When the May Patch Tuesday landed this month, I was surprised to see how prevalent AI was in the list of CVEs, making up over 5% of the list. This list included M365 Copilot, M365 Copilot for Desktop, GitHub Copilot, CoPilot Chat in Edge, and Azure Foundry. Once you looked a little deeper, you found that even products like Microsoft Outlook for iOS were impacted. I think this serves as a great reminder of why we need to pay such close attention to the utilization of AI in our environments. The frequency of vulnerabilities like this means that Shadow AI has additional risks beyond data loss and misuse, now, we need to worry about vulnerabilities at every corner.
The flip side of AI is that we’re seeing more vulnerabilities patched. Microsoft’s MDASH was responsible for 16 of the CVEs fixed in the May Patch Tuesday. This is an impressive listing of vulnerabilities, especially when you consider that Microsoft pointed out that the majority of these were reachable from the network.
Recommended CyberTech Insights: Collaboration Platforms Have Quietly Become Enterprise Infrastructure
We’re at an interesting place in cybersecurity right now, where AI impacts us in so many ways and we’re not talking about all of them. While the risks of vulnerability discovery occupy the news cycle, we are missing the fact that it is the vendors and defenders finding most of these vulnerabilities right now, which means that we’re not introducing risk, we’re reducing it by patching these issues. Additionally, AI is helping to speed up the resolution of these issues, making the patches available to the users faster. Now, some might argue that the availability of the patch means that malicious actors can rush to an exploit, and there may be some truth in that argument, but look at how few vulnerabilities actually see active exploitation – the CISA KEV contains fewer than 1700 vulnerabilities. Will this change moving forward? Potentially, but bad cyber hygiene at many companies means that the latest and greatest vulnerabilities don’t need to be exploited.
Then we have the risk that many companies are looking to solve – Shadow AI. The risk of customer data, tokens, passwords, and more being used as input into unauthorized AI systems. The risk is that users are using a system that hasn’t been vetted or approved and the system is potentially feeding them incorrect or even harmful information. This is where we get into a risk that we’re not talking about… the risk that Microsoft demonstrated on Patch Tuesday. Vulnerabilities in the AI system itself. We talk about prompt injection and other forms of attacks and there are tools looking to solve this too, but for many, it sits on the backburner because the quickly shifting technology doesn’t allow a lot of time to investigate. How many people are paying attention to the fixes being released for the assorted AI tools they are using? How many are ensuring that their users are updating this software on a regular basis? Cloud-based vulnerabilities are hopefully patched by the vendor, but what about desktop applications? How often are your users updating Claude or Codex? Are you monitoring that they are on the latest versions? I truly believe that for many, this is the forgotten risk that we need to pay more attention to, where we need to turn to our traditional cyber hygiene vendors and ensure that this is an attack surface they are monitoring and reporting on.
Recommended CyberTech Insights: Small DoD Manufacturers Facing a Growing CMMC Readiness Gap
That’s a lot of words on AI, when there’s something more interesting that came out of this Patch Tuesday – the changes on the Microsoft May Security Guidance. When the guidance dropped on May 12, there were 137 Microsoft CVEs. Today, there are 160 Microsoft CVEs listed on that page. Years ago, an Out of Band Microsoft patch would have been big news. Everyone would have been talking about it. Today, however, Microsoft released 23 additional CVEs and very little was said about most of these. This doesn’t include the dozens of vulnerabilities announced on May 12 that were updated one or more times after the 12th. Let’s look at the list of CVEs that were added this month. (Vulnerabilities that require customer action are bold, vulnerabilities that have been exploited or publicly disclosed are red, and AI vulnerabilities are blue)
| Name | CVE | Customer Action Required | Exploited | Publicly Disclosed |
| Microsoft Power Pages Remote Code Execution Vulnerability | CVE-2026-23652 | No | No | No |
| Microsoft Global Secure Access (GSA) Information Disclosure Vulnerability | CVE-2026-23663 | No | No | No |
| Azure Stack HCI Information Disclosure Vulnerability | CVE-2026-26147 | No | No | No |
| Microsoft Azure Active Directory B2C Elevation of Privilege Vulnerability | CVE-2026-33843 | No | No | No |
| Azure Privileged Identity Management (PIM) Elevation of Privilege Vulnerability | CVE-2026-35430 | No | No | No |
| Azure Virtual Network Gateway Remote Code Execution Vulnerability | CVE-2026-40411 | No | No | No |
| Azure Orbital Spatio Remote Code Execution Vulnerability | CVE-2026-40412 | No | No | No |
| Microsoft Copilot Tampering Vulnerability | CVE-2026-41090 | No | No | No |
| Microsoft Defender Elevation of Privilege Vulnerability | CVE-2026-41091 | Yes | Yes | Yes |
| Microsoft Planetary Computer Pro Information Disclosure Vulnerability | CVE-2026-41104 | No | No | No |
| Microsoft Authenticator Information Disclosure Vulnerability | CVE-2026-41615 | Yes | No | No |
| Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability | CVE-2026-42822 | Yes | No | No |
| M365 Copilot Information Disclosure Vulnerability | CVE-2026-42827 | No | No | No |
| Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability | CVE-2026-42834 | Yes | No | No |
| Microsoft Exchange Server Spoofing Vulnerability | CVE-2026-42897 | Yes | Yes | No |
| Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | CVE-2026-45492 | Yes | No | No |
| Microsoft Entra ID Elevation of Privilege Vulnerability | CVE-2026-42901 | No | No | No |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | CVE-2026-45494 | Yes | No | No |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | CVE-2026-45495 | Yes | No | No |
| Microsoft Defender Denial of Service Vulnerability | CVE-2026-45498 | Yes | Yes | Yes |
| Microsoft Defender Remote Code Execution Vulnerability | CVE-2026-45584 | Yes | No | No |
| Windows BitLocker Security Feature Bypass Vulnerability | CVE-2026-45585 | Yes | No | Yes |
| Azure Resource Manager Elevation of Privilege Vulnerability | CVE-2026-47280 | No | No | No |
These didn’t raise the alarms that an Out of Band patch would have years ago. Is that because of Microsoft’s retirement of bulletins, improvements to our organizational patch management processes, or do we simply not care as much as we used to due to the number of vulnerabilities we see these days?
Tying this all back together, notice that we have a few new AI related vulns (denoted in blue in the table) in this batch of 23 that have been released since the May Patch Tuesday. Definitely something that users of Microsoft’s AI services will want to keep an eye on. At least, however, Microsoft is informing users of these vulnerabilities; are other AI services doing the same? Now may be the time to speak to your vendors to ensure they are helping to improve your security posture rather than reduce it.
Recommended CyberTech Insights: Why Legacy Identity Governance and Administration Is Failing Modern Enterprises
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
