For May, Patch Tuesday means 139 updates — but no zero-days

Microsoft delivered fixes for issues affecting everything from Windows to Office, .NET, and SQL Server, and several patches ...
SecurityWeek

Microsoft Patches 137 Vulnerabilities

Microsoft has released patches for 137 vulnerabilities across its products, including critical remote code execution flaws.
Tech Times

Exchange Server OWA Zero-Day CVE-2026-42897 Exploited With No Permanent Patch and New Mitigation Gaps

Microsoft confirmed on May 14 that CVE-2026-42897 — a cross-site scripting flaw in the Outlook Web Access component of Exchange Server 2016, 2019, and Subscription Edition — is under active ...
SecurityWeek

Microsoft Warns of Exchange Server Zero-Day Exploited in the Wild

Microsoft is working to patch CVE-2026-42897, an Exchange Server zero-day vulnerability that has been exploited in attacks.
The Hacker News

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email

Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come ...
PC Tech Magazine

Stop Patching Everything: A Smarter Way to Handle Vulnerabilities

Most businesses eventually run into the same problem after deploying vulnerability scanners for the first time.
winbuzzer.com

Microsoft May 2026 Patch Tuesday Fixes 120 Flaws, No Zero-Days

Microsoft released fixes for 120 vulnerabilities on May 12 without disclosing any zero-days. Enterprise defenders still have to triage a broad set of risks touching document handling, identity ...