Microsoft has released security updates for its products, addressing a total of 137 vulnerabilities. The company disclosed these patches on Tuesday, emphasizing that none of the vulnerabilities are currently being exploited in the wild.
Potential Exploitation Risks
Among the patched vulnerabilities, around twelve have been identified as having a high likelihood of exploitation. This indicates that cybercriminals might target these flaws in future attacks. The most critical of these is CVE-2026-41103, a severe flaw in the Microsoft SSO Plugin for Jira & Confluence, which could lead to privilege escalation due to improper authentication algorithm implementation.
In addition to this, Microsoft has highlighted high-risk privilege escalation vulnerabilities in several components, including Windows Remote Desktop and Windows Kernel. These vulnerabilities pose significant security risks if left unpatched.
Remote Code Execution Concerns
Two high-severity vulnerabilities in Microsoft Word (CVE-2026-40364 and CVE-2026-40361), each with a CVSS score of 8.4, have been addressed. The first involves type confusion, while the second pertains to a use-after-free error. According to Satnam Narang, a senior staff research engineer at Tenable, these vulnerabilities could potentially be exploited through malicious documents, even if the document is merely viewed in the Preview Pane, underscoring the importance of timely patching.
Additional Microsoft Word vulnerabilities were also fixed this month, although they are considered less likely to be exploited. The Office suite saw over two dozen vulnerabilities resolved in this update.
Broad Range of Security Fixes
In this patch release, Microsoft also issued fixes for critical vulnerabilities in Dynamics 365 (on-premises), Azure Logic Apps, Windows DNS, and other platforms. The security updates extend to high-severity flaws in various Microsoft products, including Copilot, .NET, and Azure services.
Adobe, on the same day, addressed 52 vulnerabilities across ten products, including some critical code execution flaws, reinforcing the need for comprehensive security measures across different software.
These updates are crucial for maintaining cybersecurity integrity, and organizations are encouraged to apply the patches promptly to safeguard against potential threats.
