Today is Microsoft's May 2026 Patch Tuesday, with security updates for 120 flaws and no zero-days disclosed. This Patch Tuesday addresses 17 "Critical" vulnerabilities, 14 of which are remote code execution, 2 are elevation of privilege, and 1 is an information disclosure flaw. The number of bugs in each vulnerability category is listed below: When BleepingComputer reports on Patch Tuesday security updates, we only count those released by Microsoft today. Therefore, the number of flaws does not include flaws in Mariner, Azure, Copilot, Microsoft Teams, and Microsoft Partner Center that were fixed by Microsoft earlier this month. There were also 131 Microsoft Edge/Chromium flaws that were fixed by Google this month, which were excluded. To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5089549 & KB5087420 cumulative updates and the Windows 10 KB5087544 extended security update. Microsoft has not disclosed any zero-day vulnerabilities in this month's Patch Tuesday. However, there are some vulnerabilities fixed today that IT and security admins should be aware of. As part of today's updates, Microsoft has fixed numerous vulnerabilities in Microsoft Office, Word, and Excel that could lead to remote code execution. These flaws are exploited by opening malicious files, which can result in remote code execution. As many of these can be exploited via the preview pane, it is strongly advised to update Microsoft Office as soon as possible, especially if they commonly receive attachments. A list of the Microsoft Office, Word, and Excel flaws can be found in our May 2026 Patch Tuesday report.