CTI Swarm
Zurück zu allen Deep Dives
RAPID7 CYBERSECURITY BLOG

Patch Tuesday - May 2026

Strategische Zusammenfassung

Netlogon-RCE (CVE-2026-41089) kritisch für Active-Directory-Umgebungen; keine bekannte Ausnutzung in freier Wildbahn, aber sofortige Patching von Domain Controllern erforderlich.

Volltext

Title: Patch Tuesday - May 2026

URL Source: https://www.rapid7.com/blog/post/em-patch-tuesday-may-2026

Published Time: Wed, 13 May 2026 01:23:13 GMT

Markdown Content: # Patch Tuesday - May 2026

* Platform * Services * Resources * Partners * Company

[Request Demo](https://www.rapid7.com/request-demo/)

[Back to Blog](https://www.rapid7.com/blog/)

Exposure Management # Patch Tuesday - May 2026

[ Adam Barnett](https://www.rapid7.com/blog/author/adam-barnett/)

May 13, 2026|Last updated on May 13, 2026|xx min read

Microsoft is publishing 137 vulnerabilities on [May 2026 Patch Tuesday](https://msrc.microsoft.com/update-guide/releaseNote/2026-May). Microsoft is not aware of exploitation in the wild or public disclosure for any of these vulnerabilities. So far this month, Microsoft has provided patches to address 133 browser vulnerabilities, which are not included in the Patch Tuesday count above.

### Windows Netlogon: critical RCE

Anyone responsible for securing a domain controller should prioritize remediation of [CVE-2026-41089](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41089), which is a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8. Exploitation leads to execution in the context of the Netlogon service, so that’s SYSTEM privileges on the domain controller. For most pentesters, that’s the point at which the customer report more or less writes itself. No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.

Microsoft assesses exploitation as less likely, but since those exploitability assessments are provided without an accompanying explanation, it’s not clear how much reassurance defenders should take. Anyone who remembers the much-discussed [CVE-2020-1472](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-1472) (aka ZeroLogon) back in 2020 will note that [CVE-2026-41089](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41089) offers an attacker more immediate control of a domain controller. Patches are available for all versions of Windows Server from 2012 onwards.

### Windows DNS Client: critical RCE

An attacker looking for a master key for Windows assets will pay attention to [CVE-2026-41096](https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-41096), a critical RCE in the Windows DNS client implementation. A modern computer talks to DNS the way a child in the back of a car asks “are we there yet?” The variable and complex structure of DNS responses means that DNS client implementations are also complex and thus prone to flaws.

[… 93,926 Zeichen — nächste Zone: keyword-dense paragraphs …]

| CVE | Title | Exploitation status | Publicly disclosed? | CVSS v3 base score | | --- | --- | --- | --- | --- | | [CVE-2026-31706](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31706) | ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() | n/a | No | 8.8 | | [CVE-2026-31723](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31723) | usb: gadget: f_subset: Fix net_device lifecycle with device_move | n/a | No | 7.8 | | [CVE-2026-31724](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31724) | usb: gadget: f_eem: Fix net_device lifecycle with device_move | n/a | No | 7.8 | | [CVE-2026-43053](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-43053) | xfs: close crash window in attr dabtree inactivation | n/a | No | 5.5 | | [CVE-2026-43048](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-43048) | HID: core: Mitigate potential OOB by removing bogus memset() | n/a | No | 8.8 | | [CVE-2026-31777](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31777) | ALSA: ctxfi: Check the error for index mapping | n/a | No | 7.0 | | [CVE-2026-31722](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31722) | usb: gadget: f_rndis: Fix net_device lifecycle with device_move | n/a | No | 7.8 | | [CVE-2026-43036](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-43036) | net: use skb_header_pointer() for TCPv4 GSO frag_off check | n/a | No | 5.5 | | [CVE-2026-31769](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31769) | gpib: fix use-after-free in IO ioctl handlers | n/a | No | | | [CVE-2026-31707](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31707) | ksmbd: validate response sizes in ipc_validate_msg() | n/a | No | 7.1 | | [CVE-2026-31725](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-31725) | usb: gadget: f_ecm: Fix net_device lifecycle with device_move | n/a | No | 7.8 | | [CVE-2026-43049](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-43049) | HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure | n/a | No | 7.0 | | [CVE-2026-43022](https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-43022) | Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists | n/a | No | | | […]

| CVE | Title | Exploitation status | Publicly […]

[… 93,488 Zeichen — nächste Zone: tail …]

* [Partner Programs](https://www.rapid7.com/partners/)

* [Investors](https://investors.rapid7.com/)

* [Careers](https://careers.rapid7.com/)

### Stay Informed

* [Blog](https://www.rapid7.com/blog/)

* [Emergent Threat Response](https://www.rapid7.com/blog/tag/emergent-threat-response/)

* [Webinars & Events](https://www.rapid7.com/about/events-webcasts/)

* [Rapid7 Labs Research](https://www.rapid7.com/research/)

* [Vulnerability Database](https://www.rapid7.com/db/)

* [Security Fundamentals](https://www.rapid7.com/fundamentals/)

### For Customers

* [Sign In](https://insight.rapid7.com/saml/SSO)

* [Support Portal](https://www.rapid7.com/for-customers/)

* [Product Documentation](https://docs.rapid7.com/)

* [Extension Library](https://extensions.rapid7.com/)

* [Rapid7 Academy](https://academy.rapid7.com/)

* [Customer Escalation Portal](https://information.rapid7.com/Customer-Escalation.html)

### Contact Support

* [+1-866-390-8113](tel:+1-866-390-8113)

### Follow Us

[ LinkedIn](https://www.linkedin.com/company/39624)[ X (Twitter)](https://twitter.com/Rapid7)[ Facebook](https://www.facebook.com/rapid7)[ Instagram](https://www.instagram.com/rapid7/)[ Bluesky](https://bsky.app/profile/rapid7.com)

© Rapid7

[Legal Terms](https://www.rapid7.com/legal/)[Privacy Policy](https://www.rapid7.com/privacy-policy/)[Export Notice](https://www.rapid7.com/export-notice/)[Trust](https://www.rapid7.com/trust/)[Cookie List](https://www.rapid7.com/cookie-list/)[Accessibility Statement](https://www.rapid7.com/legal/website-accessibility-statement/)