Microsoft has patched a zero-click outlook vulnerability.

Microsoft’s May Patch Tuesday addressed 137 vulnerabilities, including a critical zero‑click Outlook flaw tracked as CVE‑2026‑40361. The bug is a use‑after‑free vulnerability in a DLL shared by Outlook and Word, allowing remote code execution when a user merely previews an email. Researcher Haifei Li compared it to a decade‑old “enterprise killer” Outlook flaw due to its ability to bypass firewalls and compromise high‑value targets.

Read more:

https://www.securityweek.com/microsoft-patches-critical-zero-click-outlook-vulnerability-threatening-enterprises/