Microsoft addresses 137 vulnerabilities in May\u2019s Patch Tuesday, including 13 rated critical | CyberScoop<\/title> <meta name=\"description\" content=\"The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-may-2026\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Microsoft addresses 137 vulnerabilities in May\u2019s Patch Tuesday, including 13 rated critical\"> <meta property=\"og:description\" content=\"The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-may-2026\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-12T21:00:37+00:00\"> <meta property=\"article:modified_time\" content=\"2026-05-12T21:00:39+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1778262878g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1778005960g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88971\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88971\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-may-2026%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmicrosoft-patch-tuesday-may-2026%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88971 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-may-2026\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.736440677966\">\n<div class=\"single-article__header-content\" readability=\"34.697872340426\">\n<p> The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/88971\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Microsoft Romania headquarters in City Gate Towers situated in Free Press Square, in Bucharest, Romania. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"33.181818181818\"><body readability=\"69.472310405644\"><\/p>\n<p>Microsoft addressed another triple-digit batch of vulnerabilities cutting across its various enterprise products, components and underlying systems. Yet despite the high number of defects, the vendor reported no actively exploited zero-days in this month\u2019s <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2026-May\">Patch Tuesday update<\/a>.<\/p>\n<p>Thirteen of the 137 vulnerabilities Microsoft disclosed were assigned critical CVSS ratings, including a pair of vulnerabilities affecting Azure \u2014 <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-33109\">CVE-2026-33109<\/a> and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-42823\">CVE-2026-42823<\/a> \u2014 and <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2026-42898\">CVE-2026-42898<\/a> in Microsoft Dynamics 365 with 9.9 CVSS scores. <\/p>\n<p>The company designated 13 vulnerabilities as more likely to be exploited, and 113 defects as less likely or unlikely to be exploited.<\/p>\n<p>The high volume of vulnerabilities reflects a growing trend researchers have been anticipating as artificial intelligence models are deployed to find previously uncovered defects in code. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While not all of these bugs were found by AI, it\u2019s likely they had an AI-related component \u2014 even if it was just AI writing the submission,\u201d Dustin Childs, head of threat awareness at Trend Micro\u2019s Zero Day Initiative, wrote in a <a href=\"https:\/\/www.zerodayinitiative.com\/blog\/2026\/5\/12\/the-may-2026-security-update-review\">blog post<\/a> Tuesday.<\/p>\n<p>Childs was especially intrigued by <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-41096\">CVE-2026-41096<\/a>, which he described as a \u201cnasty-looking bug\u201d in Microsoft Windows DNS that allows unauthorized attackers to run code remotely. <\/p>\n<p>\u201cNo authentication or user interaction needed, and since the DNS Client runs on virtually every Windows machine, the attack surface is enormous. An attacker with a position to influence DNS responses could achieve unauthenticated remote-code execution across your enterprise,\u201d he added. <\/p>\n<p>Childs also described <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2026-41089\">CVE-2026-41089<\/a>, a Windows Netlogon defect that allows unauthenticated remote attackers to run code, as the \u201chighest-impact bug that requires immediate patching,\u201d adding that a \u201ccompromised domain controller is a compromised domain.\u201d<\/p>\n<p>Jack Bicer, director of vulnerability research at Action1, called out CVE-2026-42898, the critical vulnerability affecting Microsoft Dynamics 365. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWith no user interaction required, and the potential to impact systems beyond the vulnerable component\u2019s original security scope, this vulnerability poses serious enterprise risk: an attacker with only basic access could turn a business application server into a remote execution platform,\u201d he said in a blog post.<\/p>\n<p>\u201cCompromise of Dynamics 365 infrastructure can expose customer records, operational workflows, financial information, and integrated business systems. Since CRM environments often connect with identity services, databases, and enterprise applications, successful exploitation could lead to broader organizational compromise and operational disruption,\u201d Bicer added.<\/p>\n<p>The full list of vulnerabilities addressed this month is available in <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/releaseNote\/2026-May\">Microsoft\u2019s Security Response Center<\/a>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.1437282229965\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-may-2026\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft addresses 137 vulnerabilities in May\u2019s Patch Tuesday, including 13<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3885,78,625,4816,2660,256,3587,288,3172,2281,703,2390,2759,3941],"tags":[3886,86,630,4817,2662,262,3589,294,3174,2283,705,2394,2760,3946],"class_list":["post-8634","post","type-post","status-publish","format-standard","hentry","category-action1","category-cybersecurity","category-microsoft","category-patch-management","category-patch-tuesday","category-research","category-security-patch","category-threats","category-trend-micro","category-vulnerability","category-vulnerability-disclosure","category-vulnerability-management","category-vulnerability-reporting","category-zero-day-initiative","tag-action1","tag-cybersecurity","tag-microsoft","tag-patch-management","tag-patch-tuesday","tag-research","tag-security-patch","tag-threats","tag-trend-micro","tag-vulnerability","tag-vulnerability-disclosure","tag-vulnerability-management","tag-vulnerability-reporting","tag-zero-day-initiative"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/action1\/\" rel=\"category tag\">Action1<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patch-management\/\" rel=\"category tag\">patch management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/patch-tuesday\/\" rel=\"category tag\">Patch Tuesday<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/security-patch\/\" rel=\"category tag\">security patch<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trend-micro\/\" rel=\"category tag\">Trend Micro<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability\/\" rel=\"category tag\">vulnerability<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-disclosure\/\" rel=\"category tag\">vulnerability disclosure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-management\/\" rel=\"category tag\">Vulnerability Management<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/vulnerability-reporting\/\" rel=\"category tag\">vulnerability reporting<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-day-initiative\/\" rel=\"category tag\">Zero Day Initiative<\/a>","tag_info":"Zero Day Initiative","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8634"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8634\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8634"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8634,"date":"2026-05-12T16:00:37","date_gmt":"2026-05-12T21:00:37","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88971"},"modified":"2026-05-12T16:00:37","modified_gmt":"2026-05-12T21:00:37","slug":"microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/12\/microsoft-addresses-137-vulnerabilities-in-mays-patch-tuesday-including-13-rated-critical\/","title":{"rendered":"Microsoft addresses 137 vulnerabilities in May\u2019s Patch Tuesday, including 13 rated critical"},"content":{"rendered":"