【安全更新】微软4月安全更新多个产品高危漏洞通告

阅读： 18

通告编号:NS-2026-0009

TAG：	安全更新、Windows、Office、Visual Studio、SQL Server
漏洞危害：	攻击者利用本次安全更新中的漏洞，可造成权限提升、远程代码执行等
版本：	1.0

1 漏洞概述

4月15日，绿盟科技CERT监测到微软发布4月安全更新补丁，修复了165个安全问题，涉及Windows、Microsoft Office、Microsoft SQL Server、Microsoft Visual Studio、Microsoft .NET Framework、Azure等广泛使用的产品，其中包括权限提升、远程代码执行等高危漏洞类型。本月微软月度更新修复的漏洞中，严重程度为关键的漏洞有8个，重要漏洞有154个，中危漏洞有2个，低危漏洞有1个。其中包括1个已检测到在野利用的漏洞：

Microsoft SharePoint Server欺骗漏洞（CVE-2026-32201）

请相关用户尽快更新补丁进行防护，完整漏洞列表请参考附录。

参考链接：

https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr

2 重点漏洞简述

根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞，请相关用户重点进行关注：

Microsoft SharePoint Server欺骗漏洞（CVE-2026-32201）：

Microsoft SharePoint Server中存在欺骗漏洞，由于SharePoint Server 的输入验证不当，未经身份验证的攻击者可通过网络进行欺骗攻击，从而查看部分敏感信息并篡改已公开的信息。该漏洞存在在野利用，CVSS评分9.0。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201

Windows Kerberos权限提升漏洞（CVE-2026-27912）：

Windows Kerberos中存在权限提升漏洞，由于Kerberos服务票据请求的验证过程中存在授权不当问题，经过身份验证的攻击者可通过操纵Kerberos票据字段绕过安全检查，在相邻网络上提升权限，可能获取域管理员权限。CVSS评分8.0。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27912

Remote Desktop Client远程代码执行漏洞（CVE-2026-32157）：

Remote Desktop Client中存在远程代码执行漏洞，由于Remote Desktop Client在处理RDP连接参数时存在释放后重用（Use After Free）问题，未经身份验证的攻击者可通过诱导用户连接到恶意RDP服务器，从而在客户端主机上执行任意代码。CVSS评分8.8。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157

Windows TCP/IP远程代码执行漏洞（CVE-2026-33827）：

Windows TCP/IP中存在远程代码执行漏洞，由于Windows TCP/IP中使用共享资源时的同步机制不当，未经身份验证的攻击者可通过网络利用此漏洞执行任意代码。CVSS评分8.1。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827

Windows Shell安全功能绕过漏洞（CVE-2026-32225）：

Windows Shell中存在安全功能绕过漏洞，由于Windows Shell中的保护机制失败，未经身份验证的攻击者可通过诱导受害者打开特制的.lnk文件，从而绕过SmartScreen安全防护，导致未经授权的操作或访问。CVSS 评分8.8。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32225

Windows Internet Key Exchange (IKE) Service Extensions远程代码执行漏洞（CVE-2026-33824）：

Windows Internet Key Exchange (IKE) Service Extensions中存在远程代码执行漏洞，由于Windows IKE扩展中存在双重释放（Double Free）问题，未经身份验证的攻击者可通过向启用了IKEv2Windows系统发送特制的数据包，从而实现远程代码执行。CVSS评分9.8。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824

Microsoft Defender权限提升漏洞（CVE-2026-33825）：

Microsoft Defender中存在权限提升漏洞，由于Microsoft Defender中的访问控制粒度不足，经过身份验证的本地攻击者可将权限提升到SYSTEM。CVSS评分7.8。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825

Windows Active Directory远程代码执行漏洞（CVE-2026-33826）：

Windows Active Directory中存在远程代码执行漏洞，由于Windows Active Directory中的输入验证不当，经过身份验证的攻击者可通过相邻网络向RPC主机发送特制的RPC调用，从而实现远程代码执行。CVSS评分8.0。

官方通告链接：

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826

3 影响范围

以下为部分重点关注漏洞的受影响产品版本，其他漏洞影响产品范围请参阅官方通告链接。

漏洞编号	受影响产品版本
CVE-2026-32201	Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019
CVE-2026-27912	Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019
CVE-2026-32157	Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Remote Desktop client for Windows Desktop Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows App Client for Windows Desktop Windows 11 version 26H1 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems
CVE-2026-33827 CVE-2026-32225	Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM systems
CVE-2026-33824	Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems
CVE-2026-33825	Microsoft Defender Antimalware Platform
CVE-2026-33826	Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019

4 漏洞防护

4.1 补丁更新

目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁，强烈建议受影响用户尽快安装补丁进行防护，官方下载链接：

https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr

注：由于网络问题、计算机环境问题等原因，Windows Update的补丁更新可能出现失败。用户在安装补丁后，应及时检查补丁是否成功更新。

右键点击Windows图标，选择“设置(N)”，选择“更新和安全”-“Windows更新”，查看该页面上的提示信息，也可点击“查看更新历史记录”查看历史更新情况。

针对未成功安装的更新，可点击更新名称跳转到微软官方下载页面，建议用户点击该页面上的链接，转到“Microsoft更新目录”网站下载独立程序包并安装。

附录：漏洞列表

影响产品	CVE编号	漏洞标题	严重程度
Windows	CVE-2026-32157	Remote Desktop Client远程代码执行漏洞	Critical
Windows	CVE-2026-33826	Windows Active Directory远程代码执行漏洞	Critical
Microsoft .NET Framework	CVE-2026-23666	.NET Framework拒绝服务漏洞	Critical
Microsoft Office	CVE-2026-32190	Microsoft Office远程代码执行漏洞	Critical
Microsoft Office	CVE-2026-33114	Microsoft Word远程代码执行漏洞	Critical
Microsoft Office	CVE-2026-33115	Microsoft Word远程代码执行漏洞	Critical
Windows	CVE-2026-33827	Windows TCP/IP远程代码执行漏洞	Critical
Windows	CVE-2026-33824	Windows Internet Key Exchange (IKE) Service Extensions远程代码执行漏洞	Critical
Windows	CVE-2026-20930	Windows Management Services权限提升漏洞	Important
Microsoft Visual Studio Code CoPilot Chat Extension	CVE-2026-23653	GitHub Copilot and Visual Studio Code信息泄露漏洞	Important
Windows	CVE-2026-25184	Applocker Filter Driver (applockerfltr.sys)权限提升漏洞	Important
Microsoft Office	CVE-2026-20945	Microsoft SharePoint Server欺骗漏洞	Important
Windows	CVE-2026-23670	Windows Virtualization-Based Security (VBS)安全功能绕过漏洞	Important
Microsoft Dynamics	CVE-2026-26149	Microsoft Power Apps Security Feature Bypass	Important
Windows	CVE-2026-26151	Remote Desktop欺骗漏洞	Important
Windows	CVE-2026-26154	Windows Server Update Service (WSUS)篡改漏洞	Important
Windows	CVE-2026-26155	Microsoft Local Security Authority Subsystem Service信息泄露漏洞	Important
Windows	CVE-2026-26160	Remote Desktop Licensing Service权限提升漏洞	Important
Windows	CVE-2026-26161	Windows Sensor Data Service权限提升漏洞	Important
Windows	CVE-2026-26162	Windows OLE权限提升漏洞	Important
Windows	CVE-2026-26165	Windows Shell权限提升漏洞	Important
Windows	CVE-2026-26166	Windows Shell权限提升漏洞	Important
Windows	CVE-2026-26167	Windows Push Notifications权限提升漏洞	Important
Windows	CVE-2026-26174	Windows Server Update Service (WSUS)权限提升漏洞	Important
Windows	CVE-2026-26175	Windows Boot Manager安全功能绕过漏洞	Important
Windows	CVE-2026-26179	Windows Kernel权限提升漏洞	Important
Windows	CVE-2026-26180	Windows Kernel权限提升漏洞	Important
Windows	CVE-2026-26181	Microsoft Brokering File System权限提升漏洞	Important
Windows	CVE-2026-26183	Remote Access Management service/API (RPC server)权限提升漏洞	Important
Windows	CVE-2026-27906	Windows Hello安全功能绕过漏洞	Important
Windows	CVE-2026-27907	Windows Storage Spaces Controller权限提升漏洞	Important
Windows	CVE-2026-27908	Windows TDI Translation Driver (tdx.sys)权限提升漏洞	Important
Windows	CVE-2026-27915	Windows UPnP Device Host权限提升漏洞	Important
Windows	CVE-2026-27917	Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys)权限提升漏洞	Important
Windows	CVE-2026-27918	Windows Shell权限提升漏洞	Important
Windows	CVE-2026-27919	Windows UPnP Device Host权限提升漏洞	Important
Windows	CVE-2026-27921	Windows TDI Translation Driver (tdx.sys)权限提升漏洞	Important
Windows	CVE-2026-27924	Desktop Window Manager权限提升漏洞	Important
Windows	CVE-2026-27926	Windows Cloud Files Mini Filter Driver权限提升漏洞	Important
Windows	CVE-2026-27927	Windows Projected File System权限提升漏洞	Important
Windows	CVE-2026-27929	Windows LUA File Virtualization Filter Driver权限提升漏洞	Important
Windows	CVE-2026-27931	Windows GDI信息泄露漏洞	Important
Windows	CVE-2026-32071	Windows Local Security Authority Subsystem Service (LSASS)拒绝服务漏洞	Important
Windows	CVE-2026-32073	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-32075	Windows UPnP Device Host权限提升漏洞	Important
Windows	CVE-2026-32081	Package Catalog信息泄露漏洞	Important
Windows	CVE-2026-32082	Windows Simple Search and Discovery Protocol (SSDP) Service权限提升漏洞	Important
Windows	CVE-2026-32083	Windows Simple Search and Discovery Protocol (SSDP) Service权限提升漏洞	Important
Windows	CVE-2026-32085	Remote Procedure Call信息泄露漏洞	Important
Windows	CVE-2026-32087	Windows Function Discovery Service (fdwsd.dll)权限提升漏洞	Important
Windows	CVE-2026-32089	Windows Speech Brokered Api权限提升漏洞	Important
Windows	CVE-2026-32090	Windows Speech Brokered Api权限提升漏洞	Important
Windows	CVE-2026-32093	Windows Function Discovery Service (fdwsd.dll)权限提升漏洞	Important
Windows	CVE-2026-32152	Desktop Window Manager权限提升漏洞	Important
Windows	CVE-2026-32154	Desktop Window Manager权限提升漏洞	Important
Windows	CVE-2026-32156	Windows UPnP Device Host远程代码执行漏洞	Important
Windows	CVE-2026-32158	Windows Push Notifications权限提升漏洞	Important
Windows	CVE-2026-32159	Windows Push Notifications权限提升漏洞	Important
Windows	CVE-2026-32160	Windows Push Notifications权限提升漏洞	Important
Windows	CVE-2026-0390	UEFI Secure Boot安全功能绕过漏洞	Important
Windows	CVE-2026-32165	Windows User Interface Core权限提升漏洞	Important
Microsoft SQL Server	CVE-2026-32167	SQL Server权限提升漏洞	Important
Azure	CVE-2026-32168	Azure Monitor Agent权限提升漏洞	Important
.NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,.NET,Microsoft Visual Studio,.NET 10.0 installed on Windows,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux	CVE-2026-32178	.NET欺骗漏洞	Important
Windows	CVE-2026-32181	Connected User Experiences and Telemetry Service拒绝服务漏洞	Important
Windows	CVE-2026-32183	Windows Snipping Tool远程代码执行漏洞	Important
Azure	CVE-2026-32184	Microsoft High Performance Compute (HPC) Pack权限提升漏洞	Important
Microsoft Office	CVE-2026-32188	Microsoft Excel信息泄露漏洞	Important
Microsoft Office	CVE-2026-32189	Microsoft Excel远程代码执行漏洞	Important
Azure	CVE-2026-32192	Azure Monitor Agent权限提升漏洞	Important
Windows	CVE-2026-32195	Windows Kernel权限提升漏洞	Important
Windows	CVE-2026-32202	Windows Shell欺骗漏洞	Important
Windows	CVE-2026-32215	Windows Kernel信息泄露漏洞	Important
Windows	CVE-2026-32216	Windows Redirected Drive Buffering System拒绝服务漏洞	Important
Windows	CVE-2026-32217	Windows Kernel信息泄露漏洞	Important
Windows	CVE-2026-32218	Windows Kernel信息泄露漏洞	Important
Windows	CVE-2026-32219	Microsoft Brokering File System权限提升漏洞	Important
Windows	CVE-2026-32220	UEFI Secure Boot安全功能绕过漏洞	Important
Windows	CVE-2026-32221	Windows Graphics Component远程代码执行漏洞	Important
Windows	CVE-2026-32222	Windows Win32k权限提升漏洞	Important
Windows	CVE-2026-32223	Windows USB Printing Stack (usbprint.sys)权限提升漏洞	Important
Windows	CVE-2026-32224	Windows Server Update Service (WSUS)权限提升漏洞	Important
Microsoft .NET Framework	CVE-2026-32226	.NET Framework拒绝服务漏洞	Important
Microsoft Office	CVE-2026-33095	Microsoft Word远程代码执行漏洞	Important
Windows	CVE-2026-33096	HTTP.sys拒绝服务漏洞	Important
Windows	CVE-2026-33098	Windows Container Isolation FS Filter Driver权限提升漏洞	Important
.NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,Microsoft .NET Framework,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,.NET,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux	CVE-2026-33116	.NET, .NET Framework, and Visual Studio拒绝服务漏洞	Important
Microsoft SQL Server	CVE-2026-33120	Microsoft SQL Server远程代码执行漏洞	Important
Microsoft Office	CVE-2026-33822	Microsoft Word信息泄露漏洞	Important
Windows	CVE-2026-32212	Universal Plug and Play (upnp.dll)信息泄露漏洞	Important
Windows	CVE-2026-20928	Windows Recovery Environment安全功能绕过漏洞	Important
Windows	CVE-2026-20806	Windows COM Server信息泄露漏洞	Important
Microsoft Office	CVE-2026-23657	Microsoft Word远程代码执行漏洞	Important
PowerShell	CVE-2026-26143	Microsoft PowerShell安全功能绕过漏洞	Important
Windows	CVE-2026-26152	Microsoft Cryptographic Services权限提升漏洞	Important
Windows	CVE-2026-26153	Windows Encrypted File System (EFS)权限提升漏洞	Important
Windows	CVE-2026-26156	Windows Hyper-V远程代码执行漏洞	Important
Windows	CVE-2026-26159	Remote Desktop Licensing Service权限提升漏洞	Important
Windows	CVE-2026-26163	Windows Kernel权限提升漏洞	Important
Windows	CVE-2026-26168	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-26169	Windows Kernel Memory信息泄露漏洞	Important
Windows	CVE-2026-26170	PowerShell权限提升漏洞	Important
Windows	CVE-2026-26172	Windows Push Notifications权限提升漏洞	Important
Windows	CVE-2026-26173	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-26176	Windows Client Side Caching driver (csc.sys)权限提升漏洞	Important
Windows	CVE-2026-26177	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-26178	Windows Advanced Rasterization Platform权限提升漏洞	Important
Windows	CVE-2026-26182	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-26184	Windows Projected File System权限提升漏洞	Important
Windows	CVE-2026-27909	Windows Search Service权限提升漏洞	Important
Windows	CVE-2026-27910	Windows Installer权限提升漏洞	Important
Windows	CVE-2026-27911	Windows User Interface Core权限提升漏洞	Important
Windows	CVE-2026-27912	Windows Kerberos权限提升漏洞	Important
Windows	CVE-2026-27913	Windows BitLocker安全功能绕过漏洞	Important
Windows	CVE-2026-27914	Microsoft Management Console权限提升漏洞	Important
Windows	CVE-2026-27916	Windows UPnP Device Host权限提升漏洞	Important
Windows	CVE-2026-27920	Windows UPnP Device Host权限提升漏洞	Important
Windows	CVE-2026-27922	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-27923	Desktop Window Manager权限提升漏洞	Important
Windows	CVE-2026-27925	Windows UPnP Device Host信息泄露漏洞	Important
Windows	CVE-2026-27928	Windows Hello安全功能绕过漏洞	Important
Windows	CVE-2026-27930	Windows GDI信息泄露漏洞	Important
Windows	CVE-2026-32068	Windows Simple Search and Discovery Protocol (SSDP) Service权限提升漏洞	Important
Windows	CVE-2026-32069	Windows Projected File System权限提升漏洞	Important
Windows	CVE-2026-32070	Windows Common Log File System Driver权限提升漏洞	Important
Windows	CVE-2026-32072	Active Directory欺骗漏洞	Important
Windows	CVE-2026-32074	Windows Projected File System权限提升漏洞	Important
Windows	CVE-2026-32076	Windows Storage Spaces Controller权限提升漏洞	Important
Windows	CVE-2026-32077	Windows UPnP Device Host权限提升漏洞	Important
Windows	CVE-2026-32078	Windows Projected File System权限提升漏洞	Important
Windows	CVE-2026-32079	Web Account Manager信息泄露漏洞	Important
Windows	CVE-2026-32080	Windows WalletService权限提升漏洞	Important
Windows	CVE-2026-32084	Windows Print Spooler信息泄露漏洞	Important
Windows	CVE-2026-32086	Windows Function Discovery Service (fdwsd.dll)权限提升漏洞	Important
Windows	CVE-2026-32088	Windows Biometric Service安全功能绕过漏洞	Important
Windows	CVE-2026-32091	Microsoft Brokering File System权限提升漏洞	Important
Windows	CVE-2026-32149	Windows Hyper-V远程代码执行漏洞	Important
Windows	CVE-2026-32150	Windows Function Discovery Service (fdwsd.dll)权限提升漏洞	Important
Windows	CVE-2026-32151	Windows Shell信息泄露漏洞	Important
Windows	CVE-2026-32153	Windows Speech Runtime权限提升漏洞	Important
Windows	CVE-2026-32155	Desktop Window Manager权限提升漏洞	Important
Windows	CVE-2026-32162	Windows COM权限提升漏洞	Important
Windows	CVE-2026-32163	Windows User Interface Core权限提升漏洞	Important
Windows	CVE-2026-32164	Windows User Interface Core权限提升漏洞	Important
Azure	CVE-2026-32171	Azure Logic Apps权限提升漏洞	Important
Microsoft SQL Server	CVE-2026-32176	SQL Server权限提升漏洞	Important
Windows	CVE-2026-32196	Windows Admin Center欺骗漏洞	Important
Microsoft Office	CVE-2026-32197	Microsoft Excel远程代码执行漏洞	Important
Microsoft Office	CVE-2026-32198	Microsoft Excel远程代码执行漏洞	Important
Microsoft Office	CVE-2026-32199	Microsoft Excel远程代码执行漏洞	Important
Microsoft Office	CVE-2026-32200	Microsoft PowerPoint远程代码执行漏洞	Important
Microsoft Office	CVE-2026-32201	Microsoft SharePoint Server欺骗漏洞	Important
.NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,.NET 10.0 installed on Windows,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux	CVE-2026-26171	.NET拒绝服务漏洞	Important
.NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,Microsoft Visual Studio,.NET 10.0 installed on Windows,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux	CVE-2026-32203	.NET and Visual Studio拒绝服务漏洞	Important
Windows	CVE-2026-32225	Windows Shell安全功能绕过漏洞	Important
Windows	CVE-2026-33099	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-33100	Windows Ancillary Function Driver for WinSock权限提升漏洞	Important
Windows	CVE-2026-33101	Windows Print Spooler权限提升漏洞	Important
Microsoft Dynamics	CVE-2026-33103	Microsoft Dynamics 365 (On-Premises)信息泄露漏洞	Important
Windows	CVE-2026-33104	Win32k权限提升漏洞	Important
Windows	CVE-2026-32214	Universal Plug and Play (upnp.dll)信息泄露漏洞	Important
System Center	CVE-2026-33825	Microsoft Defender权限提升漏洞	Important
Windows	CVE-2026-33829	Windows Snipping Tool欺骗漏洞	Moderate
Microsoft Edge for Android	CVE-2026-33119	Microsoft Edge (Chromium-based) for Android欺骗漏洞	Moderate
Microsoft Edge (Chromium-based)	CVE-2026-33118	Microsoft Edge (Chromium-based)欺骗漏洞	Low

END

声明

本安全公告仅用来描述可能存在的安全问题，绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失，均由使用者本人负责，绿盟科技以及安全公告作者不为此承担任何责任。绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告，必须保证此安全公告的完整性，包括版权声明等全部内容。未经绿盟科技允许，不得任意修改或者增减此安全公告内容，不得以任何方式将其用于商业目的。