Windows 11 May 2026: 120 patched vulnerabilities, new functions and batch file hardening for enhanced security

Microsoft has published May 2026 cumulative updates for Windows 11: KB5089549 affects branches 25H2 / 24H2 and KB5087420 a 23H2; both include the safety patches of the Patch Tuesday and correct as a whole 120 vulnerabilities. These updates are mandatory in terms of security content because they incorporate corrections published in previous months and are available from Windows Update or manually downloadable from the Microsoft update catalogue: Microsoft Update Catalog. After installation, the compilation numbers change to 26200.8457 (25H2), 26100.8457 (24H2) and 22631.7079 (23H2).

Beyond the security patches, Microsoft has included several functional improvements and reliability corrections. Among the new features are the inclusion of a "Xbox" mode on the desktop, expanded support of compressed formats in the File Explorer, haptics for compatible input devices (Surface Slim Pen 2, ASUS Pen 3.0, MSI Pen 2, and possibility of future support for other peripherals), a less intrusive redesign of voice writing on the touch keyboard, and the renamed Drop Tray function (before Drag Tray) to share. There are also specific improvements such as an icon that indicates Windows Protected Print Mode support, the extension of the limit to format FAT32 from command line to 2 TB, and settings that seek to stabilize explore.exe, the system tray and Windows Hello.

In the functional safety front, a hardening option is incorporated for batch file processing and CMD scripts: LockBatchFilesWhenInUse. This configuration - applicable by registration key or through Application Control for Business policies - prevents batch files from changing while in operation, reducing an opportunity window for malicious handling or career conditions in administrative environments.

Although Microsoft reports that this delivery does not bring significant known problems, it should be remembered that previous updates have caused side effects in specific environments (e.g. reports of backups in previous updates). In addition, the real threat is not hypothetical: public research and recent events have shown that advanced actors and vulnerability-chaining techniques can turn several failures into powerful exploits. So, grating alone is not enough: it is necessary to integrate parking with detection controls, network segmentation and minimum privileges.

Practical recommendation for users and administrators: in personal or low-risk equipment, apply the update from Settings > Windows Update to stay protected. In corporate environments, follow a cycle: check the technical note of each KB ( KB5089549 and KB5087420), test first in a pilot ring, ensure recent backup and restoration points, deploy via WSUS / Intune / Update Management and monitor telemetrics and records in case of regressions. If you need to apply the safe batch files processing policy, document and test the change of the HKEY _ LOCAL _ MACHINE\\ Software\\ Microsoft\ Command Processor\\ LockBatchFilesWhenInUse (DWORD 0 or 1) registration value before forcing its activation in production.

Finally, maintain continuous visibility: review official state pages and known post-deployment problems, combine the detection patch (EDR, SIEM) and preventive mitigation measures, and follow Microsoft's communications on Windows quality, which anticipate future performance and experience improvements: Microsoft - commitment to quality. The best practice is to act quickly but cautiously: to park for the closing of exploitable vectors, but try and document every step to avoid interruptions that can cost more than the very risk that is sought to mitigate.