Microsoft May 2026 Patch Tuesday: 120 Security Flaws Fixed, 17 Rated Critical

Microsoft has rolled out its May 2026 Patch Tuesday security update, addressing 120 vulnerabilities across Windows, Office, SharePoint, Azure, and Microsoft Word. Seventeen of the flaws are classified as Critical, with 14 of those being remote code execution vulnerabilities that could allow attackers to run malicious code on affected systems remotely.

Notably, Microsoft confirmed that none of the 120 vulnerabilities patched this month have been actively exploited in the wild. Key critical flaws include a Windows GDI remote code execution bug triggered by opening a malicious Enhanced Metafile in Microsoft Paint, a SharePoint Server RCE flaw requiring attacker authentication, and a Windows DNS Client vulnerability exploitable by a rogue DNS server.

Other vendors including Adobe also released security advisories this month, covering After Effects, Premiere Pro, Media Encoder, Illustrator, and Commerce. Windows users and enterprise IT admins are strongly advised to apply the May 2026 updates as soon as possible.