Contact us
Contact us

News

About

Home Crypto News Microsoft May Patch Tuesday fixes 137 flaws, 31 critical

Microsoft May Patch Tuesday fixes 137 flaws, 31 critical

Author Whitewallet Research
Posted: 13 May 2026, 11:15 CET | Updated: 13 May 2026, 11:34 CET 2 min read

Microsoft’s May Patch Tuesday fixes 137 security flaws, 31 critical, with no zero-days observed; updates address remote code execution bugs in Word, GDI, Office, Azure and SharePoint.

Microsoft released its May Patch Tuesday security update addressing 137 vulnerabilities, 31 of them rated critical. The company reported no zero-day flaws observed exploited in the wild. The fixes cover remote code execution weaknesses across Windows services, Office, Azure, SharePoint and graphics components.

The update repairs bugs that could allow an attacker to run code if a user opens a crafted file or if a system processes a malicious service response or image. Microsoft defines a zero-day as ‘a flaw in software for which no official patch or security update is available yet’ and has not observed any of the patched issues being exploited in production environments.

Two critical vulnerabilities are highlighted for immediate attention. CVE-2026-40361 is a use-after-free vulnerability in Microsoft Word with a CVSS score of 8.4. In use-after-free flaws, software frees a block of memory but keeps a reference to it; an attacker can sometimes reuse that freed memory to change program behavior. Opening or previewing a specially crafted Word document could allow arbitrary code execution with the privileges of the current user.

CVE-2026-35421 is a heap-based buffer overflow in the Windows Graphics Device Interface (GDI) with a CVSS score of 7.8. A buffer overflow occurs when input exceeds the space allocated in memory and overwrites adjacent areas. Microsoft notes that exploitation would require opening or processing a specially crafted Enhanced Metafile (EMF) file in Microsoft Paint to trigger the affected graphics functionality. Processing such a file could lead to code execution under the current user account.

Successful code execution at the user level can enable attackers to install malware, capture credentials or move laterally inside a network. The patches close the underlying memory and graphics processing errors that allow those actions.

Patches are available through Windows Update. On individual Windows devices, users can open Settings, go to Windows Update, check for updates and restart the system to complete installation. Organizations using patch management tools should schedule deployment according to their change control processes and prioritize the critical remote code execution fixes.

Monthly Patch Tuesday releases continue to cover a wide set of Microsoft products. This release contains multiple critical RCE issues related to document handling and graphics processing, and administrators are applying the updates to reduce exposure.

Whitewallet Research
Author

Articles by this author

Malware in Pirated PC Games Steals Passwords and Crypto
Malware in Pirated PC Games Steals Passwords and Crypto
jun 8
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
Armstrong: Energy and Compute, Not Models, Will Cap AI Growth
jun 8
Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
may 30
What is a crypto seed phrase
What is a crypto seed phrase
may 25
Seed phrase vs private key
Seed phrase vs private key
may 21

Latest News

MORE
Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

Adam Back: Bitcoin won’t fire miners; Dashjr readies fork

jun 12 2 min read
Coinbase Lets AI Agents Trade Inside User-Controlled Limits

Coinbase Lets AI Agents Trade Inside User-Controlled Limits

jun 12 2 min read
Hackers Impersonate ChatGPT, Claude and DeepSeek

Hackers Impersonate ChatGPT, Claude and DeepSeek

jun 11 2 min read
Delaware advances bill to ban crypto ATMs after scam surge

Delaware advances bill to ban crypto ATMs after scam surge

jun 11 2 min read
MORE