Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

securityweek.com·May 13, 2026

CVE-2026-40361 is a critical zero-click vulnerability in Outlook, reminiscent of the previously notorious BadWinmail, which posed significant risks to enterprises.

CVE-2026-40361, a critical zero-click vulnerability in Outlook, poses a significant threat to enterprises, reminiscent of the "enterprise killer" BadWinmail from a decade ago. As a cybersecurity professional, ensure your organization's patch management processes are agile and responsive to swiftly mitigate such high-risk vulnerabilities, particularly those affecting widely-used applications like Outlook.

Want more content like this?

twixb tracks your favorite blogs and social media, filters by keywords, and delivers personalized key learnings — straight to your inbox.

Create Your Own →Explore Newsfeeds

More from Cybersecurity News

Recent stories curated alongside this one.

Browse all Cybersecurity News →

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

Want more content like this?

More from Cybersecurity News

New Fragnesia Linux flaw lets attackers gain root privileges

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

West Pharmaceutical says hackers stole data, encrypted systems

Checkbox Assessments Aren't Fit to Measure to Risk