Critical Microsoft Word Vulnerabilities Enable Remote Execution

EXECUTIVE SUMMARY:

Multiple security vulnerabilities have been identified in various Microsoft products and services, including Windows Hyper-V, .NET, M365 Copilot, and the Windows Kernel. This advisory highlights critical Remote Code Execution and Elevation of Privilege vulnerabilities that could allow attackers to execute code remotely or elevate their privileges, posing a significant risk to business operations. The impact of these vulnerabilities could result in unauthorized data access, system compromise, and potential financial losses. Affected versions include Windows Hyper-V, .NET, M365 Copilot, and the Windows Kernel, as well as the Chromium-based Edge browser.[emaillocker id="1283"]

• CVE-2026-41089 with a CVSS score of 9.8 – A stack-based buffer overflow in Windows Netlogon could allow an unauthenticated attacker to execute code over the network by sending a specially crafted request to a server acting as a Domain Controller.
• CVE-2026-40364 with a CVSS score of 9.4 – Microsoft Word and Office were hit with several RCE flaws stemming from type confusion and use-after-free vulnerabilities, allowing attackers to execute code remotely if a user opens a malicious file.
• CVE-2026-41103 with a CVSS score of 9.9 – A critical flaw in the Microsoft SSO Plugin for Jira & Confluence could allow an unauthenticated attacker to send a crafted SSO response, tricking the system into accepting a forged identity, potentially granting full access to sensitive project management data.
• CVE-2026-26129 with a CVSS score of 7.5 – Information Disclosure flaws in M365 Copilot could allow attackers to siphon data over the network by exploiting improper neutralization of special elements.
• CVE-2026-40402 with a CVSS score of 8.6 – A use-after-free vulnerability in Hyper-V could allow an attacker to jump from a guest or local environment to gain full SYSTEM privileges.
• CVE-2026-35435 with a CVSS score of 7.8 – An access-control flaw in Azure AI Foundry published agents allows unauthenticated attackers to elevate their privileges across the network.

The identified vulnerabilities pose a significant risk to business operations, and immediate action is required to prevent unauthenticated network attacks. If exploited, these vulnerabilities could result in unauthorized data access, system compromise, and potential financial losses.

RECOMMENDATION:

• We recommend you to update Windows to below version link:
• For CVE-2026-41089 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089
• For CVE-2026-40364 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364
• For CVE-2026-40361 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361
• For CVE-2026-35421 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35421
• For CVE-2026-41103 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103
• For CVE-2026-26129 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26129
• For CVE-2026-26164 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26164
• For CVE-2026-35435 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35435
• For CVE-2026-40402 - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40402

REFERENCES:

The following reports contain further technical details:
https://securityonline.info/microsoft-patch-tuesday-may-2026-netlogon-rce-sso-bypass/