May 2026 Patch Tuesday: Updates and Analysis | CrowdStrike BLOG Featured Now Live: The CrowdStrike 2026 Financial Services Threat Landscape Report May 14, 2026 Falcon AIDR Detects Threats at the Prompt Layer in Kubernetes AI Applications May 13, 2026 May 2026 Patch Tuesday: 30 Critical Vulnerabilities Among 130 CVEs May 12, 2026 Inside CrowdStrike Automated Leads: A Transformative Approach to Threat Detections May 11, 2026 Recent Video Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019 Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VIDEO] Feb 21, 2019 Analyzing Targeted Intrusions Through the ATT&CK Framework Lens [VIDEO] Jan 22, 2019 Qatar’s Commercial Bank Chooses CrowdStrike Falcon®: A Partnership Based on Trust [VIDEO] Aug 20, 2018 Category Agentic SOC How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem 03/25/26 CrowdStrike Services and Agentic MDR Put the Agentic SOC in Reach 03/24/26 4 Ways Businesses Use CrowdStrike Charlotte AI to Transform Security Operations 03/12/26 Inside the Human-AI Feedback Loop Powering CrowdStrike’s Agentic Security 02/10/26 Cloud & Application Security 05/13/26 CrowdStrike Named a Leader in Frost & Sullivan 2026 Radar for Cloud-Native Application Protection Platforms 04/27/26 CrowdStrike Expands Real-Time Cloud Detection and Response to Google Cloud 04/22/26 CrowdStrike Falcon Cloud Security Delivered 264% ROI Through Unified Cloud Protection Threat Hunting & Intel 05/14/26 CrowdStrike Named a Leader in the First-Ever Gartner® Magic Quadrant™ for Cyberthreat Intelligence Technologies 05/06/26 CrowdStrike Launches Falcon OverWatch for Defender 05/05/26 Tune In: The Future of AI-Powered Vulnerability Discovery 05/01/26 Endpoint Security & XDR 05/11/26 CrowdStrike Falcon Platform Achieves 441% ROI in Three Years 04/21/26 Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management 04/01/26 Enhanced Network Visibility: A Dive into the Falcon macOS Sensor's New Capabilities 03/11/26 Engineering & Tech EMBER2024: Advancing the Training of Cybersecurity ML Models Against Evasive Malware 09/03/25 Falcon Platform Prevents COOKIE SPIDER’s SHAMOS Delivery on macOS 08/20/25 CrowdStrike’s Approach to Better Machine Learning Evaluation Using Strategic Data Splitting 08/11/25 CrowdStrike Researchers Develop Custom XGBoost Objective to Improve ML Model Release Stability 03/20/25 Executive Viewpoint Frontier AI Is Collapsing the Exploit Window.
Here’s How Defenders Must Respond. 04/20/26 Frontier AI for Defenders: CrowdStrike and OpenAI TAC 04/16/26 Anthropic Claude Mythos Preview: The More Capable AI Becomes, the More Security It Needs 04/06/26 The Architecture of Agentic Defense: Inside the Falcon Platform 01/16/26 From The Front Lines CrowdStrike Technical Risk Assessments Reveal Common Exposure Patterns 05/04/26 Introducing the CrowdStrike Shadow AI Visibility Service CrowdStrike Flex for Services Expands Access to Elite Security Expertise From Scanner to Stealer: Inside the trivy-action Supply Chain Compromise 03/20/26 Next-Gen Identity Security Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse 03/31/26 CrowdStrike FalconID Brings Phishing-Resistant MFA to Falcon Next-Gen Identity Security 02/26/26 CrowdStrike Named a Customers’ Choice in 2026 Gartner® Peer Insights™ Voice of the Customer for User Authentication 02/12/26 CrowdStrike to Acquire Seraphic to Secure Work in Any Browser 01/13/26 Next-Gen SIEM & Log Management Falcon Next-Gen SIEM Supports Third-Party EDR Tools, Starting with Microsoft Defender 03/23/26 Falcon Next-Gen SIEM Simplifies Onboarding with Sensor-Native Log Collection 03/06/26 Exposing Insider Threats through Data Protection, Identity, and HR Context 02/18/26 How to Scale SOC Automation with Falcon Fusion SOAR 02/11/26 Public Sector CrowdStrike Innovates to Modernize National Security and Protect Critical Systems 03/18/26 Falcon Platform for Government Now Offers Falcon for XIoT to Secure Connected Assets CrowdStrike Achieves FedRAMP® High Authorization 03/19/25 NHS Matures Healthcare Cybersecurity with NCSC’s CAF Assurance Model 03/13/25 Exposure Management 05/12/26 April 2026 Patch Tuesday: Two Zero-Days and Eight Critical Vulnerabilities Among 164 CVEs 04/14/26 How CrowdStrike Is Accelerating Exposure Evaluation as Adversaries Gain Speed 04/05/26 March 2026 Patch Tuesday: Eight Critical Vulnerabilities and Two Publicly Disclosed Among 82 CVEs Patched 03/10/26 Securing AI CrowdStrike Expands ChatGPT Enterprise Integration with Enhanced Audit Logging and Activity Monitoring 04/28/26 New CrowdStrike Innovations Secure AI Agents and Govern Shadow AI Across Endpoints, SaaS, and Cloud Secure Homegrown AI Agents with CrowdStrike Falcon AIDR and NVIDIA NeMo Guardrails 03/19/26 Introducing "AI Unlocked: Decoding Prompt Injection," a New Interactive Challenge Data Security Falcon Data Security Secures Data Wherever It Lives and Moves Falcon Data Protection for Cloud Extends DSPM into Runtime 11/20/25 CrowdStrike Stops GenAI Data Leaks with Unified Data Protection 09/18/25 Q&A: How Mastronardi Produce Secures Innovation with CrowdStrike 02/14/25 Start Free Trial Falcon Exposure Management Team Microsoft has addressed 130 vulnerabilities in its May 2026 security update release, fewer than April’s 164 vulnerabilities.
This month's patches include fixes for 30 Critical vulnerabilities, along with 100 additional vulnerabilities of varying severity levels. May 2026 Risk Analysis This month's leading risk types by exploitation technique are elevation of privilege with 61 patches (47%), remote code execution (RCE) with 31 patches (24%), and information disclosure with 15 (11%). Figure 1. Breakdown of May 2026 Patch Tuesday exploitation techniques Microsoft Windows received the most patches this month with 66, followed by Office with 24 and Azure with 16.
Figure 2. Breakdown of product families affected by May 2026 Patch Tuesday Critical Vulnerability in Azure DevOps CVE-2026-42826 is a Critical information disclosure vulnerability affecting Azure DevOps and has a CVSS score of 10 . This vulnerability allows unauthenticated remote attackers to disclose sensitive information over a network through an exposure of sensitive information flaw (CWE-200). Microsoft has proactively remediated this vulnerability within the cloud infrastructure without requiring any customer intervention.
Table 1. Critical vulnerability in Azure DevOps Severity CVSS Score CVE Description Action Required? Critical 10 CVE-2026-42826 Microsoft Azure DevOps Information Disclosure Vulnerability No Critical Vulnerabilities in Azure Managed Instance for Apache Cassandra CVE-2026-33109 CVE-2026-33844 RCE vulnerabilities affecting Azure Managed Instance for Apache Cassandra, with scores of 9.0 , respectively. Azure Managed Instance for Apache Cassandra is a fully managed cloud service for deploying and scaling Apache Cassandra clusters; RCE vulnerabilities in this service could allow attackers to compromise sensitive data workloads and underlying infrastructure.
An improper access control flaw (CVE-2026-33109) allows low-privileged remote attackers to execute arbitrary code with no user interaction required. An improper input validation flaw (CVE-2026-33844) similarly allows low-privileged remote attackers to execute code, though user interaction is required. Microsoft has proactively remediated these vulnerabilities within its cloud infrastructure without requiring any customer intervention.
Table 2. Critical vulnerabilities in Azure Managed Instance for Apache Cassandra Severity CVSS Score CVE Description Action Required? Critical 9.9 CVE-2026-33109 Azure Managed Instance for Apache Cassandra RCE Vulnerability No Critical 9.0 CVE-2026-33844 Azure Managed Instance for Apache Cassandra RCE Vulnerability No Critical Vulnerability in Microsoft Dynamics 365 On-Premises CVE-2026-42898 RCE vulnerability affecting Microsoft Dynamics 365 (on-premises) and has a 9.9 .
A code injection flaw (CWE-94) allows any authenticated remote attacker to execute code over a network with no user interaction required. An attacker could exploit this by modifying the saved state of a process session in Dynamics CRM and triggering the system to process that data, causing the server to unintentionally execute malicious code. An official fix is available for customers to deploy. Table 3.
Critical vulnerability in Microsoft Dynamics 365 On-Premises Severity CVSS Score CVE Description Action Required? Critical 9.9 CVE-2026-42898 Microsoft Dynamics 365 On-Premises RCE Vulnerability Yes Critical Vulnerability in Windows Netlogon CVE-2026-41089 RCE vulnerability affecting Windows Netlogon and has a 9.8 . A stack-based buffer overflow flaw (CWE-121) allows unauthenticated remote attackers to execute code with no user interaction and low attack complexity.
An attacker could send a specially crafted network request to a Windows server running as a domain controller, causing the Netlogon service to improperly handle the request and execute malicious code without requiring any prior access or credentials. An official fix is available for customers to deploy. Table 4. Critical vulnerability in Windows Netlogon Severity CVSS Score CVE Description Action Required?
Critical 9.8 CVE-2026-41089 Windows Netlogon RCE Vulnerability Yes Critical Vulnerability in Windows DNS Client CVE-2026-41096 RCE vulnerability affecting the Windows DNS Client and has a 9.8 . A heap-based buffer overflow flaw (CWE-122) allows unauthenticated remote attackers to execute code with no user interaction and low attack complexity. An attacker could send a specially crafted DNS response to a vulnerable Windows system, causing the DNS Client to incorrectly process the response and corrupt memory, potentially enabling RCE without authentication.
While the Windows DNS Client is present on virtually all Windows workstations and servers, practical exploitation requires an attacker to be in a position to intercept or respond to a system's DNS requests, such as through DNS spoofing, a rogue DNS server, or a machine-in-the-middle position on the network, which represents a meaningful prerequisite to exploitation. An official fix is available for customers to deploy.
Table 5. Critical vulnerability in Windows DNS Client Severity CVSS Score CVE Description Action Required? Critical 9.8 CVE-2026-41096 Windows DNS Client RCE Vulnerability Yes Critical Vulnerability in Microsoft Teams Events Portal CVE-2026-33823 information disclosure vulnerability affecting the Microsoft Teams Events Portal and has a 9.6 . An improper authorization flaw (CWE-285) allows low-privileged remote attackers to disclose sensitive information over a network with no user interaction and low attack complexity.
Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 6. Critical vulnerability in Microsoft Teams Events Portal Severity CVSS Score CVE Description Action Required? Critical 9.6 CVE-2026-33823 Microsoft Teams Events Portal Information Disclosure Vulnerability No Critical Spoofing Vulnerability in Azure Cloud Shell CVE-2026-35428 spoofing vulnerability affecting Azure Cloud Shell and has a 9.6 .
A command injection flaw (CWE-77) allows unauthenticated remote attackers to perform spoofing over a network. The vulnerability requires user interaction and has a changed scope with high confidentiality, integrity, and availability impact. Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 7. Critical vulnerability in Azure Cloud Shell Severity CVSS Score CVE Description Action Required?
Critical 9.6 CVE-2026-35428 Azure Cloud Shell Spoofing Vulnerability No Critical Spoofing Vulnerability in Microsoft Enterprise Security Token Service CVE-2026-40379 spoofing vulnerability affecting Microsoft Enterprise Security Token Service (ESTS) and has a 9.3 . An exposure of sensitive information flaw (CWE-200) in Azure Entra ID allows unauthenticated remote attackers to perform spoofing over a network.
ESTS is the underlying token issuance infrastructure for Microsoft Entra ID (formerly Azure AD), responsible for authenticating users and issuing security tokens across Microsoft cloud services. A spoofing vulnerability here could allow attackers to impersonate users or services across any platform relying on Entra ID authentication. The vulnerability requires user interaction and has a changed scope with high confidentiality and integrity impact.
Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 8. Critical vulnerability in Microsoft Enterprise Security Token Service Severity CVSS Score CVE Description Action Required? Critical 9.3 CVE-2026-40379 Microsoft ESTS Spoofing Vulnerability No Critical Elevation of Privilege Vulnerability in Windows Hyper-V CVE-2026-40402 elevation of privilege vulnerability affecting Windows Hyper-V and has a 9.3 .
A use-after-free flaw (CWE-416) allows a low-privileged guest VM to elevate privileges and gain access to the Hyper-V host environment. A guest VM could exploit this by forcing the Hyper-V host's kernel to read from an arbitrary address, potentially allowing the attacker to traverse the guest's security boundary. In most circumstances, this would result in a denial of service of the host; however, exploitation could also trigger hardware device-specific side effects that may further compromise host security.
An official fix is available for customers to deploy. Table 9. Critical vulnerability in Windows Hyper-V Severity CVSS Score CVE Description Action Required? Critical 9.3 CVE-2026-40402 Windows Hyper-V Elevation of Privilege Vulnerability Yes Critical Elevation of Privilege Vulnerability in Microsoft SSO Plugin for Jira and Confluence CVE-2026-41103 elevation of privilege vulnerability affecting the Microsoft SSO Plugin for Jira and Confluence and has a 9.1 .
An incorrect implementation of an authentication algorithm (CWE-303) allows unauthenticated remote attackers to elevate privileges with no user interaction and low attack complexity. The Microsoft SSO Plugin enables organizations to use Microsoft Entra ID as an identity provider for Atlassian Jira and Confluence; an authentication bypass in this plugin could allow attackers to impersonate users across these platforms.
An attacker could send a specially crafted single sign-on (SSO) response during the login process to forge an identity, bypassing Microsoft Entra ID authentication entirely and gaining unauthorized access to Jira or Confluence with the permissions of the compromised account. An official fix is available for customers to deploy. Table 10. Critical vulnerability in Microsoft SSO Plugin for Jira and Confluence Severity CVSS Score CVE Description Action Required?
Critical 9.1 CVE-2026-41103 Microsoft SSO Plugin for Jira and Confluence Elevation of Privilege Vulnerability Yes Critical Spoofing Vulnerability in Azure Machine Learning Notebook CVE-2026-32207 spoofing vulnerability affecting Azure Machine Learning Notebook and has a 8.8 . A cross-site scripting flaw (CWE-79) allows unauthenticated remote attackers to perform spoofing over a network. Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention.
Table 11. Critical vulnerability in Azure Machine Learning Notebook Severity CVSS Score CVE Description Action Required? Critical 8.8 CVE-2026-32207 Azure Machine Learning Notebook Spoofing Vulnerability No Critical RCE Vulnerability in Windows Graphics Device Interface CVE-2026-35421 RCE vulnerability affecting Windows Graphics Device Interface (GDI) and has a 7.8 . GDI is a core Windows component responsible for rendering graphics and formatted text to display and print devices; it natively processes Enhanced Metafile (EMF) files, a Windows graphics format used to store vector and bitmap image data.
A heap-based buffer overflow flaw (CWE-122) allows unauthenticated attackers to execute code locally on a target system. Exploitation requires a user to open a specially crafted EMF file in Microsoft Paint. An official fix is available for customers to deploy. Table 12. Critical vulnerability in Windows Graphics Device Interface Severity CVSS Score CVE Description Action Required? Critical 7.8 CVE-2026-35421 Windows GDI RCE Vulnerability Yes Critical RCE Vulnerability in Windows Native WiFi Miniport Driver CVE-2026-32161 RCE vulnerability affecting the Windows Native WiFi Miniport Driver and has a 7.5 .
The Windows Native WiFi Miniport Driver is the kernel-level driver responsible for managing wireless network connections on Windows systems. A race condition flaw (CWE-362) allows unauthenticated attackers on an adjacent network to execute code with no user interaction. The attack is limited to systems on the same network segment as the attacker and cannot be performed across multiple networks. Exploitation requires specific network configurations and timing conditions, making it unreliable across all environments and contributing to the high attack complexity rating.
An official fix is available for customers to deploy. Table 13. Critical vulnerability in Windows Native WiFi Miniport Driver Severity CVSS Score CVE Description Action Required? Critical 7.5 CVE-2026-32161 Windows Native WiFi Miniport Driver RCE Vulnerability Yes Critical Vulnerability in Windows Graphics Component CVE-2026-40403 RCE vulnerability affecting the Windows Graphics Component and has a 8.8 .
A heap-based buffer overflow flaw (CWE-122) in Windows Win32K - GRFX could allow an authorized attacker to execute arbitrary code locally. Any authenticated attacker could trigger this vulnerability without requiring admin or elevated privileges. An attacker could exploit this vulnerability by gaining access to a local guest VM in order to attack the host OS. Successful exploitation could also lead to a contained execution environment escape.
An official fix is available for customers to deploy. Table 14. Critical vulnerability in Windows Graphics Component Severity CVSS Score CVE Description Action Required? Critical 8.8 CVE-2026-40403 Windows Graphics Component RCE Vulnerability Yes Critical Vulnerability in Microsoft SharePoint Server CVE-2026-40365 RCE vulnerability affecting Microsoft SharePoint Server and has a 8.8 . An insufficient granularity of access control flaw (CWE-1220) in Microsoft SharePoint could allow an authorized attacker to execute arbitrary code over a network.
In a network-based attack, an authenticated attacker with at least Site Owner permissions could inject and execute arbitrary code remotely on the SharePoint Server. An official fix is available for customers to deploy. Table 15. Critical vulnerability in Microsoft SharePoint Server Severity CVSS Score CVE Description Action Required? Critical 8.8 CVE-2026-40365 Microsoft SharePoint Server RCE Vulnerability Yes Critical Vulnerability in Azure AI Foundry CVE-2026-35435 elevation of privilege vulnerability affecting Azure AI Foundry and has a 8.6 .
An improper access control flaw (CWE-284) in Azure AI Foundry M365 published agents could allow an unauthorized remote attacker to elevate their privileges over a network. Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 16. Critical vulnerability in Azure AI Foundry Severity CVSS Score CVE Description Action Required?
Critical 8.6 CVE-2026-35435 Azure AI Foundry Elevation of Privilege Vulnerability No Critical Vulnerabilities in Microsoft Word CVE-2026-40367 , CVE-2026-40364 , CVE-2026-40366 , and CVE-2026-40361 RCE vulnerabilities in Microsoft Word, all with a 8.4 . These vulnerabilities allow unauthorized attackers to execute arbitrary code locally through an untrusted pointer dereference flaw (CVE-2026-40367), a type confusion flaw (CVE-2026-40364), and use-after-free flaws (CVE-2026-40366, CVE-2026-40361).
The Preview Pane is an attack vector for all four vulnerabilities. Official fixes are available for customers to deploy. Table 17. Critical vulnerabilities in Microsoft Word Severity CVSS Score CVE Description Action Required? Critical 8.4 CVE-2026-40367 Microsoft Word RCE Vulnerability Yes Critical 8.4 CVE-2026-40366 Microsoft Word RCE Vulnerability Yes Critical 8.4 CVE-2026-40364 Microsoft Word RCE Vulnerability Yes Critical 8.4 CVE-2026-40361 Microsoft Word RCE Vulnerability Yes Critical Vulnerability in Microsoft Partner Center CVE-2026-34327 spoofing vulnerability affecting Microsoft Partner Center and has a 8.2 .
An externally controlled reference to a resource in another sphere flaw (CWE-610) could allow an unauthorized remote attacker to perform spoofing over a network. Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 18. Critical vulnerability in Microsoft Partner Center Severity CVSS Score CVE Description Action Required?
Critical 8.2 CVE-2026-34327 Microsoft Partner Center Spoofing Vulnerability No Critical Vulnerability in Azure Monitor Action Group Notification System CVE-2026-41105 elevation of privilege vulnerability affecting the Azure Monitor Action Group notification system and has a 8.1 . A server-side request forgery (SSRF) flaw (CWE-918) in the Azure Notification Service could allow an authorized remote attacker to elevate their privileges over a network.
Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 19. Critical vulnerability in Azure Monitor Action Group Notification System Severity CVSS Score CVE Description Action Required? Critical 8.1 CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability No Critical Vulnerabilities in Microsoft Office CVE-2026-40358 CVE-2026-40363 remote code execution vulnerabilities in Microsoft Office, both with a Table 20.
Critical vulnerabilities in Microsoft Office Severity CVSS Score CVE Description Action Required? Critical 8.4 CVE-2026-40358 Microsoft Office RCE Vulnerability Yes Critical 8.4 CVE-2026-40363 Microsoft Office RCE Vulnerability Yes Critical Vulnerability in Microsoft Office for Mac CVE-2026-42831 remote code execution vulnerability in Microsoft Office LTSC for Mac 2021 and has a 7.8 . A heap-based buffer overflow flaw (CWE-122) could allow an unauthorized attacker to execute arbitrary code locally.
The Preview Pane is not an attack vector; exploitation requires an attacker to convince a user to open a specially crafted malicious Office file. An official fix is available for customers to deploy. Table 21. Critical vulnerabilities in Microsoft Office Severity CVSS Score CVE Description Action Required? Critical 7.8 CVE-2026-42831 Microsoft Office LTSC for Mac 2021 RCE Vulnerability Yes Critical Vulnerability in Microsoft Dynamics 365 Customer Insights CVE-2026-33821 elevation of privilege vulnerability affecting Microsoft Dynamics 365 Customer Insights and has a 7.7 .
An improper privilege management flaw (CWE-269) could allow an authorized remote attacker to elevate their privileges over a network. Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 22. Critical vulnerability in Microsoft Dynamics 365 Customer Insights Severity CVSS Score CVE Description Action Required? Critical 7.7 CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability No Critical Vulnerabilities in M365 Copilot CVE-2026-26129 CVE-2026-26164 information disclosure vulnerabilities affecting Microsoft 365 Copilot's Business Chat, both with a 7.5 .
These vulnerabilities allow unauthorized remote attackers to disclose sensitive information over a network through improper neutralization of special elements (CVE-2026-26129) and improper neutralization of special elements in output used by a downstream component (CVE-2026-26164) in M365 Copilot. Microsoft has proactively remediated these vulnerabilities within its cloud infrastructure without requiring any customer intervention.
Table 23. Critical vulnerabilities in M365 Copilot Severity CVSS Score CVE Description Action Required? Critical 7.5 CVE-2026-26129 M365 Copilot Information Disclosure Vulnerability No Critical 7.5 CVE-2026-26164 M365 Copilot Information Disclosure Vulnerability No Critical Vulnerability in Copilot Chat (Microsoft Edge) CVE-2026-33111 information disclosure vulnerability affecting Copilot Chat in Microsoft Edge and has a 7.5 .
A command injection flaw (CWE-77) in Copilot Chat could allow an unauthorized remote attacker to disclose sensitive information over a network through improper neutralization of special elements used in a command. Microsoft has proactively remediated this vulnerability within its cloud infrastructure without requiring any customer intervention. Table 24. Critical vulnerability in Copilot Chat (Microsoft Edge) Severity CVSS Score CVE Description Action Required?
Critical 7.5 CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability No Patch Tuesday Dashboard in the Falcon Platform For a visual overview of the systems impacted by this month’s vulnerabilities, you can use our Patch Tuesday dashboard. This can be found in the CrowdStrike Falcon® platform within the Exposure Management > Vulnerability Management > Dashboards page. The preset dashboards show the most recent three months of Patch Tuesday vulnerabilities.
Not All Relevant Vulnerabilities Have Patches: Consider Mitigation Strategies As we have learned with other notable vulnerabilities, such as Log4j , not every highly exploitable vulnerability can be easily patched. As is the case for the ProxyNotShell vulnerabilities, it’s critically important to develop a response plan for how to defend your environments when no patching protocol exists. Regular review of your patching strategy should still be a part of your program, but you should also look more holistically at your organization's methods for cybersecurity and improve your overall security posture.
Learn More The CrowdStrike Falcon platform regularly collects and analyzes trillions of endpoint events every day from millions of sensors deployed across 176 countries. Watch this demo to see the Falcon platform in action . Learn more about how CrowdStrike Falcon® Exposure Management can help you quickly and easily discover and prioritize vulnerabilities and other types of exposures here . About CVSS Scores Common Vulnerability Scoring System (CVSS) is a free and open industry standard that CrowdStrike and many other cybersecurity organizations use to assess and communicate software vulnerabilities’ severity and characteristics.
The CVSS Base Score ranges from 0.0 to 10.0, and the National Vulnerability Database (NVD) adds a severity rating for CVSS scores. Learn more about vulnerability scoring in this article . Additional Resources Fal.Con 2026 registration is now open. Join us in Las Vegas to explore what’s next in cybersecurity. For more information on which products are in Microsoft’s Extended Security Updates program, refer to the vendor guidance here .
Learn how Falcon Exposure Management can help you discover and manage vulnerabilities and other exposures in your environments. Make prioritization painless and efficient. Watch how Falcon Exposure Management enables IT staff to improve visibility with custom filters and team dashboards. Find out how CrowdStrike Falcon® Next-Gen Identity Security products can stop workforce identity threats faster. Test CrowdStrike next-gen antivirus for yourself with a free trial of CrowdStrike® Falcon Prevent™ .
Related Content Categories CONNECT WITH US FEATURED ARTICLES May 06, 2026 May 05, 2026 SUBSCRIBE Sign up now to receive the latest notifications and updates from CrowdStrike. Sign Up See CrowdStrike Falcon ® in Action Detect, prevent, and respond to attacks— even malware-free intrusions—at any stage, with next-generation endpoint protection. See Demo Privacy Request Info Contact Us 1.888.512.8906 Accessibility