For May, Patch Tuesday means 139 updates — but no zero-days
Microsoft this week released 139 updates affecting Windows, Office, .NET, and SQL Server (though there were no updates for Microsoft Exchange Server). Despite the absence of zero-days, the May Patch Tuesday update still requires Patch Now recommendations for Windows and Office. The combination of three unauthenticated network RCEs (Netlogon, DNS Client, and SSO Plugin for Jira and Confluence), four Word Preview Pane RCEs, the large TCP/IP vulnerability cluster, and the carry-over BitLocker recovery condition (still active on Windows 10 and Windows Server) warrants an accelerated deployment release schedule. The Readiness team suggests that testing start with internet-facing services, domain controllers, and Office endpoints. The May 2026 Assurance Security Dashboard breaks the cycle down by Microsoft product family for deployment risk assessment. (More information about recent Patch Tuesday releases is available here.) Known issues Patch Tuesday arrived this month with a clean bill of