Today's Top Windows System Articles for 2026-05-13
Articles for the IT Professional. Each day we look at roughly 100 sites for Windows articles and bring them here.
Update your older iPhone, iPad, or Mac now, to get new fixes for WebKit, Wi-Fi & kernel flaws
On Monday, Apple released critical security updates for iPads, Macs, and iPhones running older operating systems to fix serious flaws tied to WebKit, kernel access, Wi-Fi, and sandbox escapes.Apple pu...
AppleInsider News
May 11, 2026 - appleinsider.com
Anthropic’s bug-hunting Mythos was greatest marketing stunt ever, says cURL creator
After all that hype, AI scanner found one low-severity cURL flaw
www.theregister.com - Articles
May 11, 2026 - theregister.com
Apple updates App Store rules for betting apps in Brazil
Following changes to Brazil’s betting regulation, Apple now requires a Brazilian betting license for fixed-odds betting apps on the App Store. Here are the details. more…
9to5Mac
May 11, 2026 - 9to5mac.com
AI Mushy Brain Syndrome
$1 submitted by /u/Grouchy-Western-5757
Reddit : Sysadmin
May 11, 2026 - reddit.com
Tech Companies Fail To Kill Colorado’s ‘Right To Repair’ Law
Last month we noted how tech companies, automakers, and others were trying to kill Colorado’s existing “right to repair” law, which is supposed to make it cheaper and easier to repair the things you o...
Techdirt
May 11, 2026 - techdirt.com
Microsoft Intune April-May 2026: app inventory, Linux SSO, and Apple ADE
Microsoft Intune's April and May 2026 updates deliver three areas of practical change for administrators: richer and more frequent app inventory for Windows devices, a redesigned single sign-on (SSO) ...
4sysops
May 11, 2026 - 4sysops.com
When Windows Update hangs: automatic recovery for update failures patches update experience
In a blog post titled 'Your Windows Update experience just got updated,' Microsoft has discussed its new mechanism to handle update installation failures on Windows 11: Windows now attempts to repair ...
4sysops
May 11, 2026 - 4sysops.com
IMF warns of the potential for AI attacks on global financial systems
The International Monetary Fund (IMF) is warning that AI could become a growing threat to global financial stability by making cyberattacks faster and more sophisticated. In a new analysis, the organi...
WWDC: From NeXTStep for Apple to Apple’s next step for AI – Computerworld
May 11, 2026 - computerworld.com
Microsoft exec Shawn Bice returns to AWS to lead reliability push for AI agents
Shawn Bice, who left AWS for Microsoft's security organization in 2022, is returning to Amazon as VP of AI Services to lead the Automated Reasoning Group under Swami Sivasubramanian's Agentic AI organ...
GeekWire
May 11, 2026 - geekwire.com
Fallout Season 3 just added one of the best actors from my favorite TV show to its cast, and I'm ecstatic — Amazon and Bethesda can't bring it fast enough
Amazon has announced that for Fallout Season 3, Aaron Paul of Breaking Bad and Westworld fame is joining the show's star-studded cast.
Latest from Windows Central
May 11, 2026 - windowscentral.com
Thinking Machines shows off preview of near-realtime AI voice and video conversation with new 'interaction models'
Is AI leaving the era of "turn-based" chat?Right now, all of us who use AI models regularly for work or in our personal lives know that the basic interaction mode across text, imagery, audio, and vide...
VentureBeat
May 11, 2026 - venturebeat.com
AI built Work order organizer / prioritizer / planner (PowerShell + HTML)
$1 submitted by /u/markvincentoneil
Reddit : K-12 Systems Administrators
May 11, 2026 - reddit.com
In The Vacuum Of AI Legislation, Libraries Have The Playbook
The White House AI framework made official what we already knew: this administration has no interest in regulating AI. Any legislation that contradicts the framework will be a dead end. In this regula...
Techdirt
May 11, 2026 - techdirt.com
Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto.
Ars Technica - All content
May 11, 2026 - arstechnica.com
Linux bitten by second severe vulnerability in as many weeks
Production-version patches are coming online and should be installed pronto.
Ars Technica
May 11, 2026 - arstechnica.com
An AI agent runs this experimental Swedish café. Here’s how it’s going
The coffee might be poured by a human hand, but behind the counter, something far less traditional is calling the shots at an experimental café in Stockholm. San Francisco-based startup Andon Labs h...
Fast Company - technology
May 11, 2026 - fastcompany.com
UniFi AP Bridged Me Onto a Neighbor’s Private Subnet
$1 submitted by /u/pyth0000n
Reddit : Sysadmin
May 11, 2026 - reddit.com
Microsoft researchers find AI models and agents can't handle long-running tasks
An intern who failed this much would be shown the door
www.theregister.com - Articles
May 11, 2026 - theregister.com
May update: What’s new in Security for partners
This month’s Security partner update highlights what’s new across Microsoft Security to help you grow your practice and deliver stronger, more secure customer outcomes. Below, you’ll find key product ...
New blog articles in Microsoft Community Hub
May 12, 2026 - techcommunity.microsoft.com
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present
Information published.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline
UPDATED: Sorry, kids, everything's back up so get to work on your new assignment - An essay on the ethics of paying ransoms, because it looks like that's what happened here
www.theregister.com - Articles
May 12, 2026 - theregister.com
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies
Information published.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification)
Information published.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-43353 i3c: mipi-i3c-hci: Fix race in DMA ring dequeue
Information published.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
Strengthening Cybersecurity for Education‑Focused Nonprofits and Education Institutions
Cybersecurity is one of the most urgent priorities facing education‑focused nonprofits and education institutions today. Whether you’re a nonprofit delivering tutoring, literacy, STEM, or adult learni...
New blog articles in Microsoft Community Hub
May 12, 2026 - techcommunity.microsoft.com
Red Hat blasts RHEL 10.1 into orbit aboard Voyager's micro datacenter
Orbital compute platform, which launched on a mission to the ISS last year, gets an immutable upgrade alongside refreshed container images
www.theregister.com - Articles
May 12, 2026 - theregister.com
Azure Arc AKS Explained: Run Kubernetes Beyond Azure Cloud
Modern enterprises are no longer running workloads only inside a centralized cloud environment. Applications today operate across: On-premises datacenters Remote branch offices Manufacturing plants R...
New blog articles in Microsoft Community Hub
May 12, 2026 - techcommunity.microsoft.com
Running Foundry Agent Service on Azure Container Apps
Microsoft’s Customer Zero blog series gives an insider view of how Microsoft builds and operates Microsoft using our trusted, enterprise-grade agentic platform. Learn best practices from our engineeri...
New blog articles in Microsoft Community Hub
May 12, 2026 - techcommunity.microsoft.com
Google search seems to be down
$1 submitted by /u/rose_gold_glitter
Reddit : Sysadmin
May 12, 2026 - reddit.com
Google says no outage but Search may be down with "internal server error"
Google's most useful feature, Search, may be broken at the moment as it is frequently failing to complete user requests. Read more...
Neowin
May 12, 2026 - neowin.net
Veteran network architect proposes IPv8 – to improve IPv4, not leapfrog v6
Critics are not convinced this plan to add an ‘area code’ based on ASNs has much merit
www.theregister.com - Articles
May 12, 2026 - theregister.com
CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-32177 .NET Elevation of Privilege Vulnerability
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
Improper authentication in Azure SDK allows an unauthorized attacker to bypass a security feature over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Application Identity (AppID) Subsystem allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
Null pointer dereference in Windows Storport Miniport Driver allows an unauthorized attacker to deny service over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
Integer overflow or wraparound in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35419 Windows DWM Core Library Information Disclosure Vulnerability
Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
Missing release of memory after effective lifetime in Windows Internet Key Exchange (IKE) Protocol allows an unauthorized attacker to deny service over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35433 .NET Elevation of Privilege Vulnerability
Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
Missing authorization in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
Access of resource using incompatible type ('type confusion') in Microsoft Office Word allows an unauthorized attacker to execute code locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
Use after free in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
Use after free in Windows SMB Client allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
Use after free in Windows TCP/IP allows an unauthorized attacker to execute code over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
External control of file name or path in Microsoft Office Word allows an unauthorized attacker to disclose information over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
External control of file name or path in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
Improper control of generation of code ('code injection') in Microsoft Data Formulator allows an unauthorized attacker to execute code over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41095 Data Deduplication Elevation of Privilege Vulnerability
Use after free in Data Deduplication allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability
Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of special elements in output used by a downstream component ('injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to bypass a security feature over...
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
Improper neutralization of input during web page generation ('cross-site scripting') in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
Improper neutralization of script-related html tags in a web page (basic xss) in Visual Studio Code allows an unauthorized attacker to execute code locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent netw...
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.
MSRC Security Update Guide
May 12, 2026 - msrc.microsoft.com
CVE-2026-42831 Microsoft Office Remote Code Execution Vulnerability
Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally.