Afternoon Review in IT Security — May 13, 2026

The technology sector faces a critical week of security updates as major vendors address significant vulnerabilities across multiple product categories. From enterprise email systems to industrial control infrastructure, organizations are racing to patch newly disclosed security defects that could expose sensitive data and disrupt operations.

Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

Microsoft has released a patch for CVE-2026-40361, a critical zero-click vulnerability in Outlook that poses significant risks to enterprise environments. The vulnerability bears similarities to BadWinmail, a flaw discovered a decade ago that was infamously labeled an "enterprise killer" due to its widespread potential for exploitation. The zero-click nature of this vulnerability means attackers could potentially compromise systems without requiring user interaction, making it particularly dangerous for organizations with large email user bases. Source: Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises

716,000 Impacted by OpenLoop Health Data Breach

A telehealth platform called OpenLoop suffered a data breach that has affected approximately 716,000 individuals. The incident occurred in January when attackers successfully infiltrated the company's systems and exfiltrated personal information belonging to users of the platform. The breach highlights ongoing security challenges within the healthcare technology sector, where patient data remains a high-value target for malicious actors. Source: 716,000 Impacted by OpenLoop Health Data Breach

Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

Intel and AMD have jointly published over two dozen security advisories addressing a combined total of 70 newly identified vulnerabilities across their processor lines. These security defects span multiple product families and severity levels, requiring organizations to carefully prioritize patching efforts based on their hardware configurations and risk profiles. The coordinated disclosure represents a significant maintenance burden for IT teams managing diverse computing environments. Source: Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities

ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA

Industrial control system vendors including Siemens and Schneider Electric have released new security advisories as part of May 2026 Patch Tuesday activities, though notably many ICS vendors have not yet published updates for this cycle. The Cybersecurity and Infrastructure Security Agency has also issued guidance related to these vulnerabilities. This slower update cadence in the industrial sector reflects the complexity of patching critical infrastructure systems that often require extensive testing and scheduled maintenance windows. Source: ICS Patch Tuesday: New Security Advisories From Siemens, Schneider, CISA

Organizations across all sectors should prioritize assessment of these vulnerabilities within their environments and develop patch deployment strategies that balance security needs with operational continuity. The breadth of affected systems underscores the importance of maintaining comprehensive asset inventories and vulnerability management programs.