AnonymousMedia.org

Category: Uncategorized

  • Proxying the Unproxyable? Sending EXE traffic to a Proxy

    Proxying the Unproxyable? Sending EXE traffic to a Proxy


    .. if “unproxyable” is a word that is ..

    I had a recent engagement where I had to look at the network traffic generated by a Windows executable.  Unfortunately, it was all TLS, and all TLS1.3 to boot.  So from a PCAP all I got was a whole lot of “yup, that’s encrypted”, and since it was TLSv1.3 all I really had to work with was the IP addresses, not even server names in the server hello packets to help out.  And the IP addresses involved were those “500 DNS names AWS” shotgun addresses, so no help there.

    What I really needed was something to take specific traffic, say traffic from an executable, and redirect that to a proxy.  If that proxy is then burp suite, then Bob’s yer Uncle, now I can look at the traffic!!  If you’d rather use fiddler or some other proxy, go for it, anything will work.

    A few minutes of Googling, and I found Proxifier (https://www.proxifier.com/)

    Proxifier allows you set up rules, for instance “send traffic from abc.exe to proxy A”, “send traffic from def.exe to proxy B”, or “send everything else direct”, or any combination.  Proxies can be direct or Socks5.

    In my case, I was looking at a client executable, and was able to follow all the API calls and data transferred, it was EXACTLY what I needed that day.

    I can’t show you the client output – watching the API’s roll by was as cool as it gets though, and the proxy intercept in burp lets you “play” with individual calls if that’s what you need.  But I can certainly show you how this works, let’s use curl as our example exe. 

    Let’s start in proxifier.  First you need to set up your proxy(s).  In this case I’m using Burp Suite Pro running locally, so the proxy is:

    Next, we’ll set up the rules:

    The first rule says “anything to my own machine, send direct”.  Given how much loopback cruft happens on a typical Windows box, this rule is gold (unless that’s what you are looking for that is).

    The second rule is “anything from curl.exe, send to the proxy we just defined” (or whatever your executable is).

    You can have multiple of these rules doing different things.

    The final rule is “everything else, send direct”

    Now, let’s run a test with curl:



    (and so on)

    On proxifier, you see the transaction happen in real time:

    The top pane shows the executable, target and so on.  It’s somewhat ephemeral, it’ll show the live view, then will go grey after the transaction complets, then after a few second disappears.  The bottom pane scrolls in a more “log like” manner. 

    Over in Burp, you see all the business that most sites have as their lead page:

    Which is exactly what you need, and can’t get these days from a packet capture!

    What else does Proxifier do?  It also spits out a configurable log file, you can configure what’s in the logs and where to send it:

     

    You can set similar sensitivity on the live on-screen log.

    All in all, this tool was a life-saver for me, I’ve used it for a few years now and keep coming up with things that it can bail me out of!

    Got a cool use for a tool like this?  Give it a try and share your experiences in our comment form below (please keep any NDA’s in mind).

    Do you have a similar or better tool for this, again, by all means share in our comment form!

    ===============

    Rob VandenBrink

    [email protected]



    Source link

  • May’s Patch Tuesday hauls out 132 CVEs

    May’s Patch Tuesday hauls out 132 CVEs


    In another banner month for the AI-finder era, Microsoft on Tuesday released 132 patches affecting 20 product families. Twenty-nine of the addressed issues are considered by Microsoft to be of Critical severity, and 13 issues are expected to be exploited within the next 30 days. Forty-three have a CVSS base score of 8.0 or higher, including one with a “perfect” 10.0. Fourteen CVEs, including the 10.0 item mentioned above, were patched by Microsoft in advance of Patch Tuesday. Incredibly, none were publicly disclosed as of release day and none are known to be under active exploit in the wild. 

    For the second month in a row, the release includes massive set of advisories – 145 of them. As ever, the majority are Edge-related, assigned by Chrome, and patched days in advance of Patch Tuesday. One comes from AMD and was likewise already addressed. Thirteen, all affecting Adobe Commerce, were issued by Adobe.

    Various of this month’s issues are amenable to direct detection by Sophos protections, and we include information on those in the usual table below. We are as always including at the end of this post appendices listing all Microsoft’s patches sorted by severity (Appendix A), by predicted exploitability timeline and CVSS Base score (Appendix B), and by product family (Appendix C). Appendix D lists this month’s advisories. Appendix E provides a breakout of 66 CVEs affecting various versions of Windows Server, including the advisory from AMD that is otherwise not counted in the patch totals for the month. Our analysis of CWE (Common Weakness Enumeration) information made available for this month’s patches appears in Appendix F.

    By the numbers

    • Total CVEs: 132
    • Publicly disclosed: 0
    • Exploit detected: 0
    • Severity
      • Critical: 29
      • Important: 103
    • Impact:
      • Denial of Service: 8
      • Elevation of Privilege: 59
      • Information Disclosure: 14
      • Remote Code Execution: 31
      • Security Feature Bypass: 6
      • Spoofing: 11
      • Tampering: 3
    • CVSS base score 9.0 or greater: 14
    • CVSS base score 8.0 or greater: 43

     

    pt2605-figure01.png

    Figure 1: Elevation of Privilege issues once again account for the majority of the month’s CVEs, but nearly half of the Remote Control Execution CVEs are Critical-severity.

    Products

    As is our custom for this list, CVEs that apply to more than one product family are counted once for each family they affect. We note, by the way, that CVE names don’t always reflect affected product families closely. In particular, some CVEs names in the Office family may mention products that don’t appear in the list of products affected by the CVE, and vice versa. 

     

    pt2605-figure02.png

    Figure 2: A hefty 20 families are covered in May’s Patch Tuesday release. The Critical-severity issue called “Confluence / Jira” covers an SSO plug-in for those tools, as described below.

    pt2605-figure03.png

    Figure 3: The count of Elevation of Privilege CVEs passes 250, and Spoofing and Security Feature Bypass swap spots on the cumulative list of 2026 vulnerabilities. By way of comparison, as of this time last year Microsoft had addressed 470 CVEs.

    Notable May updates

    In addition to the issues discussed above, a few specific items merit attention. 

    CVE-2026-41103 — Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

    There are 14 CVEs with a CVSS Base score of 9.0 or higher this month (with 11 of those also marked as Critical-severity), but the only one Microsoft thinks is more likely to be exploited in the next 30 days is this Critical-severity Elevation of Privilege issue, which involves an incorrect implementation of an authentication algorithm (CWE-303) – not far-fetched, since this involves SSO. The bug would permit an attacker to bypass authentication and sign in as a valid user. The specifically affected plug-ins are the Microsoft Confluence SAML SSO plugin and the Microsoft JIRA SAML SSO plugin.

    CVE-2026-41089 — Windows Netlogon Remote Code Execution Vulnerability
    CVE-2026-41096 — Windows DNS Client Remote Code Execution Vulnerability

    Also in the over-9.0 CVSS Club with matching base scores of 9.8, these two CVEs both allow exploitation even by an unauthorized attacker.

    CVE-2026-40358 — Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40361 — Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40363 — Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40364 — Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40366 — Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40367 – Microsoft Word Remote Code Execution Vulnerability

    All six of these Remote Code Execution vulnerabilities can be exploited via Preview Pane. Of the six, CVE-2026-40361 and CVE-2026-40364 are thought by Microsoft to be more likely to be exploited within the first 30 days post-release.

    CVE-2026-35432 — Windows 11 Telnet Client Information Disclosure Vulnerability

    Telnet. That is all. Yes, it’s still 2026.

    Sophos protections

    CVE Sophos Intercept X/Endpoint IPS

    Sophos XGS Firewall
    CVE-2026-33835 Exp/2633835-A Exp/2633835-A
    CVE-2026-33837 Exp/2633837-A Exp/2633837-A
    CVE-2026-33840 Exp/2633840-A Exp/2633840-A
    CVE-2026-33841 Exp/2633841-A Exp/2633841-A
    CVE-2026-35416 Exp/2635416-A Exp/2635416-A
    CVE-2026-35417 Exp/2635417-A Exp/2635417-A
    CVE-2026-40361 sid:2312491, sid:2312492 sid:2312491, sid:2312492
    CVE-2026-40364 sid:2312493, sid:2312494 sid:2312493, sid:2312494
    CVE-2026-40369 Exp/2640369-A Exp/2640369-A
    CVE-2026-40397 Exp/2640397-A Exp/2640397-A
    CVE-2026-40398 Exp/2640398-A Exp/2640398-A
    CVE-2026-41089 sid:2312495 sid:2312495
    CVE-2026-41103 sid:2312499 sid:2312499

     

    As you can every month, if you don’t want to wait for your system to pull down Microsoft’s updates itself, you can download them manually from the Windows Update Catalog website. Run the winver.exe tool to determine which build of Windows you’re running, then download the Cumulative Update package for your specific system’s architecture and build number.

    Appendix A: Vulnerability Impact and Severity

    This is a list of May patches sorted by impact, then sub-sorted by severity. Each list is further arranged by CVE. 

    Elevation of Privilege (59 CVEs)

    Critical severity
    CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
    CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
    CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
    CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
    CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
    Important severity
    CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
    CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
    CVE-2026-32177 .NET Elevation of Privilege Vulnerability
    CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
    CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
    CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
    CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
    CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
    CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
    CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
    CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
    CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
    CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
    CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
    CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
    CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
    CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
    CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
    CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
    CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
    CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
    CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-35433 .NET Elevation of Privilege Vulnerability
    CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
    CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
    CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
    CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
    CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
    CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
    CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
    CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
    CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
    CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-41095 Windows Projected File System Elevation of Privilege Vulnerability
    CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
    CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
    CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability
    CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability

     

    Remote Code Execution (31 CVEs)

    Critical severity
    CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
    CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
    CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
    CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
    CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
    CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
    CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
    CVE-2026-42831 Office for Android Remote Code Execution Vulnerability
    CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
    Important severity
    CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
    CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
    CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
    CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
    CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
    CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
    CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
    CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

    Information Disclosure (14 CVEs)

    Critical severity
    CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability
    CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability
    CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
    CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
    CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
    Important severity
    CVE-2026-34336 Windows DWM Core Library Information Disclosure  Vulnerability
    CVE-2026-35419 Windows DWM Core Library Information Disclosure  Vulnerability
    CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
    CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
    CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
    CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability
    CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
    CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
    CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability

    Spoofing (11 CVEs)

    Critical severity
    CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
    CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability
    CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
    CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
    Important severity
    CVE-2026-32185 Microsoft Teams Spoofing Vulnerability
    CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
    CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
    CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability
    CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability
    CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability
    CVE-2026-42832 Microsoft Excel Spoofing Vulnerability

     

    Denial of Service (8 CVEs)

    Important severity
    CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
    CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
    CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
    CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability

     

    Security Feature Bypass (6 CVEs)

    Important severity
    CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
    CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
    CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
    CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
    CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
    CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability

     

    Tampering (3 CVEs)

    Important severity
    CVE-2026-32175 .NET Core Tampering Vulnerability
    CVE-2026-40420 Microsoft Office Click-To-Run Tampering Vulnerability
    CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability

     

    Appendix B: Exploitability and CVSS

    This is a list of the 13 May CVEs judged by Microsoft to be more likely to be exploited in the wild within the first 30 days post-release. The list is arranged by CVE.

     

    Exploitation more likely within the next 30 days
    CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
    CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
    CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
    CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
    CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
    CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

     

    These are the May CVEs with a Microsoft-assessed CVSS Base score of 8.0 or higher. They are arranged by score and further sorted by CVE. For more information on how CVSS works, please see our series on patch prioritization schema

    CVSS Base CVSS Temporal CVE Title
    10.0 8.7 CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
    9.9 8.6 CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
    9.9 8.6 CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
    9.9 8.6 CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
    9.8 8.5 CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
    9.8 8.5 CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
    9.6 8.3 CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
    9.6 8.6 CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
    9.3 8.1 CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
    9.3 8.1 CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
    9.1 7.9 CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
    9.1 7.9 CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability
    9.1 7.9 CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
    9.0 7.8 CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
    8.8 7.7 CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    8.8 7.7 CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-40370 SQL Server Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-40420 Microsoft Office Click-To-Run Tampering Vulnerability
    8.8 7.7 CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
    8.8 7.7 CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability
    8.8 7.7 CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
    8.8 7.7 CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability
    8.6 7.5 CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
    8.4 7.3 CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
    8.4 7.3 CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
    8.4 7.3 CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
    8.4 7.3 CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
    8.4 7.3 CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
    8.4 7.3 CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
    8.3 7.2 CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability
    8.2 7.1 CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
    8.2 7.1 CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability
    8.1 7.1 CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
    8.1 7.1 CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
    8.0 7.0 CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
    8.0 7.0 CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability

     

    Appendix C: Products Affected

    This is a list of May’s patches sorted by product family, then sub-sorted by severity. Each list is further arranged by CVE. Patches that are shared among multiple product families are listed multiple times, once for each product family. All CVE titles are accurate as made available by Microsoft. For further information on why certain products may appear in titles and not product families (or vice versa), please consult Microsoft.

    Windows (68 CVEs)

    Critical severity
    CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability
    CVE-2026-35421 Windows GDI Remote Code Execution Vulnerability
    CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability
    CVE-2026-40403 Windows Graphics Component Remote Code Execution Vulnerability
    CVE-2026-41089 Windows Netlogon Remote Code Execution Vulnerability
    CVE-2026-41096 Windows DNS Client Remote Code Execution Vulnerability
    Important severity
    CVE-2026-21530 Windows Rich Text Edit Elevation of Privilege Vulnerability
    CVE-2026-32170 Windows Rich Text Edit Elevation of Privilege Vulnerability
    CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
    CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability
    CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-33837 Windows TCP/IP Local Elevation of Privilege Vulnerability
    CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
    CVE-2026-33839 Win32k Elevation of Privilege Vulnerability
    CVE-2026-33840 Win32k Elevation of Privilege Vulnerability
    CVE-2026-33841 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
    CVE-2026-34330 Win32k Elevation of Privilege Vulnerability
    CVE-2026-34331 Win32k Elevation of Privilege Vulnerability
    CVE-2026-34332 Windows Kernel-Mode Driver Remote Code Execution Vulnerability
    CVE-2026-34333 Windows Win32k Elevation of Privilege Vulnerability
    CVE-2026-34334 Windows TCP/IP Elevation of Privilege Vulnerability
    CVE-2026-34336 Windows DWM Core Library Information Disclosure  Vulnerability
    CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-34338 Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
    CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability
    CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability
    CVE-2026-34342 Windows Print Spooler Elevation of Privilege Vulnerability
    CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability
    CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-34347 Windows Win32k Elevation of Privilege Vulnerability
    CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability
    CVE-2026-34351 Windows TCP/IP Elevation of Privilege Vulnerability
    CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability
    CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-35417 Windows Win32k Elevation of Privilege Vulnerability
    CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
    CVE-2026-35419 Windows DWM Core Library Information Disclosure  Vulnerability
    CVE-2026-35420 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-35422 Windows TCP/IP Driver Security Feature Bypass Vulnerability
    CVE-2026-35423 Windows 11 Telnet Client Information Disclosure Vulnerability
    CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability
    CVE-2026-40369 Windows Kernel Elevation of Privilege Vulnerability
    CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability
    CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability
    CVE-2026-40382 Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability
    CVE-2026-40399 Windows TCP/IP Elevation of Privilege Vulnerability
    CVE-2026-40401 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-40405 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-40406 Windows TCP/IP Information Disclosure Vulnerability
    CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability
    CVE-2026-40408 Windows WAN ARP Driver Elevation of Privilege Vulnerability
    CVE-2026-40410 Windows SMB Client Elevation of Privilege Vulnerability
    CVE-2026-40413 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-40414 Windows TCP/IP Denial of Service Vulnerability
    CVE-2026-40415 Windows TCP/IP Remote Code Execution Vulnerability
    CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
    CVE-2026-41095 Windows Projected File System Elevation of Privilege Vulnerability
    CVE-2026-41097 Secure Boot Security Feature Bypass Vulnerability
    CVE-2026-42825 Windows Telephony Service Elevation of Privilege Vulnerability
    CVE-2026-42896 Windows DWM Core Library Elevation of Privilege Vulnerability

    Office (16 CVEs)

    Critical severity
    CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-42831 Office for Android Remote Code Execution Vulnerability
    Important severity
    CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
    CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
    CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-40420 Microsoft Office Click-To-Run Tampering Vulnerability
    CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability

     

    365 (15 CVEs)

    Critical severity
    CVE-2026-40358 Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40363 Microsoft Office Remote Code Execution Vulnerability
    CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
    Important severity
    CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
    CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
    CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
    CVE-2026-40420 Microsoft Office Click-To-Run Tampering Vulnerability
    CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability

     

    Azure (15 CVEs)

    Critical severity
    CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability
    CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
    CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability
    CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability
    CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability
    CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability
    CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability
    CVE-2026-42826 Azure DevOps Information Disclosure Vulnerability
    Important severity
    CVE-2026-32204 Azure Monitor Agent Elevation of Privilege Vulnerability
    CVE-2026-33117 Azure SDK for Java Security Feature Bypass Vulnerability
    CVE-2026-33833 Azure Machine Learning Notebook Spoofing Vulnerability
    CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability
    CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
    CVE-2026-42823 Azure Logic Apps Elevation of Privilege Vulnerability
    CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability

     

    SharePoint (7 CVEs)

    Critical severity
    CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
    Important severity
    CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability
    CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability

     

    Visual Studio (7 CVEs)

    Important severity
    CVE-2026-32175 .NET Core Tampering Vulnerability
    CVE-2026-32177 .NET Elevation of Privilege Vulnerability
    CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
    CVE-2026-41610 Visual Studio Code Security Feature Bypass Vulnerability
    CVE-2026-41611 Visual Studio Code Remote Code Execution Vulnerability
    CVE-2026-41612 Visual Studio Code Information Disclosure Vulnerability
    CVE-2026-41613 Visual Studio Code Elevation of Privilege Vulnerability

     

    Word (7 CVEs)

    Critical severity
    CVE-2026-40361 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40364 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40367 Microsoft Word Remote Code Execution Vulnerability
    Important severity
    CVE-2026-35440 Microsoft Word Information Disclosure Vulnerability
    CVE-2026-40366 Microsoft Word Remote Code Execution Vulnerability
    CVE-2026-40421 Microsoft Word Information Disclosure Vulnerability
    CVE-2026-41101 Microsoft Word for Android Spoofing Vulnerability

    Copilot (5 CVEs)

    Critical severity
    CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability
    CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability
    CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability
    Important severity
    CVE-2026-41100 Microsoft 365 Copilot for Android Spoofing Vulnerability
    CVE-2026-41614 M365 Copilot for Desktop Spoofing Vulnerability

    .NET (4 CVEs)

    Important severity
    CVE-2026-32175 .NET Core Tampering Vulnerability
    CVE-2026-32177 .NET Elevation of Privilege Vulnerability
    CVE-2026-35433 .NET Elevation of Privilege Vulnerability
    CVE-2026-42899 ASP.NET Core Denial of Service Vulnerability

    Dynamics 365 (4 CVEs)

    Critical severity
    CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability
    CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability
    Important severity
    CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
    CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability

     

    Excel (4 CVEs)

    Important severity
    CVE-2026-40359 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-40360 Microsoft Excel Information Disclosure Vulnerability
    CVE-2026-40362 Microsoft Excel Remote Code Execution Vulnerability
    CVE-2026-42832 Microsoft Excel Spoofing Vulnerability

     

    Teams (2 CVEs)

    Critical severity
    CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability
    Important severity
    CVE-2026-32185 Microsoft Teams Spoofing Vulnerability

    Confluence / Jira (1 CVE)

    Critical severity
    CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability

     

    Data Formulator (1 CVE)

    Important severity
    CVE-2026-41094 Microsoft Data Formulator Remote Code Execution Vulnerability

     

    Outlook (1 CVE)

    Important severity
    CVE-2026-42893 Microsoft Outlook for iOS Tampering Vulnerability

     

    Partner Center (1 CVE)

    Critical severity
    CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability

     

    Power Automate (1 CVE)

    Important severity
    CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability

     

    PowerPoint(1 CVE)

    Important severity
    CVE-2026-41102 Microsoft PowerPoint for Android Spoofing Vulnerability

     

    SQL (1 CVE)

    Important severity
    CVE-2026-40370 SQL Server Remote Code Execution Vulnerability

     

    Windows Admin Center (1 CVE)

    Important severity
    CVE-2026-35438 Windows Admin Center Elevation of Privilege Vulnerability

     

    Appendix D: Advisories and Other Products

    There are 131 Edge-related advisories listed in May’s release, all but five from Chrome. Because the CVEs from Microsoft were (like the Chrome CVEs) patched before Patch Tuesday, and because this post is already shockingly long, we have massed all of them together in the very long table below.

     

    CVE-2026-7896 Chromium: CVE-2026-7896 Integer overflow in Blink
    CVE-2026-7897 Chromium: CVE-2026-7897 Use after free in Mobile
    CVE-2026-7898 Chromium: CVE-2026-7898 Use after free in Chromoting
    CVE-2026-7899 Chromium: CVE-2026-7899 Out of bounds read and write in V8
    CVE-2026-7900 Chromium: CVE-2026-7900 Heap buffer overflow in ANGLE
    CVE-2026-7901 Chromium: CVE-2026-7901 Use after free in ANGLE
    CVE-2026-7902 Chromium: CVE-2026-7902 Out of bounds memory access in V8
    CVE-2026-7903 Chromium: CVE-2026-7903 Integer overflow in ANGLE
    CVE-2026-7904 Chromium: CVE-2026-7904 Out of bounds read in Fonts
    CVE-2026-7905 Chromium: CVE-2026-7905 Insufficient validation of untrusted input in Media
    CVE-2026-7906 Chromium: CVE-2026-7906 Use after free in SVG
    CVE-2026-7907 Chromium: CVE-2026-7907 Use after free in DOM
    CVE-2026-7908 Chromium: CVE-2026-7908 Use after free in Fullscreen
    CVE-2026-7909 Chromium: CVE-2026-7909 Inappropriate implementation in ServiceWorker
    CVE-2026-7910 Chromium: CVE-2026-7910 Use after free in Views
    CVE-2026-7911 Chromium: CVE-2026-7911 Use after free in Aura
    CVE-2026-7912 Chromium: CVE-2026-7912 Integer overflow in GPU
    CVE-2026-7913 Chromium: CVE-2026-7913 Insufficient policy enforcement in DevTools
    CVE-2026-7914 Chromium: CVE-2026-7914 Type Confusion in Accessibility
    CVE-2026-7915 Chromium: CVE-2026-7915 Insufficient data validation in DevTools
    CVE-2026-7916 Chromium: CVE-2026-7916 Insufficient data validation in InterestGroups
    CVE-2026-7917 Chromium: CVE-2026-7917 Use after free in Fullscreen
    CVE-2026-7918 Chromium: CVE-2026-7918 Use after free in GPU
    CVE-2026-7919 Chromium: CVE-2026-7919 Use after free in Aura
    CVE-2026-7920 Chromium: CVE-2026-7920 Use after free in Skia
    CVE-2026-7921 Chromium: CVE-2026-7921 Use after free in Passwords
    CVE-2026-7922 Chromium: CVE-2026-7922 Use after free in ServiceWorker
    CVE-2026-7923 Chromium: CVE-2026-7923 Out of bounds write in Skia
    CVE-2026-7924 Chromium: CVE-2026-7924 Uninitialized Use in Dawn
    CVE-2026-7925 Chromium: CVE-2026-7925 Use after free in Chromoting
    CVE-2026-7926 Chromium: CVE-2026-7926 Use after free in PresentationAPI
    CVE-2026-7927 Chromium: CVE-2026-7927 Type Confusion in Runtime
    CVE-2026-7928 Chromium: CVE-2026-7928 Use after free in WebRTC
    CVE-2026-7929 Chromium: CVE-2026-7929 Use after free in MediaRecording
    CVE-2026-7930 Chromium: CVE-2026-7930 Insufficient validation of untrusted input in Cookies
    CVE-2026-7931 Chromium: CVE-2026-7931 Insufficient validation of untrusted input in iOS
    CVE-2026-7932 Chromium: CVE-2026-7932 Insufficient policy enforcement in Downloads
    CVE-2026-7933 Chromium: CVE-2026-7933 Out of bounds read in WebCodecs
    CVE-2026-7934 Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker
    CVE-2026-7935 Chromium: CVE-2026-7935 Inappropriate implementation in Speech
    CVE-2026-7936 Chromium: CVE-2026-7936 Object lifecycle issue in V8
    CVE-2026-7937 Chromium: CVE-2026-7937 Insufficient policy enforcement in DevTools
    CVE-2026-7938 Chromium: CVE-2026-7938 Use after free in CSS
    CVE-2026-7939 Chromium: CVE-2026-7939 Inappropriate implementation in SanitizerAPI
    CVE-2026-7940 Chromium: CVE-2026-7940 Use after free in V8
    CVE-2026-7941 Chromium: CVE-2026-7941 Insufficient validation of untrusted input in Mobile
    CVE-2026-7942 Chromium: CVE-2026-7942 Integer overflow in ANGLE
    CVE-2026-7943 Chromium: CVE-2026-7943 Insufficient validation of untrusted input in ANGLE
    CVE-2026-7944 Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache
    CVE-2026-7945 Chromium: CVE-2026-7945 Insufficient validation of untrusted input in COOP
    CVE-2026-7946 Chromium: CVE-2026-7946 Insufficient policy enforcement in WebUI
    CVE-2026-7947 Chromium: CVE-2026-7947 Insufficient validation of untrusted input in Network
    CVE-2026-7948 Chromium: CVE-2026-7948 Race in Chromoting
    CVE-2026-7949 Chromium: CVE-2026-7949 Out of bounds read in Skia
    CVE-2026-7950 Chromium: CVE-2026-7950 Out of bounds read and write in GFX
    CVE-2026-7951 Chromium: CVE-2026-7951 Out of bounds write in WebRTC
    CVE-2026-7952 Chromium: CVE-2026-7952 Insufficient policy enforcement in Extensions
    CVE-2026-7953 Chromium: CVE-2026-7953 Insufficient validation of untrusted input in Omnibox
    CVE-2026-7954 Chromium: CVE-2026-7954 Race in Shared Storage
    CVE-2026-7955 Chromium: CVE-2026-7955 Uninitialized Use in GPU
    CVE-2026-7956 Chromium: CVE-2026-7956 Use after free in Navigation
    CVE-2026-7957 Chromium: CVE-2026-7957 Out of bounds write in Media
    CVE-2026-7958 Chromium: CVE-2026-7958 Inappropriate implementation in ServiceWorker
    CVE-2026-7959 Chromium: CVE-2026-7959 Inappropriate implementation in Navigation
    CVE-2026-7960 Chromium: CVE-2026-7960 Race in Speech
    CVE-2026-7961 Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions
    CVE-2026-7962 Chromium: CVE-2026-7962 Insufficient policy enforcement in DirectSockets
    CVE-2026-7963 Chromium: CVE-2026-7963 Inappropriate implementation in ServiceWorker
    CVE-2026-7964 Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem
    CVE-2026-7965 Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools
    CVE-2026-7966 Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation
    CVE-2026-7967 Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation
    CVE-2026-7968 Chromium: CVE-2026-7968 Insufficient validation of untrusted input in CORS
    CVE-2026-7969 Chromium: CVE-2026-7969 Integer overflow in Network
    CVE-2026-7970 Chromium: CVE-2026-7970 Use after free in TopChrome
    CVE-2026-7971 Chromium: CVE-2026-7971 Inappropriate implementation in ORB
    CVE-2026-7972 Chromium: CVE-2026-7972 Uninitialized Use in GPU
    CVE-2026-7973 Chromium: CVE-2026-7973 Integer overflow in Dawn
    CVE-2026-7974 Chromium: CVE-2026-7974 Use after free in Blink
    CVE-2026-7975 Chromium: CVE-2026-7975 Use after free in DevTools
    CVE-2026-7976 Chromium: CVE-2026-7976 Use after free in Views
    CVE-2026-7977 Chromium: CVE-2026-7977 Inappropriate implementation in Canvas
    CVE-2026-7978 Chromium: CVE-2026-7978 Inappropriate implementation in Companion
    CVE-2026-7979 Chromium: CVE-2026-7979 Inappropriate implementation in Media
    CVE-2026-7980 Chromium: CVE-2026-7980 Use after free in WebAudio
    CVE-2026-7981 Chromium: CVE-2026-7981 Out of bounds read in Codecs
    CVE-2026-7982 Chromium: CVE-2026-7982 Uninitialized Use in WebCodecs
    CVE-2026-7983 Chromium: CVE-2026-7983 Out of bounds read in Dawn
    CVE-2026-7984 Chromium: CVE-2026-7984 Use after free in ReadingMode
    CVE-2026-7985 Chromium: CVE-2026-7985 Use after free in GPU
    CVE-2026-7986 Chromium: CVE-2026-7986 Insufficient policy enforcement in Autofill
    CVE-2026-7987 Chromium: CVE-2026-7987 Use after free in WebRTC
    CVE-2026-7988 Chromium: CVE-2026-7988 Type Confusion in WebRTC
    CVE-2026-7989 Chromium: CVE-2026-7989 Insufficient data validation in DataTransfer
    CVE-2026-7990 Chromium: CVE-2026-7990 Insufficient validation of untrusted input in Updater
    CVE-2026-7991 Chromium: CVE-2026-7991 Use after free in UI
    CVE-2026-7992 Chromium: CVE-2026-7992 Insufficient validation of untrusted input in UI
    CVE-2026-7993 Chromium: CVE-2026-7993 Insufficient validation of untrusted input in Payments
    CVE-2026-7994 Chromium: CVE-2026-7994 Inappropriate implementation in Chromoting
    CVE-2026-7995 Chromium: CVE-2026-7995 Out of bounds read in AdFilter
    CVE-2026-7996 Chromium: CVE-2026-7996 Insufficient validation of untrusted input in SSL
    CVE-2026-7997 Chromium: CVE-2026-7997 Insufficient validation of untrusted input in Updater
    CVE-2026-7998 Chromium: CVE-2026-7998 Insufficient validation of untrusted input in Dialog
    CVE-2026-7999 Chromium: CVE-2026-7999 Inappropriate implementation in V8
    CVE-2026-8000 Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver
    CVE-2026-8001 Chromium: CVE-2026-8001 Use after free in Printing
    CVE-2026-8002 Chromium: CVE-2026-8002 Use after free in Audio
    CVE-2026-8003 Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups
    CVE-2026-8004 Chromium: CVE-2026-8004 Insufficient policy enforcement in DevTools
    CVE-2026-8005 Chromium: CVE-2026-8005 Insufficient validation of untrusted input in Cast
    CVE-2026-8006 Chromium: CVE-2026-8006 Insufficient policy enforcement in DevTools
    CVE-2026-8007 Chromium: CVE-2026-8007 Insufficient validation of untrusted input in Cast
    CVE-2026-8008 Chromium: CVE-2026-8008 Inappropriate implementation in DevTools
    CVE-2026-8009 Chromium: CVE-2026-8009 Inappropriate implementation in Cast
    CVE-2026-8010 Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation
    CVE-2026-8011 Chromium: CVE-2026-8011 Insufficient policy enforcement in Search
    CVE-2026-8012 Chromium: CVE-2026-8012 Inappropriate implementation in MHTML
    CVE-2026-8013 Chromium: CVE-2026-8013 Insufficient validation of untrusted input in FedCM
    CVE-2026-8014 Chromium: CVE-2026-8014 Inappropriate implementation in Preload
    CVE-2026-8015 Chromium: CVE-2026-8015 Inappropriate implementation in Media
    CVE-2026-8016 Chromium: CVE-2026-8016 Use after free in WebRTC
    CVE-2026-8017 Chromium: CVE-2026-8017 Side-channel information leakage in Media
    CVE-2026-8018 Chromium: CVE-2026-8018 Insufficient policy enforcement in DevTools
    CVE-2026-8019 Chromium: CVE-2026-8019 Insufficient policy enforcement in WebApp
    CVE-2026-8020 Chromium: CVE-2026-8020 Uninitialized Use in GPU
    CVE-2026-8021 Chromium: CVE-2026-8021 Script injection in UI
    CVE-2026-8022 Chromium: CVE-2026-8022 Inappropriate implementation in MHTML
    CVE-2026-35429 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
    CVE-2026-40416 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
    CVE-2026-41107 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
    CVE-2026-42838 Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
    CVE-2026-42891 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability

    Meanwhile, there are 13 updates from Adobe, all affecting Adobe Commerce – 2.4.9, 2.4.8-p5, 2.4.7-p10, 2.4.6-p15, 2.4.5-p17, 2.4.4-p18. These are collectively addresseḍ as APSB26-49. 

    CVE-2026-34645 Incorrect Authorization (CWE-863)
    CVE-2026-34646 Incorrect Authorization (CWE-863)
    CVE-2026-34647 Server-Side Request Forgery (SSRF) (CWE-918)
    CVE-2026-34648 Uncontrolled Resource Consumption (CWE-400)
    CVE-2026-34649 Uncontrolled Resource Consumption (CWE-400)
    CVE-2026-34650 Uncontrolled Resource Consumption (CWE-400)
    CVE-2026-34651 Uncontrolled Resource Consumption (CWE-400)
    CVE-2026-34652 Dependency on Vulnerable Third-Party Component (CWE-1395)
    CVE-2026-34653 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) (CWE-22)
    CVE-2026-34654 Dependency on Vulnerable Third-Party Component (CWE-1395)
    CVE-2026-34655 Cross-site Scripting (Stored XSS) (CWE-79)
    CVE-2026-34656 Improper Authorization (CWE-285)
    CVE-2026-34658 Cross-site Scripting (Stored XSS) (CWE-79)

     

    Microsoft also issued the usual servicing stack updates this month (ADV990000).

    Finally, there is one Important-severity CVE from AMD (CVE-2025-54518, CPU OP Cache Corruption) in this month’s set; we have covered it elsewhere in this post, including in the table below. Microsoft is releasing advisory information on this issue to state that the latest builds of windows protect against this cache-corruption vulnerability.

    Appendix E: Affected Windows Server versions

    This is a table of 66 CVEs in the May release affecting Windows Server versions 2012 through 2025. The table differentiates among major versions of the platform but doesn’t go into deeper detail (eg., Server Core). An “x” indicates that the CVE does not apply to that version. We include the Important-severity, Windows-touching advisory from AMD, since the Server versions they affect are known; those are indicated in this chart in blue.

    Administrators are encouraged to use this appendix as a starting point to ascertain their specific exposure, as each reader’s situation, especially as it concerns products out of mainstream support, will vary. For specific Knowledge Base numbers, please consult Microsoft. 

    CVE

    S-12

    12r2

    S-16

    S-19

    S-22

    23h2

    S-25
    CVE-2025-54518

    ×

    ×

    CVE-2026-21530

    CVE-2026-32161

    CVE-2026-32170

    CVE-2026-32209

    CVE-2026-33834

    CVE-2026-33835

    ×

    ×

    ×

    CVE-2026-33837

    CVE-2026-33838

    CVE-2026-33839

    ×

    ×

    ×

    CVE-2026-33840

    ×

    ×

    ×

    ×

    ×

    ×

    CVE-2026-33841

    ×

    ×

    ×

    ×

    CVE-2026-34329

    CVE-2026-34330

    CVE-2026-34331

    CVE-2026-34332

    ×

    ×

    ×

    ×

    ×

    ×

    CVE-2026-34333

    CVE-2026-34334

    CVE-2026-34336

    ×

    ×

    CVE-2026-34337

    ×

    ×

    ×

    CVE-2026-34338

    CVE-2026-34339

    ×

    ×

    CVE-2026-34340

    ×

    ×

    ×

    CVE-2026-34341

    CVE-2026-34342

    CVE-2026-34343

    CVE-2026-34344

    CVE-2026-34345

    ×

    ×

    CVE-2026-34347

    CVE-2026-34350

    ×

    ×

    ×

    ×

    ×

    ×

    CVE-2026-34351

    CVE-2026-35415

    ×

    CVE-2026-35416

    CVE-2026-35417

    ×

    ×

    ×

    CVE-2026-35418

    ×

    ×

    ×

    CVE-2026-35419

    ×

    ×

    ×

    ×

    ×

    ×

    CVE-2026-35420

    CVE-2026-35421

    CVE-2026-35422

    CVE-2026-35423

    CVE-2026-35424

    CVE-2026-40369

    ×

    ×

    ×

    ×

    ×

    ×

    CVE-2026-40377

    CVE-2026-40380

    CVE-2026-40382

    CVE-2026-40397

    CVE-2026-40398

    CVE-2026-40399

    ×

    ×

    CVE-2026-40401

    CVE-2026-40402

    ×

    ×

    ×

    ×

    ×

    ×
    CVE-2026-40403

    CVE-2026-40405

    ×

    ×

    ×

    ×

    ×

    ×

    CVE-2026-40406

    CVE-2026-40407

    CVE-2026-40408

    CVE-2026-40410

    ×

    CVE-2026-40413

    CVE-2026-40414

    CVE-2026-40415

    ×

    ×

    ×

    CVE-2026-41088

    ×

    ×

    ×

    ×

    CVE-2026-41089

    CVE-2026-41095

    ×

    CVE-2026-41096

    ×

    ×

    ×

    ×

    ×

    CVE-2026-41097

    ×

    ×

    ×

    CVE-2026-42825

    CVE-2026-42896

    ×

    ×

    ×

    ×

    ×

    ×

     

    Appendix F: Common Weakness Enumeration

    As mentioned above, Microsoft now states which CWEs affect the CVEs they address. This month, we looked at which CWEs were most heavily represented in the dataset and compared them to last month’s inaugural numbers. The May dataset of 132 CVEs gave us 152 CWEs overall; 17 CVEs had two CVEs, and 3 had three CWEs. There were 49 unique CWEs, slightly more than last month’s 42. Once again CWE-416, Use After Free, leads the pack, though it accounts for just 18.42 percent of vulnerabilities rather than the commanding 28.57 percent in April’s haul. With just two months’ worth of data it’s too early to identify significant patterns yet, but we once again find ourselves looking at CWE-835 — Loop with Unreachable Exit Condition (‘Infinite Loop’) and asking why the number for that couldn’t be either zero (0) or a sideways eight (∞). 

     

    CWE Count CWE Name
    416 28 Use After Free
    122 18 Heap-based Buffer Overflow
    284 13 Improper Access Control
    362 8 Concurrent Execution using Shared Resource with Improper Synchronization (‘Race Condition’)
    476 6 NULL Pointer Dereference
    502 5 Deserialization of Untrusted Data
    190 5 Integer Overflow or Wraparound
    415 4 Double Free
    200 4 Exposure of Sensitive Information to an Unauthorized Actor
    125 4 Out-of-bounds Read
    77 4 Improper Neutralization of Special Elements used in a Command (‘Command Injection’)
    73 4 External Control of File Name or Path
    843 3 Access of Resource Using Incompatible Type (‘Type Confusion’)
    74 3 Improper Neutralization of Special Elements in Output Used by a Downstream Component (‘Injection’)
    20 3 Improper Input Validation
    1220 2 Insufficient Granularity of Access Control
    822 2 Untrusted Pointer Dereference
    552 2 Files or Directories Accessible to External Parties
    121 2 Stack-based Buffer Overflow
    94 2 Improper Control of Generation of Code (‘Code Injection’)
    79 2 Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
    1390 1 Weak Authentication
    1329 1 Reliance on Component That is Not Updateable
    918 1 Server-Side Request Forgery (SSRF)
    908 1 Use of Uninitialized Resource
    862 1 Missing Authorization
    835 1 Loop with Unreachable Exit Condition (‘Infinite Loop’)
    610 1 Externally Controlled Reference to a Resource in Another Sphere
    426 1 Untrusted Search Path
    401 1 Missing Release of Memory after Effective Lifetime
    384 1 Session Fixation
    367 1 Time-of-check Time-of-use (TOCTOU) Race Condition
    347 1 Improper Verification of Cryptographic Signature
    303 1 Incorrect Implementation of Authentication Algorithm
    288 1 Authentication Bypass Using an Alternate Path or Channel
    287 1 Improper Authentication
    285 1 Improper Authorization
    269 1 Improper Privilege Management
    250 1 Execution with Unnecessary Privileges
    197 1 Numeric Truncation Error
    191 1 Integer Underflow (Wrap or Wraparound)
    138 1 Improper Neutralization of Special Elements
    126 1 Buffer Over-read
    80 1 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
    78 1 Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’)
    59 1 Improper Link Resolution Before File Access (‘Link Following’)
    36 1 Absolute Path Traversal
    23 1 Relative Path Traversal
    22 1 Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)

     

     

     

     



    Source link

  • Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday

    Microsoft’s MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday


    Ravie LakshmananMay 13, 2026Vulnerability / Artificial Intelligence

    Microsoft has unveiled a new multi-model artificial intelligence (AI)-driven system called MDASH to facilitate vulnerability discovery and remediation at scale, adding that it’s being tested by some customers as part of a limited private preview.

    MDASH, short for multi-model agentic scanning harness, is designed as a model-agnostic system that uses bespoke AI agents for different vulnerability classes to autonomously discover, validate, and prove exploitable defects in complex codebases like Windows.

    “Unlike single-model approaches, the harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and distilled models to discover, debate, and prove exploitable bugs end-to-end,” Taesoo Kim, vice president of agentic security at Microsoft, said.

    Cybersecurity

    MDASH is envisioned as a “structured pipeline” that ingests a codebase and produces validated, proven findings through a series of actions.

    It starts with analyzing the source code to build a threat model and attack surface, running specialized “auditor” agents over candidate code paths to flag potential issues, running a second set of “debater” agents that validate the findings, grouping semantically equivalent findings, and then finally proving the existence of the vulnerabilities.

    The system is powered by a configurable panel of models, with state-of-the-art (SOTA) models used for reasoning, distilled models for validation for high-volume passes, and a second separate SOTA model for independent counterpoint.

    “Disagreement between models is itself a signal: when an auditor flags something as suspect and the debater can’t refute it, that finding’s posterior credibility goes up,” Microsoft explained. “An auditor does not reason like a debater, which does not reason like a prover. Each pipeline stage has its own role, prompt regime, tools, and stop criteria.”

    Redmond noted that the specialized agents have been constructed based on past common vulnerabilities and exposures (CVEs) and their patches. It also said the architecture allows for portability across model generations.

    MDASH has already been put to test, unearthing 16 of the vulnerabilities that were fixed in this month’s Patch Tuesday release. The shortcomings span across the Windows networking and authentication stack, including two critical flaws that could pave the way for remote code execution –

    • CVE-2026-33824 (CVSS score: 9.8) – A double-free vulnerability in “ikeext.dll” that could allow an unauthenticated attacker to send specially crafted packets to a Windows machine with Internet Key Exchange (IKE) version 2 enabled, leading to remote code execution.
    • CVE-2026-33827 (CVSS score: 8.1) – A race condition vulnerability in Windows TCP/IP (“tcpip.sys”) that allows an unauthorized attacker to send a specially crafted IPv6 packet to a Windows node where IPSec is enabled, leading to remote code execution exploitation.

    News of MDASH follows the debut of Anthropic’s Project Glasswing and OpenAI Daybreak, both of which are AI-powered cybersecurity initiatives for accelerating vulnerability discovery, validation, and remediation before they can be discovered by bad actors.

    “The strategic implication is clear: AI vulnerability discovery has crossed from research curiosity into production-grade defense at enterprise scale, and the durable advantage lies in the agentic system around the model rather than any single model itself,” Kim said.



    Source link