文章总结: 绿盟科技CERT发布微软2026年4月安全更新通告,共修复165个漏洞含8个关键漏洞,其中CVE-2026-32201SharePoint欺骗漏洞已存在在野利用。重点分析了Kerberos权限提升、RDP客户端远程代码执行等7个高危漏洞的影响范围和CVSS评分,建议用户立即安装补丁防护。 综合评分: 87 文章分类: 漏洞预警,漏洞分析,威胁情报,安全更新,解决方案
【安全更新】微软4月安全更新多个产品高危漏洞通告
原创
NS-CERT NS-CERT
绿盟科技CERT
2026年4月15日 19:50 四川
在小说阅读器读本章
去阅读
通告编号:NS-2026-0009
2026-04-15
| | | | — | — | | TAG: | 安全更新、Windows、Office、Visual Studio、SQL Server | | 漏洞危害: | 攻击者利用本次安全更新中的漏洞,可造成权限提升、远程代码执行等 | | 版本: | 1.0 |
1
漏洞概述
4月15日,绿盟科技CERT监测到微软发布4月安全更新补丁,修复了165个安全问题,涉及Windows、Microsoft Office、Microsoft SQL Server、Microsoft Visual Studio、Microsoft .NET Framework、Azure等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键的漏洞有8个,重要漏洞有154个,中危漏洞有2个,低危漏洞有1个。其中包括1个已检测到在野利用的漏洞:
Microsoft SharePoint Server欺骗漏洞(CVE-2026-32201)
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr
SEE MORE →
2重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Microsoft SharePoint Server欺骗漏洞(CVE-2026-32201):
Microsoft SharePoint Server中存在欺骗漏洞,由于SharePoint Server 的输入验证不当,未经身份验证的攻击者可通过网络进行欺骗攻击,从而查看部分敏感信息并篡改已公开的信息。该漏洞存在在野利用,CVSS评分9.0。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201
Windows Kerberos权限提升漏洞(CVE-2026-27912):
Windows Kerberos中存在权限提升漏洞,由于Kerberos服务票据请求的验证过程中存在授权不当问题,经过身份验证的攻击者可通过操纵Kerberos票据字段绕过安全检查,在相邻网络上提升权限,可能获取域管理员权限。CVSS评分8.0。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-27912
Remote Desktop Client远程代码执行漏洞(CVE-2026-32157):
Remote Desktop Client中存在远程代码执行漏洞,由于Remote Desktop Client在处理RDP连接参数时存在释放后重用(Use After Free)问题,未经身份验证的攻击者可通过诱导用户连接到恶意RDP服务器,从而在客户端主机上执行任意代码。CVSS评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157
Windows TCP/IP远程代码执行漏洞(CVE-2026-33827):
Windows TCP/IP中存在远程代码执行漏洞,由于Windows TCP/IP中使用共享资源时的同步机制不当,未经身份验证的攻击者可通过网络利用此漏洞执行任意代码。CVSS评分8.1。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33827
Windows Shell安全功能绕过漏洞(CVE-2026-32225):
Windows Shell中存在安全功能绕过漏洞,由于Windows Shell中的保护机制失败,未经身份验证的攻击者可通过诱导受害者打开特制的.lnk文件,从而绕过SmartScreen安全防护,导致未经授权的操作或访问。CVSS 评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32225
Windows Internet Key Exchange (IKE) Service Extensions远程代码执行漏洞(CVE-2026-33824):
Windows Internet Key Exchange (IKE) Service Extensions中存在远程代码执行漏洞,由于Windows IKE扩展中存在双重释放(Double Free)问题,未经身份验证的攻击者可通过向启用了IKEv2Windows系统发送特制的数据包,从而实现远程代码执行。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33824
Microsoft Defender权限提升漏洞(CVE-2026-33825):
Microsoft Defender中存在权限提升漏洞,由于Microsoft Defender中的访问控制粒度不足,经过身份验证的本地攻击者可将权限提升到SYSTEM。CVSS评分7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825
Windows Active Directory远程代码执行漏洞(CVE-2026-33826):
Windows Active Directory中存在远程代码执行漏洞,由于Windows Active Directory中的输入验证不当,经过身份验证的攻击者可通过相邻网络向RPC主机发送特制的RPC调用,从而实现远程代码执行。CVSS评分8.0。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33826
3影响范围
以下为部分重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
| | | | — | — | | 漏洞编号 | 受影响产品版本 | | CVE-2026-32201 | Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server 2019 | | CVE-2026-27912 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 | | CVE-2026-32157 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Remote Desktop client for Windows Desktop Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows App Client for Windows Desktop Windows 11 version 26H1 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems | | CVE-2026-33827 CVE-2026-32225 | Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM systems | | CVE-2026-33824 | Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems | | CVE-2026-33825 | Microsoft Defender Antimalware Platform | | CVE-2026-33826 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 |
4漏洞防护
4.1 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
| | | | | | — | — | — | — | | 影响产品 | CVE编号 | 漏洞标题 | 严重程度 | | Windows | CVE-2026-32157 | Remote Desktop Client远程代码执行漏洞 | Critical | | Windows | CVE-2026-33826 | Windows Active Directory远程代码执行漏洞 | Critical | | Microsoft .NET Framework | CVE-2026-23666 | .NET Framework拒绝服务漏洞 | Critical | | Microsoft Office | CVE-2026-32190 | Microsoft Office远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-33114 | Microsoft Word远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-33115 | Microsoft Word远程代码执行漏洞 | Critical | | Windows | CVE-2026-33827 | Windows TCP/IP远程代码执行漏洞 | Critical | | Windows | CVE-2026-33824 | Windows Internet Key Exchange (IKE) Service Extensions远程代码执行漏洞 | Critical | | Windows | CVE-2026-20930 | Windows Management Services权限提升漏洞 | Important | | Microsoft Visual Studio Code CoPilot Chat Extension | CVE-2026-23653 | GitHub Copilot and Visual Studio Code信息泄露漏洞 | Important | | Windows | CVE-2026-25184 | Applocker Filter Driver (applockerfltr.sys)权限提升漏洞 | Important | | Microsoft Office | CVE-2026-20945 | Microsoft SharePoint Server欺骗漏洞 | Important | | Windows | CVE-2026-23670 | Windows Virtualization-Based Security (VBS)安全功能绕过漏洞 | Important | | Microsoft Dynamics | CVE-2026-26149 | Microsoft Power Apps Security Feature Bypass | Important | | Windows | CVE-2026-26151 | Remote Desktop欺骗漏洞 | Important | | Windows | CVE-2026-26154 | Windows Server Update Service (WSUS)篡改漏洞 | Important | | Windows | CVE-2026-26155 | Microsoft Local Security Authority Subsystem Service信息泄露漏洞 | Important | | Windows | CVE-2026-26160 | Remote Desktop Licensing Service权限提升漏洞 | Important | | Windows | CVE-2026-26161 | Windows Sensor Data Service权限提升漏洞 | Important | | Windows | CVE-2026-26162 | Windows OLE权限提升漏洞 | Important | | Windows | CVE-2026-26165 | Windows Shell权限提升漏洞 | Important | | Windows | CVE-2026-26166 | Windows Shell权限提升漏洞 | Important | | Windows | CVE-2026-26167 | Windows Push Notifications权限提升漏洞 | Important | | Windows | CVE-2026-26174 | Windows Server Update Service (WSUS)权限提升漏洞 | Important | | Windows | CVE-2026-26175 | Windows Boot Manager安全功能绕过漏洞 | Important | | Windows | CVE-2026-26179 | Windows Kernel权限提升漏洞 | Important | | Windows | CVE-2026-26180 | Windows Kernel权限提升漏洞 | Important | | Windows | CVE-2026-26181 | Microsoft Brokering File System权限提升漏洞 | Important | | Windows | CVE-2026-26183 | Remote Access Management service/API (RPC server)权限提升漏洞 | Important | | Windows | CVE-2026-27906 | Windows Hello安全功能绕过漏洞 | Important | | Windows | CVE-2026-27907 | Windows Storage Spaces Controller权限提升漏洞 | Important | | Windows | CVE-2026-27908 | Windows TDI Translation Driver (tdx.sys)权限提升漏洞 | Important | | Windows | CVE-2026-27915 | Windows UPnP Device Host权限提升漏洞 | Important | | Windows | CVE-2026-27917 | Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys)权限提升漏洞 | Important | | Windows | CVE-2026-27918 | Windows Shell权限提升漏洞 | Important | | Windows | CVE-2026-27919 | Windows UPnP Device Host权限提升漏洞 | Important | | Windows | CVE-2026-27921 | Windows TDI Translation Driver (tdx.sys)权限提升漏洞 | Important | | Windows | CVE-2026-27924 | Desktop Window Manager权限提升漏洞 | Important | | Windows | CVE-2026-27926 | Windows Cloud Files Mini Filter Driver权限提升漏洞 | Important | | Windows | CVE-2026-27927 | Windows Projected File System权限提升漏洞 | Important | | Windows | CVE-2026-27929 | Windows LUA File Virtualization Filter Driver权限提升漏洞 | Important | | Windows | CVE-2026-27931 | Windows GDI信息泄露漏洞 | Important | | Windows | CVE-2026-32071 | Windows Local Security Authority Subsystem Service (LSASS)拒绝服务漏洞 | Important | | Windows | CVE-2026-32073 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-32075 | Windows UPnP Device Host权限提升漏洞 | Important | | Windows | CVE-2026-32081 | Package Catalog信息泄露漏洞 | Important | | Windows | CVE-2026-32082 | Windows Simple Search and Discovery Protocol (SSDP) Service权限提升漏洞 | Important | | Windows | CVE-2026-32083 | Windows Simple Search and Discovery Protocol (SSDP) Service权限提升漏洞 | Important | | Windows | CVE-2026-32085 | Remote Procedure Call信息泄露漏洞 | Important | | Windows | CVE-2026-32087 | Windows Function Discovery Service (fdwsd.dll)权限提升漏洞 | Important | | Windows | CVE-2026-32089 | Windows Speech Brokered Api权限提升漏洞 | Important | | Windows | CVE-2026-32090 | Windows Speech Brokered Api权限提升漏洞 | Important | | Windows | CVE-2026-32093 | Windows Function Discovery Service (fdwsd.dll)权限提升漏洞 | Important | | Windows | CVE-2026-32152 | Desktop Window Manager权限提升漏洞 | Important | | Windows | CVE-2026-32154 | Desktop Window Manager权限提升漏洞 | Important | | Windows | CVE-2026-32156 | Windows UPnP Device Host远程代码执行漏洞 | Important | | Windows | CVE-2026-32158 | Windows Push Notifications权限提升漏洞 | Important | | Windows | CVE-2026-32159 | Windows Push Notifications权限提升漏洞 | Important | | Windows | CVE-2026-32160 | Windows Push Notifications权限提升漏洞 | Important | | Windows | CVE-2026-0390 | UEFI Secure Boot安全功能绕过漏洞 | Important | | Windows | CVE-2026-32165 | Windows User Interface Core权限提升漏洞 | Important | | Microsoft SQL Server | CVE-2026-32167 | SQL Server权限提升漏洞 | Important | | Azure | CVE-2026-32168 | Azure Monitor Agent权限提升漏洞 | Important | | .NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,.NET,Microsoft Visual Studio,.NET 10.0 installed on Windows,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux | CVE-2026-32178 | .NET欺骗漏洞 | Important | | Windows | CVE-2026-32181 | Connected User Experiences and Telemetry Service拒绝服务漏洞 | Important | | Windows | CVE-2026-32183 | Windows Snipping Tool远程代码执行漏洞 | Important | | Azure | CVE-2026-32184 | Microsoft High Performance Compute (HPC) Pack权限提升漏洞 | Important | | Microsoft Office | CVE-2026-32188 | Microsoft Excel信息泄露漏洞 | Important | | Microsoft Office | CVE-2026-32189 | Microsoft Excel远程代码执行漏洞 | Important | | Azure | CVE-2026-32192 | Azure Monitor Agent权限提升漏洞 | Important | | Windows | CVE-2026-32195 | Windows Kernel权限提升漏洞 | Important | | Windows | CVE-2026-32202 | Windows Shell欺骗漏洞 | Important | | Windows | CVE-2026-32215 | Windows Kernel信息泄露漏洞 | Important | | Windows | CVE-2026-32216 | Windows Redirected Drive Buffering System拒绝服务漏洞 | Important | | Windows | CVE-2026-32217 | Windows Kernel信息泄露漏洞 | Important | | Windows | CVE-2026-32218 | Windows Kernel信息泄露漏洞 | Important | | Windows | CVE-2026-32219 | Microsoft Brokering File System权限提升漏洞 | Important | | Windows | CVE-2026-32220 | UEFI Secure Boot安全功能绕过漏洞 | Important | | Windows | CVE-2026-32221 | Windows Graphics Component远程代码执行漏洞 | Important | | Windows | CVE-2026-32222 | Windows Win32k权限提升漏洞 | Important | | Windows | CVE-2026-32223 | Windows USB Printing Stack (usbprint.sys)权限提升漏洞 | Important | | Windows | CVE-2026-32224 | Windows Server Update Service (WSUS)权限提升漏洞 | Important | | Microsoft .NET Framework | CVE-2026-32226 | .NET Framework拒绝服务漏洞 | Important | | Microsoft Office | CVE-2026-33095 | Microsoft Word远程代码执行漏洞 | Important | | Windows | CVE-2026-33096 | HTTP.sys拒绝服务漏洞 | Important | | Windows | CVE-2026-33098 | Windows Container Isolation FS Filter Driver权限提升漏洞 | Important | | .NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,Microsoft .NET Framework,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,.NET,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux | CVE-2026-33116 | .NET, .NET Framework, and Visual Studio拒绝服务漏洞 | Important | | Microsoft SQL Server | CVE-2026-33120 | Microsoft SQL Server远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-33822 | Microsoft Word信息泄露漏洞 | Important | | Windows | CVE-2026-32212 | Universal Plug and Play (upnp.dll)信息泄露漏洞 | Important | | Windows | CVE-2026-20928 | Windows Recovery Environment安全功能绕过漏洞 | Important | | Windows | CVE-2026-20806 | Windows COM Server信息泄露漏洞 | Important | | Microsoft Office | CVE-2026-23657 | Microsoft Word远程代码执行漏洞 | Important | | PowerShell | CVE-2026-26143 | Microsoft PowerShell安全功能绕过漏洞 | Important | | Windows | CVE-2026-26152 | Microsoft Cryptographic Services权限提升漏洞 | Important | | Windows | CVE-2026-26153 | Windows Encrypted File System (EFS)权限提升漏洞 | Important | | Windows | CVE-2026-26156 | Windows Hyper-V远程代码执行漏洞 | Important | | Windows | CVE-2026-26159 | Remote Desktop Licensing Service权限提升漏洞 | Important | | Windows | CVE-2026-26163 | Windows Kernel权限提升漏洞 | Important | | Windows | CVE-2026-26168 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-26169 | Windows Kernel Memory信息泄露漏洞 | Important | | Windows | CVE-2026-26170 | PowerShell权限提升漏洞 | Important | | Windows | CVE-2026-26172 | Windows Push Notifications权限提升漏洞 | Important | | Windows | CVE-2026-26173 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-26176 | Windows Client Side Caching driver (csc.sys)权限提升漏洞 | Important | | Windows | CVE-2026-26177 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-26178 | Windows Advanced Rasterization Platform权限提升漏洞 | Important | | Windows | CVE-2026-26182 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-26184 | Windows Projected File System权限提升漏洞 | Important | | Windows | CVE-2026-27909 | Windows Search Service权限提升漏洞 | Important | | Windows | CVE-2026-27910 | Windows Installer权限提升漏洞 | Important | | Windows | CVE-2026-27911 | Windows User Interface Core权限提升漏洞 | Important | | Windows | CVE-2026-27912 | Windows Kerberos权限提升漏洞 | Important | | Windows | CVE-2026-27913 | Windows BitLocker安全功能绕过漏洞 | Important | | Windows | CVE-2026-27914 | Microsoft Management Console权限提升漏洞 | Important | | Windows | CVE-2026-27916 | Windows UPnP Device Host权限提升漏洞 | Important | | Windows | CVE-2026-27920 | Windows UPnP Device Host权限提升漏洞 | Important | | Windows | CVE-2026-27922 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-27923 | Desktop Window Manager权限提升漏洞 | Important | | Windows | CVE-2026-27925 | Windows UPnP Device Host信息泄露漏洞 | Important | | Windows | CVE-2026-27928 | Windows Hello安全功能绕过漏洞 | Important | | Windows | CVE-2026-27930 | Windows GDI信息泄露漏洞 | Important | | Windows | CVE-2026-32068 | Windows Simple Search and Discovery Protocol (SSDP) Service权限提升漏洞 | Important | | Windows | CVE-2026-32069 | Windows Projected File System权限提升漏洞 | Important | | Windows | CVE-2026-32070 | Windows Common Log File System Driver权限提升漏洞 | Important | | Windows | CVE-2026-32072 | Active Directory欺骗漏洞 | Important | | Windows | CVE-2026-32074 | Windows Projected File System权限提升漏洞 | Important | | Windows | CVE-2026-32076 | Windows Storage Spaces Controller权限提升漏洞 | Important | | Windows | CVE-2026-32077 | Windows UPnP Device Host权限提升漏洞 | Important | | Windows | CVE-2026-32078 | Windows Projected File System权限提升漏洞 | Important | | Windows | CVE-2026-32079 | Web Account Manager信息泄露漏洞 | Important | | Windows | CVE-2026-32080 | Windows WalletService权限提升漏洞 | Important | | Windows | CVE-2026-32084 | Windows Print Spooler信息泄露漏洞 | Important | | Windows | CVE-2026-32086 | Windows Function Discovery Service (fdwsd.dll)权限提升漏洞 | Important | | Windows | CVE-2026-32088 | Windows Biometric Service安全功能绕过漏洞 | Important | | Windows | CVE-2026-32091 | Microsoft Brokering File System权限提升漏洞 | Important | | Windows | CVE-2026-32149 | Windows Hyper-V远程代码执行漏洞 | Important | | Windows | CVE-2026-32150 | Windows Function Discovery Service (fdwsd.dll)权限提升漏洞 | Important | | Windows | CVE-2026-32151 | Windows Shell信息泄露漏洞 | Important | | Windows | CVE-2026-32153 | Windows Speech Runtime权限提升漏洞 | Important | | Windows | CVE-2026-32155 | Desktop Window Manager权限提升漏洞 | Important | | Windows | CVE-2026-32162 | Windows COM权限提升漏洞 | Important | | Windows | CVE-2026-32163 | Windows User Interface Core权限提升漏洞 | Important | | Windows | CVE-2026-32164 | Windows User Interface Core权限提升漏洞 | Important | | Azure | CVE-2026-32171 | Azure Logic Apps权限提升漏洞 | Important | | Microsoft SQL Server | CVE-2026-32176 | SQL Server权限提升漏洞 | Important | | Windows | CVE-2026-32196 | Windows Admin Center欺骗漏洞 | Important | | Microsoft Office | CVE-2026-32197 | Microsoft Excel远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-32198 | Microsoft Excel远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-32199 | Microsoft Excel远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-32200 | Microsoft PowerPoint远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-32201 | Microsoft SharePoint Server欺骗漏洞 | Important | | .NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,.NET 10.0 installed on Windows,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux | CVE-2026-26171 | .NET拒绝服务漏洞 | Important | | .NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Linux,Microsoft Visual Studio,.NET 10.0 installed on Windows,.NET 8.0 installed on Windows,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Linux,.NET 8.0 installed on Linux | CVE-2026-32203 | .NET and Visual Studio拒绝服务漏洞 | Important | | Windows | CVE-2026-32225 | Windows Shell安全功能绕过漏洞 | Important | | Windows | CVE-2026-33099 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-33100 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-33101 | Windows Print Spooler权限提升漏洞 | Important | | Microsoft Dynamics | CVE-2026-33103 | Microsoft Dynamics 365 (On-Premises)信息泄露漏洞 | Important | | Windows | CVE-2026-33104 | Win32k权限提升漏洞 | Important | | Windows | CVE-2026-32214 | Universal Plug and Play (upnp.dll)信息泄露漏洞 | Important | | System Center | CVE-2026-33825 | Microsoft Defender权限提升漏洞 | Important | | Windows | CVE-2026-33829 | Windows Snipping Tool欺骗漏洞 | Moderate | | Microsoft Edge for Android | CVE-2026-33119 | Microsoft Edge (Chromium-based) for Android欺骗漏洞 | Moderate | | Microsoft Edge (Chromium-based) | CVE-2026-33118 | Microsoft Edge (Chromium-based)欺骗漏洞 | Low |
END
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。
绿盟科技CERT∣微信公众号
长按识别二维码,关注网络安全威胁信息
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:绿盟科技CERT NS-CERT NS-CERT《【安全更新】微软4月安全更新多个产品高危漏洞通告》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论