Critical vulnerabilities in Windows Server’s networking and identity infrastructure, as well as a serious hole in Microsoft Dynamics 365 on-premises version, highlight Microsoft’s May Patch Tuesday fixes.
They are among the 118 vulnerabilities identified this month by the company. Some in cloud-based services like Azure and Microsoft Teams have already been fixed, so no admin action is needed.
But among the most severe that CSOs need to pay attention to is yet another hole in Windows Netlogon service, CVE-2026-41089, which has a CVSS score of 9.8. It requires no authentication or user interaction to be exploited.
Netlogon vulnerabilities date back to at least 2020, when a vulnerability dubbe...