Service Notices
Microsoft Releases May 2026 Security Updates
May 14, 2026 GMT+08:00
I. Overview
Huawei Cloud noticed that Microsoft has released its May 2026 Security Updates. A total of 118 security vulnerabilities have been disclosed, among which 16 are marked as important vulnerabilities. Attackers can exploit these vulnerabilities to escalate privileges, bypass security features, and remotely execute code. Affected applications include Microsoft Windows, Microsoft Office, .NET, and Azure.
For details, visit the Microsoft official website:
https://msrc.microsoft.com/update-guide/releaseNote/2026-May
The following vulnerabilities require close attention as they have been publicly disclosed or exploited in the wild:
12 vulnerabilities (such as CVE-2026-41103, CVE-2026-40364, and CVE-2026-40361) are marked as Exploitation More Likely. For details, see the official announcement. Please perform security self-check and security hardening in a timely manner to reduce attack risks.
II. Severity
Severity: important
(Severity: low, moderate, important, and critical)
III. Affected Products
Microsoft Windows, Microsoft Office, .NET, Azure, and other products.
IV. Vulnerability Details
|
CVE ID |
Vulnerability Name |
Severity |
Vulnerability Description |
|
CVE-2026-40403 |
Windows Graphics Component Remote Code Execution Vulnerability |
Important |
Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
|
CVE-2026-41089 |
Windows Netlogon Remote Code Execution Vulnerability |
Important |
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. |
|
CVE-2026-40367 |
Microsoft Word Remote Code Execution Vulnerability |
Important |
Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
|
CVE-2026-40402 |
Windows Hyper-V Elevation of Privilege Vulnerability |
Important |
Use after free in Windows Hyper-V allows an unauthorized attacker to elevate privileges locally. |
|
CVE-2026-40365 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
Important |
Insufficient granularity of access control in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. |
|
CVE-2026-40358 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
Unauthorized attackers induce users to download and open specially crafted files from websites to trigger the vulnerability and execute code locally. |
|
CVE-2026-35421 |
Windows GDI Remote Code Execution Vulnerability |
Important |
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. |
|
CVE-2026-41103 |
Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability |
Important |
Incorrect implementation of authentication algorithm in Microsoft SSO Plugin for Jira & Confluence allows an unauthorized attacker to elevate privileges over a network. |
|
CVE-2026-32161 |
Windows Native Wi-Fi Miniport Driver Remote Code Execution Vulnerability |
Important |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native Wi-Fi Miniport Driver allows an unauthorized attacker to execute code over an adjacent network. |
|
CVE-2026-40361 CVE-2026-40366 |
Microsoft Word Remote Code Execution Vulnerability |
Important |
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
|
CVE-2026-42898 |
Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability |
Important |
Improper control of generation of code ('code injection') in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to execute code over a network. |
|
CVE-2026-42831 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
|
CVE-2026-41096 |
Windows DNS Client Remote Code Execution Vulnerability |
Important |
Attackers can send specially crafted DNS responses to the target system to trigger the vulnerability, causing improper processing on the DNS client and memory damage. Under specific configurations, unauthorized attackers can remotely execute code on the target system. |
|
CVE-2026-40364 |
Microsoft Word Remote Code Execution Vulnerability |
Important |
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally. |
|
CVE-2026-40363 |
Microsoft Office Remote Code Execution Vulnerability |
Important |
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. |
(Note: Vulnerabilities listed above are important ones. For more information, refer to the official website of Microsoft.)
V. Security Recommendations
1. Use Windows Update or download patches from the following address to fix the vulnerabilities:
https://msrc.microsoft.com/update-guide
2. Back up data remotely to protect your data.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.