阅读: 5
通告编号 NS-2026-0013
| TAG: | 安全更新、Windows、Office、SQL Server、Azure |
| 漏洞危害: | 攻击者利用本次安全更新中的漏洞,可造成权限提升、远程代码执行等 |
| 版本: | 1.0 |
1 漏洞概述
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有30个,重要(Important)漏洞有103个,中危(Moderate)漏洞有3个,低危(Low)漏洞有1个。
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-May
2 重点漏洞简述
Windows Native WiFi Miniport Driver远程代码执行漏洞(CVE-2026-32161):
由于Windows Native WiFi微型端口驱动程序中存在竞争条件和释放后重用(use-after-free)漏洞,攻击者可以使用共享资源进行并发处理触发竞态条件,从而在相邻网络上执行任意代码。CVSS评分7.5。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32161
Windows GDI远程代码执行漏洞(CVE-2026-35421):
由于Windows 图形设备接口 (GDI) 中存在基于堆的缓冲区溢出漏洞,攻击者可以诱导用户使用Microsoft Paint打开特制的增强型图元文件 (EMF) 进行触发,从而在目标系统上执行任意代码。CVSS评分7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35421
Windows Graphics Component远程代码执行漏洞(CVE-2026-40403):
由于Windows图形组件Win32K中存在基于堆的缓冲区溢出漏洞,经过身份验证的攻击者可通过访问受影响的本地虚拟机接口触发漏洞,从而进行容器逃逸或代码执行。CVSS评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40403
Microsoft Office远程代码执行漏洞(CVE-2026-40358):
Microsoft Office 中存在释放后重用(use-after-free)漏洞,未经身份验证的攻击者可通过向用户发送特制的恶意文档,诱导用户预览或打开后会导致任意代码执行。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358
Microsoft Office远程代码执行漏洞(CVE-2026-40363/CVE-2026-42831):
Microsoft Office 中存在两个基于堆的缓冲区溢出漏洞,未经身份验证的攻击者向用户发送特制的恶意文档,诱导用户打开后造成任意代码执行。CVSS评分为8.4与7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40363
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42831
Microsoft Word远程代码执行漏洞(CVE-2026-40361/CVE-2026-40366):
由于Microsoft Word中存在两个释放后重用(use-after-free)漏洞,未经身份验证的攻击者可通过诱导用户下载并预览或打开特制的文件,从而在用户上下文中执行代码。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40366
Microsoft Word远程代码执行漏洞(CVE-2026-40364/CVE-2026-40367):
由于Microsoft Word 中存在类型混淆和不可信指针解引用漏洞,未经身份验证的攻击者可通过向用户发送特制的恶意文件,诱导用户预览或点击后会导致任意代码执行。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367
Microsoft SharePoint Server远程代码执行漏洞(CVE-2026-40365):
由于Microsoft SharePoint对访问控制粒度不足,具有站点所有者及以上权限的攻击者可以编写任意代码并进行注入,从而在SharePoint服务器上执行。CVSS评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40365
Windows TCP/IP远程代码执行漏洞(CVE-2026-40415):
Windows TCP/IP中存在远程代码执行漏洞,由于TCP/IP协议中的释放后重用(use-after-free)问题,未经身份验证的攻击者可通过发送特殊设计的恶意数据包利用此漏洞执行任意代码。CVSS评分8.1。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40415
Windows Netlogon远程代码执行漏洞(CVE-2026-41089):
由于Windows Netlogon服务中存在基于栈的缓冲区溢出漏洞,未经身份验证的攻击者可以向充当域控制器的Windows服务器发送特制网络请求,从而在受影响的系统上执行代码。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089
Windows DNS Client远程代码执行漏洞(CVE-2026-41096):
由于Windows DNS客户端中存在基于堆的缓冲区溢出漏洞,未经身份验证的攻击者可通过发送特制的 DNS 响应来触发内存损坏,从而在受影响的系统上远程执行代码。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096
Microsoft SSO Plugin for Jira & Confluence权限提升漏洞(CVE-2026-41103):
由于Microsoft SSO Plugin for Jira&Confluence中的身份验证算法存在缺陷,未经身份验证的攻击者可通过发送伪造SSO响应绕过系统身份验证,从而获得用户的Jira或Confluence账户权限。CVSS评分9.1。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103
Microsoft Dynamics 365 On-Premises远程代码执行漏洞(CVE-2026-42898):
由于Microsoft Dynamics 365 (本地版) 中对代码生成的管控不严,经过身份验证的攻击者可通过修改Dynamics CRM中进程会话的保存状态,从而导致服务器执行恶意代码。CVSS评分9.9。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42898
3 影响范围
| 漏洞编号 | 受影响产品版本 |
| CVE-2026-32161
CVE-2026-35421 CVE-2026-40403 |
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems |
| CVE-2026-40358 | Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions |
| CVE-2026-40363 | Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Office for Android Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions |
| CVE-2026-42831 | Microsoft Office LTSC for Mac 2024
Microsoft Office for Android Microsoft Office LTSC for Mac 2021 |
| CVE-2026-40361
CVE-2026-40364 CVE-2026-40366 |
Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions |
| CVE-2026-40367 | Microsoft Word 2016 (64-bit edition)
Microsoft Word 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
| CVE-2026-40365 | Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 |
| CVE-2026-40415 | Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2026-41089 | Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 |
| CVE-2026-41096 | Windows 11 Version 26H1 for ARM64-based Systems
Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) |
| CVE-2026-41103 | Microsoft Confluence SAML SSO plugin
Microsoft JIRA SAML SSO plugin |
| CVE-2026-42898 | Microsoft Dynamics 365 (on-premises) version 9.1 |
补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-May
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
| 影响产品 | CVE编号 | 漏洞标题 | 严重程度 |
| Azure | CVE-2026-40379 | Microsoft Enterprise Security Token Service (ESTS)欺骗漏洞 | Critical |
| Azure | CVE-2026-32207 | Azure Machine Learning Notebook欺骗漏洞 | Critical |
| Azure | CVE-2026-33109 | Azure Managed Instance for Apache Cassandra远程代码执行漏洞 | Critical |
| Windows | CVE-2026-35421 | Windows GDI远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-40363 | Microsoft Office远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-40364 | Microsoft Word远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-40366 | Microsoft Word远程代码执行漏洞 | Critical |
| Windows | CVE-2026-41089 | Windows Netlogon远程代码执行漏洞 | Critical |
| Windows | CVE-2026-41096 | Windows DNS Client远程代码执行漏洞 | Critical |
| Windows | CVE-2026-32161 | Windows Native WiFi Miniport Driver远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-42831 | Microsoft Office远程代码执行漏洞 | Critical |
| Microsoft Dynamics | CVE-2026-42898 | Microsoft Dynamics 365 On-Premises远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-40358 | Microsoft Office远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-40361 | Microsoft Word远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-40365 | Microsoft SharePoint Server远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-40367 | Microsoft Word远程代码执行漏洞 | Critical |
| Windows | CVE-2026-40402 | Windows Hyper-V权限提升漏洞 | Critical |
| Azure | CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence权限提升漏洞 | Critical |
| Microsoft Dynamics | CVE-2026-33821 | Microsoft Dynamics 365 Customer Insights权限提升漏洞 | Critical |
| Apps | CVE-2026-26129 | M365 Copilot信息泄露漏洞 | Critical |
| Copilot Chat (Microsoft Edge) | CVE-2026-33111 | Copilot Chat (Microsoft Edge)信息泄露漏洞 | Critical |
| Apps | CVE-2026-26164 | M365 Copilot信息泄露漏洞 | Critical |
| Microsoft Office | CVE-2026-33823 | Microsoft Team Events Portal信息泄露漏洞 | Critical |
| Azure | CVE-2026-33844 | Azure Managed Instance for Apache Cassandra远程代码执行漏洞 | Critical |
| Azure | CVE-2026-34327 | Microsoft Partner Center欺骗漏洞 | Critical |
| Azure | CVE-2026-35428 | Azure Cloud Shell欺骗漏洞 | Critical |
| Azure | CVE-2026-35435 | Azure AI Foundry权限提升漏洞 | Critical |
| Azure DevOps | CVE-2026-42826 | Azure DevOps信息泄露漏洞 | Critical |
| Azure | CVE-2026-41105 | Azure Monitor Action Group Notification System权限提升漏洞 | Critical |
| Windows | CVE-2026-40403 | Windows Graphics Component远程代码执行漏洞 | Critical |
| Azure | CVE-2026-32204 | Azure Monitor Agent权限提升漏洞 | Important |
| Microsoft .NET Framework,.NET 9.0 installed on Windows,.NET 10.0 installed on Windows,Microsoft Visual Studio,.NET 8.0 installed on Windows | CVE-2026-32177 | .NET权限提升漏洞 | Important |
| Windows | CVE-2026-21530 | Windows Rich Text Edit权限提升漏洞 | Important |
| Azure | CVE-2026-33117 | Azure SDK for Java安全功能绕过漏洞 | Important |
| Windows | CVE-2026-33834 | Windows Event Logging Service权限提升漏洞 | Important |
| Windows | CVE-2026-33839 | Win32k权限提升漏洞 | Important |
| Windows | CVE-2026-33840 | Win32k权限提升漏洞 | Important |
| Windows | CVE-2026-33841 | Windows Kernel权限提升漏洞 | Important |
| Windows | CVE-2026-34329 | Microsoft Message Queuing (MSMQ)远程代码执行漏洞 | Important |
| Windows | CVE-2026-34330 | Win32k权限提升漏洞 | Important |
| Windows | CVE-2026-34331 | Win32k权限提升漏洞 | Important |
| Windows | CVE-2026-34333 | Windows Win32k权限提升漏洞 | Important |
| Windows | CVE-2026-34342 | Windows Print Spooler权限提升漏洞 | Important |
| Windows | CVE-2026-34343 | Windows Application Identity (AppID) Subsystem权限提升漏洞 | Important |
| Windows | CVE-2026-34344 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-34345 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-34347 | Windows Win32k权限提升漏洞 | Important |
| Windows | CVE-2026-34350 | Windows Storport Miniport Driver拒绝服务漏洞 | Important |
| Windows | CVE-2026-34351 | Windows TCP/IP权限提升漏洞 | Important |
| Windows | CVE-2026-35415 | Windows Storage Spaces Controller权限提升漏洞 | Important |
| Windows | CVE-2026-35416 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-35417 | Windows Win32k权限提升漏洞 | Important |
| Windows | CVE-2026-35418 | Windows Cloud Files Mini Filter Driver权限提升漏洞 | Important |
| Windows | CVE-2026-35419 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-35420 | Windows Kernel权限提升漏洞 | Important |
| Windows | CVE-2026-35422 | Windows TCP/IP Driver安全功能绕过漏洞 | Important |
| Windows | CVE-2026-35423 | Windows 11 Telnet Client信息泄露漏洞 | Important |
| Windows | CVE-2026-35424 | Internet Key Exchange (IKE) Protocol拒绝服务漏洞 | Important |
| .NET 8.0 installed on Windows,.NET 10.0 installed on Windows,.NET 9.0 installed on Windows | CVE-2026-35433 | .NET权限提升漏洞 | Important |
| Windows | CVE-2026-35438 | Windows Admin Center权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-35439 | Microsoft SharePoint Server远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-35440 | Microsoft Word信息泄露漏洞 | Important |
| Microsoft Office | CVE-2026-40360 | Microsoft Excel信息泄露漏洞 | Important |
| Microsoft Office | CVE-2026-40368 | Microsoft SharePoint Server远程代码执行漏洞 | Important |
| Microsoft Dynamics | CVE-2026-40374 | Microsoft Power Automate Desktop信息泄露漏洞 | Important |
| Windows | CVE-2026-40377 | Microsoft Cryptographic Services权限提升漏洞 | Important |
| Windows | CVE-2026-40380 | Windows Volume Manager Extension Driver远程代码执行漏洞 | Important |
| Windows | CVE-2026-40399 | Windows TCP/IP权限提升漏洞 | Important |
| Windows | CVE-2026-40405 | Windows TCP/IP拒绝服务漏洞 | Important |
| Windows | CVE-2026-40406 | Windows TCP/IP信息泄露漏洞 | Important |
| Windows | CVE-2026-40407 | Windows Common Log File System Driver权限提升漏洞 | Important |
| Windows | CVE-2026-40408 | Windows WAN ARP Driver权限提升漏洞 | Important |
| Windows | CVE-2026-40410 | Windows SMB Client权限提升漏洞 | Important |
| Windows | CVE-2026-40414 | Windows TCP/IP拒绝服务漏洞 | Important |
| Windows | CVE-2026-40415 | Windows TCP/IP远程代码执行漏洞 | Important |
| Microsoft Dynamics | CVE-2026-40417 | Microsoft Dynamics 365 Business Central权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-40419 | Microsoft Office Click-To-Run权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-40421 | Microsoft Word信息泄露漏洞 | Important |
| Windows | CVE-2026-41088 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Microsoft Data Formulator | CVE-2026-41094 | Microsoft Data Formulator远程代码执行漏洞 | Important |
| Windows | CVE-2026-41095 | Data Deduplication权限提升漏洞 | Important |
| Apps | CVE-2026-41100 | Microsoft 365 Copilot for Android欺骗漏洞 | Important |
| Apps | CVE-2026-41101 | Microsoft Word for Android欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-41102 | Microsoft PowerPoint for Android欺骗漏洞 | Important |
| Visual Studio Code | CVE-2026-41109 | GitHub Copilot and Visual Studio Code安全功能绕过漏洞 | Important |
| Visual Studio Code | CVE-2026-41610 | Visual Studio Code安全功能绕过漏洞 | Important |
| Visual Studio Code | CVE-2026-41611 | Visual Studio Code远程代码执行漏洞 | Important |
| Visual Studio Code – Live Preview extension | CVE-2026-41612 | Visual Studio Code信息泄露漏洞 | Important |
| Apps | CVE-2026-41614 | M365 Copilot for Desktop欺骗漏洞 | Important |
| Windows | CVE-2026-32170 | Windows Rich Text Edit权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-32185 | Microsoft Teams欺骗漏洞 | Important |
| .NET 8.0 installed on Windows,.NET 10.0 installed on Windows,.NET 9.0 installed on Windows,Microsoft Visual Studio | CVE-2026-32175 | .NET Core篡改漏洞 | Important |
| Windows | CVE-2026-42825 | Windows Telephony Service权限提升漏洞 | Important |
| Windows | CVE-2026-42896 | Windows DWM Core Library权限提升漏洞 | Important |
| .NET 10.0 installed on Linux,.NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Windows,.NET 8.0 installed on Linux,.NET 8.0 installed on Windows,.NET 9.0 installed on Linux | CVE-2026-42899 | ASP.NET Core拒绝服务漏洞 | Important |
| Microsoft Office | CVE-2026-33110 | Microsoft SharePoint Server远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-33112 | Microsoft SharePoint Server远程代码执行漏洞 | Important |
| Azure | CVE-2026-33833 | Azure Machine Learning Notebook欺骗漏洞 | Important |
| Windows | CVE-2026-33835 | Windows Cloud Files Mini Filter Driver权限提升漏洞 | Important |
| Windows | CVE-2026-33837 | Windows TCP/IP Local权限提升漏洞 | Important |
| Windows | CVE-2026-33838 | Windows Message Queuing (MSMQ)权限提升漏洞 | Important |
| Windows | CVE-2026-34332 | Windows Kernel-Mode Driver远程代码执行漏洞 | Important |
| Windows | CVE-2026-34334 | Windows TCP/IP权限提升漏洞 | Important |
| Windows | CVE-2026-34336 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-34337 | Windows Cloud Files Mini Filter Driver权限提升漏洞 | Important |
| Windows | CVE-2026-34338 | Windows Telephony Service权限提升漏洞 | Important |
| Windows | CVE-2026-34339 | Windows Lightweight Directory Access Protocol (LDAP)拒绝服务漏洞 | Important |
| Windows | CVE-2026-34340 | Windows Projected File System权限提升漏洞 | Important |
| Windows | CVE-2026-34341 | Windows Link-Layer Discovery Protocol (LLDP)权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-40357 | Microsoft SharePoint Server远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-40359 | Microsoft Excel远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-40362 | Microsoft Excel远程代码执行漏洞 | Important |
| Microsoft SQL Server | CVE-2026-40370 | SQL Server远程代码执行漏洞 | Important |
| Windows | CVE-2026-40369 | Windows Kernel权限提升漏洞 | Important |
| Windows | CVE-2026-40382 | Windows Telephony Service权限提升漏洞 | Important |
| Windows | CVE-2026-40397 | Windows Common Log File System Driver权限提升漏洞 | Important |
| Windows | CVE-2026-32209 | Windows Filtering Platform (WFP)安全功能绕过漏洞 | Important |
| Windows | CVE-2026-40398 | Windows Remote Desktop Services权限提升漏洞 | Important |
| Windows | CVE-2026-40401 | Windows TCP/IP拒绝服务漏洞 | Important |
| Windows | CVE-2026-40413 | Windows TCP/IP拒绝服务漏洞 | Important |
| Microsoft Office | CVE-2026-40418 | Microsoft Office Click-To-Run权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-35436 | Microsoft Office Click-To-Run权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-40420 | Microsoft Office Click-To-Run权限提升漏洞 | Important |
| Windows | CVE-2026-41097 | Secure Boot安全功能绕过漏洞 | Important |
| Azure | CVE-2026-40381 | Azure Connected Machine Agent权限提升漏洞 | Important |
| Visual Studio Code | CVE-2026-41613 | Visual Studio Code权限提升漏洞 | Important |
| Azure | CVE-2026-42823 | Azure Logic Apps权限提升漏洞 | Important |
| Azure | CVE-2026-42830 | Azure Monitor Agent Metrics Extension权限提升漏洞 | Important |
| Apps,Microsoft Office | CVE-2026-42832 | Microsoft Office欺骗漏洞 | Important |
| Microsoft Dynamics | CVE-2026-42833 | Microsoft Dynamics 365 On-Premises远程代码执行漏洞 | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-42838 | Microsoft Edge (Chromium-based)权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-42893 | Microsoft Outlook for iOS篡改漏洞 | Important |
| Azure | CVE-2026-41086 | Windows Admin Center in Azure Portal权限提升漏洞 | Important |
| Microsoft Edge (Chromium-based) | CVE-2026-41107 | Microsoft Edge (Chromium-based)信息泄露漏洞 | Moderate |
| Microsoft Edge for Android | CVE-2026-42891 | Microsoft Edge (Chromium-based) for Android欺骗漏洞 | Moderate |
| Microsoft Edge for Android | CVE-2026-35429 | Microsoft Edge (Chromium-based) for Android欺骗漏洞 | Moderate |
| Microsoft Edge (Chromium-based) | CVE-2026-40416 | Microsoft Edge (Chromium-based) for Android欺骗漏洞 | Low |
END
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。