Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202605-00000007

[Content Description]
Microsoft has released its May 2026 security updates, patching 139 vulnerabilities. These include 30 high-risk vulnerabilities and 1 actively exploited vulnerability. Please review and apply the patches as soon as possible.

[Influence Platform]
[Products with high-risk vulnerabilities]
ASP.NET Core
Azure AI Foundry M365 published agents
Azure Cloud Shell
Azure Connected Machine Agent
Azure DevOps
Azure Entra ID
Azure Logic Apps
Azure Machine Learning
Azure Managed Instance for Apache Cassandra
Azure Monitor Agent
Azure Notification Service
Azure SDK
Copilot Chat (Microsoft Edge)
Data Deduplication
Dynamics Business Central
GitHub Copilot and Visual Studio
M365 Copilot
M365 Copilot for Desktop
Microsoft Authenticator
Microsoft Data Formulator
Microsoft Dynamics 365 Customer Insights
Microsoft Dynamics 365 (on-premises)
Microsoft Edge (Chromium-based)
Microsoft Edge for Android
Microsoft Exchange Server
Microsoft Office
Microsoft Office Click-To-Run
Microsoft Office Excel
Microsoft Office PowerPoint
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Partner Center
Microsoft SSO Plugin for Jira ＆ Confluence
Microsoft Teams
Microsoft Windows DNS
.NET
Power Automate
SQL Server
Telnet Client
Visual Studio Code
Windows Admin Center
Windows Ancillary Function Driver for WinSock
Windows Application Identity (AppID) Subsystem
Windows Cloud Files Mini Filter Driver
Windows Common Log File System Driver
Windows Cryptographic Services
Windows DWM Core Library
Windows Event Logging Service
Windows Filtering Platform (WFP)
Windows GDI
Windows Hyper-V
Windows Internet Key Exchange (IKE) Protocol
Windows Kernel
Windows Kernel - Mode Drivers
Windows LDAP - Lightweight Directory Access Protocol
Windows LLDP
Windows Message Queuing
Windows Native WiFi Miniport Driver
Windows Netlogon
Windows Print Spooler Components
Windows Projected File System
Windows Remote Desktop
Windows Rich Text Edit
Windows Rich Text Edit Control
Windows Secure Boot
Windows SMB Client
Windows Storage Spaces Controller
Windows Storport Miniport Driver
Windows TCP/IP
Windows Telephony Service
Windows Volume Manager Extension Driver
Windows Win32K – GRFX
Windows Win32K - ICOMP

[Recommended Actions]
Microsoft has released a patch to address this vulnerability. Organizations can contact their system maintenance vendors or refer to the following link: https://msrc.microsoft.com/update-guide/releaseNote/2026-May

[References]
1. https://msrc.microsoft.com/update-guide/releaseNote/2026-May