> TritonInfoSec News
Home / May 14, 2026 / Story
0
#2 SecurityWeek general May 13, 2026 at 10:33 UTC

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

By Eduard Kovacs

AI Summary

Microsoft patched CVE-2026-40361, a critical zero-click Outlook vulnerability that security researchers are comparing to BadWinmail — a flaw dubbed an 'enterprise killer' when it was discovered a decade ago. Zero-click RCE vulnerabilities in Outlook are particularly dangerous because exploitation requires no user interaction, making them high-priority patch targets for enterprise defenders. Security teams running on-premises Exchange or unpatched Outlook clients should treat this as an emergency remediation item.

Read full article → https://www.securityweek.com/microsoft-patches-cri…

Relevance score: 90.0/100

# More from May 14

  1. 1
    Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws The Hacker News
  2. 3
    Windows BitLocker zero-day gives access to protected drives, PoC released BleepingComputer
  3. 4
    New critical Exim mailer flaw allows remote code execution BleepingComputer
  4. 5
    Hundreds of Malicious Packages Force RubyGems to Suspend Registrations SecurityWeek
  5. 6
    Instructure pays ransom after Canvas incident as Congress announces investigation The Record
  6. 7
    Foxconn confirms cyberattack claimed by Nitrogen ransomware gang BleepingComputer
  7. 8
    Android Adds Intrusion Logging for Sophisticated Spyware Forensics The Hacker News
  8. 9
    Fortinet, Ivanti Patch Critical Vulnerabilities SecurityWeek
  9. 10
    Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation The Hacker News