Overview
- Microsoft’s monthly update, released Tuesday, addresses 137 vulnerabilities across Windows, Office, Azure and other products with none confirmed exploited in the wild.
- Two Microsoft Word remote code execution bugs (CVE-2026-40361 and CVE-2026-40364) can trigger just by viewing a malicious file in the Preview Pane, prompting researchers to call for immediate updates.
- A critical Single Sign-On plugin flaw for Jira and Confluence (CVE-2026-41103) could grant higher privileges due to an authentication algorithm error, raising concern for enterprises that tie Microsoft identities to Atlassian tools.
- High-risk issues in Windows Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096) could allow remote code execution without a login in certain scenarios, and experts advise fast patching and tighter network controls on domain controllers.
- Updates ship as Windows 11 KB5089549 and KB5087420 plus Windows 10 ESU KB5087544, and Microsoft notes some devices may prompt for a BitLocker recovery key after updating with guidance to adjust Group Policy as a workaround.