TENABLE BLOG
Microsoft’s May 2026 Patch Tuesday Addresses 118 CVEs (CVE-2026-41103)
CRITICAL Microsoft Patch Tuesday Windows Server Microsoft Office RCE CVSS 8.4
Strategische Zusammenfassung
118 CVEs in Patch Tuesday mit mehreren kritischen RCE-Schwachstellen in Word und Windows-Komponenten erfordern zügige Patch-Planung für die unternehmensweite Windows Server 2022/2019 und Microsoft 365-Infrastruktur.
Relevanz für dich
118 CVEs in Patch Tuesday mit mehreren kritischen RCE-Schwachstellen in Word und Windows-Komponenten erfordern zügige Patch-Planung für die unternehmensweite Windows Server 2022/2019 und Microsoft 365-Infrastruktur.
Erwähnte CVEs
Risk Score
100
- cvss base
- 91.00
- kev bonus
- 0.00
- epss bonus
- 0.00
- poc bonus
- 15.00
- raw before weight
- 106.00
- industry weight
- 1.56
- freshness factor
- 1.00
- days old
- 0.00
Pfad: operational
MITRE ATT&CK Mapping
4 TTPs Recon
Resource Dev
Execution
T1203 Exploitation for Client Execution Persistence
Priv. Escal.
T1068 Exploitation for Privilege Escalation Def. Evasion
Cred. Access
Discovery
Lateral Mov.
Collection
C2
Exfiltration
Impact
Procedure-Details
| Technik | Tactic | Procedure | Conf. | Quelle |
|---|---|---|---|---|
| T1203 Exploitation for Client Execution | Execution | Attackers exploit RCE vulnerabilities in Microsoft Word (CVE-2026-40361, CVE-2026-40364, CVE-2026-40366, CVE-2026-40367) by sending malicious files to targets, with the Preview Pane also serving as an attack vector, granting code execution privileges upon successful exploitation. | high | llm |
| T1566.001 Spearphishing Attachment | Initial Access | Attackers exploit Microsoft Word RCE vulnerabilities through social engineering by sending malicious files to intended targets, enabling code execution upon opening or previewing the attachment. | high | llm |
| T1068 Exploitation for Privilege Escalation | Privilege Escalation | CVE-2026-41103, a critical elevation of privilege vulnerability (CVSSv3 9.1) affecting Microsoft Single-Sign-On Plugin for Jira & Confluence, is exploited to gain elevated privileges on affected systems. | high | llm |
| T1189 Drive-by Compromise | Initial Access | Microsoft Word vulnerabilities (CVE-2026-40361, CVE-2026-40364, CVE-2026-40366, CVE-2026-40367) identify the Preview Pane as an attack vector, allowing exploitation without explicitly opening a malicious file. | medium | llm |