Hello and welcome to the Wednesday, May 13th,

2026 edition of the Sands Internet Stormsunters Stormcast.

My name is Johannes Ulrich, recording today from San Diego, California.

And this episode is brought you by the sands.edu credit certificate program in cyber security leadership.

Well, today, Microsoft Patch Tuesday, so let's start with a quick summary here.

We got a total of 137 vulnerabilities being addressed by Microsoft.

Now, this is quite a large number, but in addition to this, we actually also got 127 chromium

vulnerabilities being addressed in Microsoft Edge.

Now when it comes to the Microsoft vulnerability, so the 137, you had 30 critical ones here. That's a fairly large number compared

to what we saw in the past, but 14 of these 30, so pretty much half of them, do not require

any customer action, because these vulnerabilities are vulnerabilities in Microsoft Cloud

systems, and as such, of course, there's nothing you have to do.

Microsoft already took care of these for you.

Now, among the remaining critical vulnerabilities,

there are couples of that caught my eye.

One actually that I haven't listed in the diary is one in Outlook.

That's a remote code execution vulnerability

that could be triggered by just previewing an email, so no attachment that you need to open.

There is also a vulnerability in the Microsoft single sign-on plugin for GERA and Confluence.

Given all the news we had about supply chain issues and such,

that's certainly something to watch out for.

The other one that I thought was kind of interesting

...