2026-343377.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Telephony ServiceCVE-2026-343387.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows LDAP – Lightweight Directory Access ProtocolCVE-2026-343395.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Windows Projected File SystemCVE-2026-343407CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Link-Layer Discovery Protocol (LLDP)CVE-2026-343417CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Print Spooler ComponentsCVE-2026-343427CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Application Identity (AppID) SubsystemCVE-2026-343437.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Ancillary Function Driver for WinSockCVE-2026-343447.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Ancillary Function Driver for WinSockCVE-2026-343457CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Win32K – GRFXCVE-2026-343477CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Storport Miniport DriverCVE-2026-343506.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows TCP/IPCVE-2026-343517.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Storage Spaces ControllerCVE-2026-354157.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Ancillary Function Driver for WinSockCVE-2026-354167CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Win32K – ICOMPCVE-2026-354177.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Cloud Files Mini Filter DriverCVE-2026-354187.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows DWM Core LibraryCVE-2026-354195.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2026-354207.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows GDICVE-2026-354217.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows TCP/IPCVE-2026-354226.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Telnet ClientCVE-2026-354235.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Internet Key Exchange (IKE) ProtocolCVE-2026-354247.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation UnlikelyNoNoNo
Azure Cloud ShellCVE-2026-354289.6CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CN/AYesNoNo
Microsoft Edge for AndroidCVE-2026-354294.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:CExploitation UnlikelyYesNoNo
.NETCVE-2026-354337.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Azure AI Foundry M365 published agentsCVE-2026-354358.6CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Office Click-To-RunCVE-2026-354368.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Admin CenterCVE-2026-354388.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2026-354398.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office WordCVE-2026-354405.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office SharePointCVE-2026-403578.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2026-403588.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2026-403597.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office ExcelCVE-2026-403607.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Office WordCVE-2026-403618.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Office ExcelCVE-2026-403627.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2026-403638.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office WordCVE-2026-403648.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Microsoft Office SharePointCVE-2026-403658.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office WordCVE-2026-403668.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office WordCVE-2026-403678.4CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Office SharePointCVE-2026-403688CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows KernelCVE-2026-403697.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
SQL ServerCVE-2026-403708.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Power AutomateCVE-2026-403746.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Cryptographic ServicesCVE-2026-403777.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure Entra IDCVE-2026-403799.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:CN/AYesNoNo
Windows Volume Manager Extension DriverCVE-2026-403806.2CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Azure Connected Machine AgentCVE-2026-403817.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Telephony ServiceCVE-2026-403827.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Common Log File System DriverCVE-2026-403977.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows Remote DesktopCVE-2026-403987.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Windows TCP/IPCVE-2026-403997.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows TCP/IPCVE-2026-404017.1CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Hyper-VCVE-2026-404029.3CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Win32K – GRFXCVE-2026-404038.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows TCP/IPCVE-2026-404057.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Windows TCP/IPCVE-2026-404067.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Common Log File System DriverCVE-2026-404077.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Kernel-Mode DriversCVE-2026-404087.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows SMB ClientCVE-2026-404107CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows TCP/IPCVE-2026-404137.4CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows TCP/IPCVE-2026-404147.4CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows TCP/IPCVE-2026-404158.1CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2026-404164.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Dynamics Business CentralCVE-2026-404177.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office Click-To-RunCVE-2026-404187.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft OfficeCVE-2026-404197.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office Click-To-RunCVE-2026-404208.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Office WordCVE-2026-404214.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Admin CenterCVE-2026-410868.8CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Ancillary Function Driver for WinSockCVE-2026-410887.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows NetlogonCVE-2026-410899.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Data FormulatorCVE-2026-410948.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Data DeduplicationCVE-2026-410957.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Windows DNSCVE-2026-410969.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Windows Secure BootCVE-2026-410976.7CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
M365 CopilotCVE-2026-411004.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Office WordCVE-2026-411017.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Office PowerPointCVE-2026-411027.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft SSO Plugin for Jira & ConfluenceCVE-2026-411039.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:CExploitation More LikelyYesNoNo
Azure Notification ServiceCVE-2026-411058.1CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:CN/AYesNoNo
Microsoft Edge (Chromium-based)CVE-2026-411077.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
GitHub Copilot and Visual StudioCVE-2026-411098.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual Studio CodeCVE-2026-416106.3CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual Studio CodeCVE-2026-416117.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual Studio CodeCVE-2026-416125.5CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Visual Studio CodeCVE-2026-416138.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
M365 Copilot for DesktopCVE-2026-416146.2CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Azure Logic AppsCVE-2026-428239.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Windows Telephony ServiceCVE-2026-428257CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Azure DevOpsCVE-2026-4282610CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CN/AYesNoNo
Azure Monitor AgentCVE-2026-428306.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft OfficeCVE-2026-428317.8CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft OfficeCVE-2026-428327.7CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
Microsoft Dynamics 365 (on-premises)CVE-2026-428339.1CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2026-428385.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Edge (Chromium-based)CVE-2026-428916.5CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
M365 CopilotCVE-2026-428937.4CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N/E:U/RL:O/RC:CExploitation Less LikelyNoNoNo
Windows DWM Core LibraryCVE-2026-428967.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation Less LikelyYesNoNo
Microsoft Dynamics 365 (on-premises)CVE-2026-428989.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:CExploitation UnlikelyYesNoNo
ASP.NET CoreCVE-2026-428997.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:CExploitation UnlikelyNoNoNo

Quality and experience updates

The KB5089549 update for Windows 11 version 24H2 and 25H2 introduces various new features, security fixes, and performance improvements. The list of key features includes new expanded archive format support in File Explorer, improved haptic feedback for compatible input devices, and a redesigned voice typing interface, along with enhancements to taskbar responsiveness and Windows Hello reliability.

This update also strengthens system stability and security by fixing BitLocker boot issues, improving startup and networking reliability, updating Secure Boot handling, and applying numerous security patches.

Windows Update testing and best practices

Organizations looking to deploy this month’s patches should conduct thorough testing before deploying them widely on production systems. That said, applying the patches widely shouldn’t be delayed longer than necessary as hackers start to work out how to weaponize newly reported vulnerabilities.

A best practice is to make sure you have backed up systems before applying updates. Every month, users experience issues with Windows updates that lead to systems not booting, application and hardware compatibility issues, or even data loss in extreme cases.

There are backup tools built into Windows and Windows Server that you can use to restore systems in the event a patch causes a problem. The backup features in Windows can be used to restore an entire system, or files and folders on a granular basis.

Rabia Noureen profile picture
Rabia Noureen News Editor

Follow

Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...

SHARE ARTICLE

Related Articles

See all