Microsoft has rolled out its May 2026 Patch Tuesday updates for Windows 11, addressing a total of 97 security vulnerabilities throughout the Windows ecosystem.
Comprehensive Security Enhancements
This month’s updates encompass a wide array of fixes across various components, including Windows itself, Microsoft Office, Azure services, SQL Server, SharePoint, Hyper-V, .NET, and several cloud platforms. Notably, Microsoft has confirmed that none of the vulnerabilities were publicly disclosed or actively exploited prior to the release of these patches. However, several bugs have been assigned critical severity ratings, indicating a heightened risk of exploitation.
The updates, encapsulated in KB5089549 for Windows 11 versions 24H2 and 25H2, elevate systems to builds 26100.8457 and 26200.8457. Alongside the crucial security fixes, Microsoft has also resolved reliability issues related to Secure Boot and BitLocker recovery that emerged from previous updates.
Critical Vulnerabilities Addressed
Among the most pressing vulnerabilities patched this month is CVE-2026-32169, a critical flaw in Azure Cloud Shell that allows for elevation of privilege, boasting a maximum CVSS score of 10.0. This vulnerability arises from a server-side request forgery (SSRF) issue, enabling an unauthenticated attacker to elevate privileges over a network without user interaction.
Azure Cloud Shell serves as Microsoft’s browser-based command-line interface, widely utilized by administrators and developers for managing Azure resources within enterprise cloud environments.
Additionally, Microsoft has addressed CVE-2026-21536, a critical remote code execution vulnerability in the Microsoft Devices Pricing Program, which carries a CVSS score of 9.8. This flaw is attributed to the unrestricted upload of potentially harmful file types, allowing attackers to execute arbitrary code remotely without the need for authentication.
Two more critical vulnerabilities, CVE-2026-32191 and CVE-2026-32194, impact Microsoft Bing Images, both receiving CVSS scores of 9.8. These command injection vulnerabilities could lead to remote code execution over a network, requiring neither authentication nor user interaction for exploitation.
Additional Security Fixes
Several significant Windows privilege escalation vulnerabilities have also been addressed, including flaws in the Windows Kernel, Winlogon, SMB Server, ATBroker.exe, and the Ancillary Function Driver for WinSock. Microsoft has flagged some of these vulnerabilities, such as CVE-2026-24289, CVE-2026-24291, CVE-2026-24294, CVE-2026-25187, and CVE-2026-26132, as having a higher likelihood of exploitation.
The Patch Tuesday release also rectifies multiple remote code execution vulnerabilities in Microsoft Office and Excel, specifically CVE-2026-26107 through CVE-2026-26113, along with SharePoint flaws that could compromise enterprise collaboration servers.
Proactive Measures and User Guidance
In addition to the security enhancements, Microsoft has issued a warning regarding upcoming Secure Boot certificate expirations beginning in June 2026. Devices that do not receive updated certificates in a timely manner may encounter Secure Boot issues. To mitigate potential disruptions, Microsoft has expanded device targeting for automatic Secure Boot certificate delivery in this update.
The update also resolves a problem where certain systems entered BitLocker recovery following the installation of the April 2026 updates, particularly on devices with specific TPM and PCR7 validation configurations. Microsoft assures users that boot reliability has been improved to prevent unnecessary recovery prompts after boot file updates.
Currently, Microsoft reports no known issues affecting the May 2026 cumulative updates.
Windows users can conveniently install the updates via Settings → Windows Update, with a system restart required for the changes to take effect. As a best practice, users are advised to back up their essential data prior to applying the update.
If you found this information useful, consider following us on X/Twitter and LinkedIn for more exclusive content.