Overview
- Microsoft shipped fixes for 137 vulnerabilities across Windows, Office, Azure and other products, reported no active attacks, and marked about a dozen issues as more likely to be exploited.
- The highest-risk flaw is CVE-2026-41103 in the Microsoft SSO Plugin for Jira and Confluence, where a misapplied authentication algorithm could let an attacker gain elevated privileges.
- Two Microsoft Word bugs, CVE-2026-40361 and CVE-2026-40364, enable remote code execution and can fire from the Preview Pane, so a user may not need to open a malicious file.
- Experts singled out a Windows Netlogon buffer overflow (CVE-2026-41089) that could allow remote code execution on domain controllers without sign-in and warned that a DNS Client bug (CVE-2026-41096) could put many Windows machines at risk.
- Adobe released fixes for 52 vulnerabilities across 10 products the same day, underscoring the need for coordinated patching across widely used software.