Microsoft has published security updates to fix 120 CVEs in the May Patch Tuesday, 16 of which were discovered by a new multi-model agentic security system.

The overall list included 17 critical vulnerabilities, 14 of which were classed as remote code execution (RCE), two were elevation of privilege (EoP) flaws and one was an information disclosure vulnerability.

In total, the majority of the 120 CVEs listed were EoP (61), RCE (31) and information disclosure (14).

Read more on Patch Tuesday: Microsoft Fixes Two Zero-Days in April Patch Tuesday

Adam Barnett, principal software engineer at Rapid7, urged “anyone responsible for securing a domain controller” to prioritize CVE-2026-41089 for remediation.

It’s a critical stack-based buffer overflow in Windows Netlogon with a CVSS v3 base score of 9.8 which could give attackers system privileges on the domain controller, Barnett warned.

“For most pentesters, that’s the point at which the customer report more or less writes itself,” he continued. “No privileges or user interaction are required, and attack complexity is low, which suggests that creation of a reliable exploit might not be especially difficult for anyone with knowledge of the specific mechanism.”

Also top of mind for sysadmins should be CVE-2026-41096 – a critical RCE in the Windows DNS client implementation with a CVSS score of 9.8.

“Because DNS is a core networking service used across enterprise environments, exploitation could impact a large number of systems rapidly,” warned Action1 director of vulnerability research, Jack Bicer. “Successful attacks may lead to widespread endpoint compromise, ransomware deployment, credential harvesting, and operational disruption across corporate networks.” 

Bicer also flagged CVE-2026-42898, a critical RCE bug in Microsoft Dynamics 365 On-Premises. It could allow an authenticated attacker with low privileges to execute malicious code over the network by manipulating process session data within Dynamics CRM.

“With no user interaction required, and the potential to impact systems beyond the vulnerable component's original security scope, this vulnerability poses serious enterprise risk,” he continued. “An attacker with only basic access could turn a business application server into a remote execution platform.”

The Benefits of AI-Powered Vulnerability Research

Rapid7’s Barnett noted that Microsoft’s Windows Attack Research and Protection (WARP) team is credited with multiple critical vulnerabilities. “We can speculate that they likely know a great deal about the current state of AI-powered vulnerability research as it applies to Microsoft products,” he suggested.

Microsoft explained in a blog post published on 12 May how WARP collaborated with the firm’s Autonomous Code Security (ACS) on a new agentic AI initiative which discovered 16 CVEs listed in this month’s Patch Tuesday.

Taesoo Kim, VP of agentic security at Microsoft, explained that the new “agentic security harness” system, codenamed MDASH, uses over 100 specialized agents across multiple models to find novel vulnerabilities.

“The multi-model agentic scanning harness runs a configurable panel of models. That includes SOTA models as the heavy reasoner, distilled models as a cost-effective debater for high-volume passes, and a second separate SOTA model as an independent counterpoint,” he said.

“Disagreement between models is itself a signal: when an auditor flags something as suspect and the debater can’t refute it, that finding’s posterior credibility goes up.”