Patch Tuesday Delivers Game-Changing Security Fixes for 30 Critical Microsoft Vulnerabilities

Cybersecurity

With a busy patch week ahead, here’s what you need to know about Microsoft’s latest updates.

On Tuesday, Microsoft rolled out fixes for a significant list of 137 vulnerabilities, including 30 classified as critical. This month’s updates show a trend of leveraging artificial intelligence to identify a greater number of vulnerabilities, keeping IT administrators busy with patch management.

A notable outcome is the introduction of an AI-powered vulnerability-finding system, known as MDASH, responsible for identifying 16 of the issues addressed. This tool will be available to select customers in a private preview.

Let’s examine some of the vulnerabilities that earned the highest CVSS ratings:

First is CVE-2026-41096, a critical remote code execution vulnerability in the Windows DNS Client with a severity rating of 9.8. Prompt patching is recommended due to its broad applicability across Windows machines.

Another is CVE-2026-42898, affecting Microsoft Dynamics 365 on-premises systems with a rating of 9.9. It can allow an attacker with appropriate permissions to manipulate a process session, making quick deployment of patches essential.

Rounding out the high-severity issues is CVE-2026-41089, rated 9.8. This flaw allows unauthenticated remote attackers to execute code via specially crafted network requests, particularly impacting domain controllers.

The single perfect 10.0 CVSS rating applies to CVE-2026-42826, an information disclosure risk in Azure DevOps, which has already been mitigated without required user action.