文章总结: 微软2026年5月安全更新修复了137个漏洞,包括30个关键漏洞和103个重要漏洞,涉及Windows、Office、SQLServer等产品。重点漏洞包括WindowsNativeWiFi驱动竞争条件漏洞(CVE-2026-32161)、Netlogon缓冲区溢出漏洞(CVE-2026-41089,CVSS9.8)和Dynamics365代码执行漏洞(CVE-2026-42898,CVSS9.9)。攻击者可利用这些漏洞实现权限提升或远程代码执行。建议用户立即安装补丁,优先处理评分高于9.0的高危漏洞。 综合评分: 85 文章分类: 漏洞预警,解决方案,应用安全,网络安全,终端安全
【安全更新】微软5月安全更新多个产品高危漏洞通告
原创
NS-CERT NS-CERT
绿盟科技CERT
2026年5月13日 17:56 四川
在小说阅读器读本章
去阅读
通告编号 NS-2026-0013
2026-05-13
| | | | — | — | | TAG: | 安全更新、Windows、Office、SQL Server、Azure | | 漏洞危害: | 攻击者利用本次安全更新中的漏洞,可造成权限提升、远程代码执行等 | | 版本: | 1.0 |
1
漏洞概述
5月13日,绿盟科技CERT监测到微软发布5月安全更新补丁,修复了137个安全问题,涉及Windows、Microsoft Office、Microsoft SQL Server、Visual Studio Code、Azure等广泛使用的产品,其中包括权限提升、远程代码执行等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有30个,重要(Important)漏洞有103个,中危(Moderate)漏洞有3个,低危(Low)漏洞有1个。
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-May
SEE MORE →
2重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Windows Native WiFi Miniport Driver远程代码执行漏洞(CVE-2026-32161):
由于Windows Native WiFi微型端口驱动程序中存在竞争条件和释放后重用(use-after-free)漏洞,攻击者可以使用共享资源进行并发处理触发竞态条件,从而在相邻网络上执行任意代码。CVSS评分7.5。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32161
Windows GDI远程代码执行漏洞(CVE-2026-35421):
由于Windows 图形设备接口 (GDI) 中存在基于堆的缓冲区溢出漏洞,攻击者可以诱导用户使用Microsoft Paint打开特制的增强型图元文件 (EMF) 进行触发,从而在目标系统上执行任意代码。CVSS评分7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35421
Windows Graphics Component远程代码执行漏洞(CVE-2026-40403):
由于Windows图形组件Win32K中存在基于堆的缓冲区溢出漏洞,经过身份验证的攻击者可通过访问受影响的本地虚拟机接口触发漏洞,从而进行容器逃逸或代码执行。CVSS评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40403
Microsoft Office远程代码执行漏洞(CVE-2026-40358):
Microsoft Office 中存在释放后重用(use-after-free)漏洞,未经身份验证的攻击者可通过向用户发送特制的恶意文档,诱导用户预览或打开后会导致任意代码执行。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40358
Microsoft Office远程代码执行漏洞(CVE-2026-40363/CVE-2026-42831):
Microsoft Office 中存在两个基于堆的缓冲区溢出漏洞,未经身份验证的攻击者向用户发送特制的恶意文档,诱导用户打开后造成任意代码执行。CVSS评分为8.4与7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40363
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42831
Microsoft Word远程代码执行漏洞(CVE-2026-40361/CVE-2026-40366):
由于Microsoft Word中存在两个释放后重用(use-after-free)漏洞,未经身份验证的攻击者可通过诱导用户下载并预览或打开特制的文件,从而在用户上下文中执行代码。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40366
Microsoft Word远程代码执行漏洞(CVE-2026-40364/CVE-2026-40367):
由于Microsoft Word 中存在类型混淆和不可信指针解引用漏洞,未经身份验证的攻击者可通过向用户发送特制的恶意文件,诱导用户预览或点击后会导致任意代码执行。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40364
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40367
Microsoft SharePoint Server远程代码执行漏洞(CVE-2026-40365):
由于Microsoft SharePoint对访问控制粒度不足,具有站点所有者及以上权限的攻击者可以编写任意代码并进行注入,从而在SharePoint服务器上执行。CVSS评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40365
Windows TCP/IP远程代码执行漏洞(CVE-2026-40415):
Windows TCP/IP中存在远程代码执行漏洞,由于TCP/IP协议中的释放后重用(use-after-free)问题,未经身份验证的攻击者可通过发送特殊设计的恶意数据包利用此漏洞执行任意代码。CVSS评分8.1。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40415
Windows Netlogon远程代码执行漏洞(CVE-2026-41089):
由于Windows Netlogon服务中存在基于栈的缓冲区溢出漏洞,未经身份验证的攻击者可以向充当域控制器的Windows服务器发送特制网络请求,从而在受影响的系统上执行代码。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089
Windows DNS Client远程代码执行漏洞(CVE-2026-41096):
由于Windows DNS客户端中存在基于堆的缓冲区溢出漏洞,未经身份验证的攻击者可通过发送特制的 DNS 响应来触发内存损坏,从而在受影响的系统上远程执行代码。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096
Microsoft SSO Plugin for Jira & Confluence权限提升漏洞(CVE-2026-41103):
由于Microsoft SSO Plugin for Jira&Confluence中的身份验证算法存在缺陷,未经身份验证的攻击者可通过发送伪造SSO响应绕过系统身份验证,从而获得用户的Jira或Confluence账户权限。CVSS评分9.1。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41103
Microsoft Dynamics 365 On-Premises远程代码执行漏洞(CVE-2026-42898):
由于Microsoft Dynamics 365 (本地版) 中对代码生成的管控不严,经过身份验证的攻击者可通过修改Dynamics CRM中进程会话的保存状态,从而导致服务器执行恶意代码。CVSS评分9.9。
官方通告链接:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42898
3影响范围
以下为部分重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
| | | | — | — | | 漏洞编号 | 受影响产品版本 | | CVE-2026-32161 CVE-2026-35421 CVE-2026-40403 | Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems | | CVE-2026-40358 | Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions | | CVE-2026-40363 | Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Office for Android Microsoft Office 2016 (64-bit edition) Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions | | CVE-2026-42831 | Microsoft Office LTSC for Mac 2024 Microsoft Office for Android Microsoft Office LTSC for Mac 2021 | | CVE-2026-40361 CVE-2026-40364 CVE-2026-40366 | Microsoft Word 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions | | CVE-2026-40367 | Microsoft Word 2016 (64-bit edition) Microsoft Word 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft SharePoint Server Subscription Edition Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 | | CVE-2026-40365 | Microsoft SharePoint Server Subscription Edition Microsoft SharePoint Server 2019 Microsoft SharePoint Enterprise Server 2016 | | CVE-2026-40415 | Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems | | CVE-2026-41089 | Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows Server 2025 Windows Server 2022, 23H2 Edition (Server Core installation) Windows Server 2025 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 | | CVE-2026-41096 | Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows Server 2022, 23H2 Edition (Server Core installation) Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) | | CVE-2026-41103 | Microsoft Confluence SAML SSO plugin Microsoft JIRA SAML SSO plugin | | CVE-2026-42898 | Microsoft Dynamics 365 (on-premises) version 9.1 |
4漏洞防护
补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-May
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
| | | | | | — | — | — | — | | 影响产品 | CVE编号 | 漏洞标题 | 严重程度 | | Azure | CVE-2026-40379 | Microsoft Enterprise Security Token Service (ESTS)欺骗漏洞 | Critical | | Azure | CVE-2026-32207 | Azure Machine Learning Notebook欺骗漏洞 | Critical | | Azure | CVE-2026-33109 | Azure Managed Instance for Apache Cassandra远程代码执行漏洞 | Critical | | Windows | CVE-2026-35421 | Windows GDI远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-40363 | Microsoft Office远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-40364 | Microsoft Word远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-40366 | Microsoft Word远程代码执行漏洞 | Critical | | Windows | CVE-2026-41089 | Windows Netlogon远程代码执行漏洞 | Critical | | Windows | CVE-2026-41096 | Windows DNS Client远程代码执行漏洞 | Critical | | Windows | CVE-2026-32161 | Windows Native WiFi Miniport Driver远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-42831 | Microsoft Office远程代码执行漏洞 | Critical | | Microsoft Dynamics | CVE-2026-42898 | Microsoft Dynamics 365 On-Premises远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-40358 | Microsoft Office远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-40361 | Microsoft Word远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-40365 | Microsoft SharePoint Server远程代码执行漏洞 | Critical | | Microsoft Office | CVE-2026-40367 | Microsoft Word远程代码执行漏洞 | Critical | | Windows | CVE-2026-40402 | Windows Hyper-V权限提升漏洞 | Critical | | Azure | CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence权限提升漏洞 | Critical | | Microsoft Dynamics | CVE-2026-33821 | Microsoft Dynamics 365 Customer Insights权限提升漏洞 | Critical | | Apps | CVE-2026-26129 | M365 Copilot信息泄露漏洞 | Critical | | Copilot Chat (Microsoft Edge) | CVE-2026-33111 | Copilot Chat (Microsoft Edge)信息泄露漏洞 | Critical | | Apps | CVE-2026-26164 | M365 Copilot信息泄露漏洞 | Critical | | Microsoft Office | CVE-2026-33823 | Microsoft Team Events Portal信息泄露漏洞 | Critical | | Azure | CVE-2026-33844 | Azure Managed Instance for Apache Cassandra远程代码执行漏洞 | Critical | | Azure | CVE-2026-34327 | Microsoft Partner Center欺骗漏洞 | Critical | | Azure | CVE-2026-35428 | Azure Cloud Shell欺骗漏洞 | Critical | | Azure | CVE-2026-35435 | Azure AI Foundry权限提升漏洞 | Critical | | Azure DevOps | CVE-2026-42826 | Azure DevOps信息泄露漏洞 | Critical | | Azure | CVE-2026-41105 | Azure Monitor Action Group Notification System权限提升漏洞 | Critical | | Windows | CVE-2026-40403 | Windows Graphics Component远程代码执行漏洞 | Critical | | Azure | CVE-2026-32204 | Azure Monitor Agent权限提升漏洞 | Important | | Microsoft .NET Framework,.NET 9.0 installed on Windows,.NET 10.0 installed on Windows,Microsoft Visual Studio,.NET 8.0 installed on Windows | CVE-2026-32177 | .NET权限提升漏洞 | Important | | Windows | CVE-2026-21530 | Windows Rich Text Edit权限提升漏洞 | Important | | Azure | CVE-2026-33117 | Azure SDK for Java安全功能绕过漏洞 | Important | | Windows | CVE-2026-33834 | Windows Event Logging Service权限提升漏洞 | Important | | Windows | CVE-2026-33839 | Win32k权限提升漏洞 | Important | | Windows | CVE-2026-33840 | Win32k权限提升漏洞 | Important | | Windows | CVE-2026-33841 | Windows Kernel权限提升漏洞 | Important | | Windows | CVE-2026-34329 | Microsoft Message Queuing (MSMQ)远程代码执行漏洞 | Important | | Windows | CVE-2026-34330 | Win32k权限提升漏洞 | Important | | Windows | CVE-2026-34331 | Win32k权限提升漏洞 | Important | | Windows | CVE-2026-34333 | Windows Win32k权限提升漏洞 | Important | | Windows | CVE-2026-34342 | Windows Print Spooler权限提升漏洞 | Important | | Windows | CVE-2026-34343 | Windows Application Identity (AppID) Subsystem权限提升漏洞 | Important | | Windows | CVE-2026-34344 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-34345 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-34347 | Windows Win32k权限提升漏洞 | Important | | Windows | CVE-2026-34350 | Windows Storport Miniport Driver拒绝服务漏洞 | Important | | Windows | CVE-2026-34351 | Windows TCP/IP权限提升漏洞 | Important | | Windows | CVE-2026-35415 | Windows Storage Spaces Controller权限提升漏洞 | Important | | Windows | CVE-2026-35416 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Windows | CVE-2026-35417 | Windows Win32k权限提升漏洞 | Important | | Windows | CVE-2026-35418 | Windows Cloud Files Mini Filter Driver权限提升漏洞 | Important | | Windows | CVE-2026-35419 | Windows DWM Core Library Information Disclosure Vulnerability | Important | | Windows | CVE-2026-35420 | Windows Kernel权限提升漏洞 | Important | | Windows | CVE-2026-35422 | Windows TCP/IP Driver安全功能绕过漏洞 | Important | | Windows | CVE-2026-35423 | Windows 11 Telnet Client信息泄露漏洞 | Important | | Windows | CVE-2026-35424 | Internet Key Exchange (IKE) Protocol拒绝服务漏洞 | Important | | .NET 8.0 installed on Windows,.NET 10.0 installed on Windows,.NET 9.0 installed on Windows | CVE-2026-35433 | .NET权限提升漏洞 | Important | | Windows | CVE-2026-35438 | Windows Admin Center权限提升漏洞 | Important | | Microsoft Office | CVE-2026-35439 | Microsoft SharePoint Server远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-35440 | Microsoft Word信息泄露漏洞 | Important | | Microsoft Office | CVE-2026-40360 | Microsoft Excel信息泄露漏洞 | Important | | Microsoft Office | CVE-2026-40368 | Microsoft SharePoint Server远程代码执行漏洞 | Important | | Microsoft Dynamics | CVE-2026-40374 | Microsoft Power Automate Desktop信息泄露漏洞 | Important | | Windows | CVE-2026-40377 | Microsoft Cryptographic Services权限提升漏洞 | Important | | Windows | CVE-2026-40380 | Windows Volume Manager Extension Driver远程代码执行漏洞 | Important | | Windows | CVE-2026-40399 | Windows TCP/IP权限提升漏洞 | Important | | Windows | CVE-2026-40405 | Windows TCP/IP拒绝服务漏洞 | Important | | Windows | CVE-2026-40406 | Windows TCP/IP信息泄露漏洞 | Important | | Windows | CVE-2026-40407 | Windows Common Log File System Driver权限提升漏洞 | Important | | Windows | CVE-2026-40408 | Windows WAN ARP Driver权限提升漏洞 | Important | | Windows | CVE-2026-40410 | Windows SMB Client权限提升漏洞 | Important | | Windows | CVE-2026-40414 | Windows TCP/IP拒绝服务漏洞 | Important | | Windows | CVE-2026-40415 | Windows TCP/IP远程代码执行漏洞 | Important | | Microsoft Dynamics | CVE-2026-40417 | Microsoft Dynamics 365 Business Central权限提升漏洞 | Important | | Microsoft Office | CVE-2026-40419 | Microsoft Office Click-To-Run权限提升漏洞 | Important | | Microsoft Office | CVE-2026-40421 | Microsoft Word信息泄露漏洞 | Important | | Windows | CVE-2026-41088 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important | | Microsoft Data Formulator | CVE-2026-41094 | Microsoft Data Formulator远程代码执行漏洞 | Important | | Windows | CVE-2026-41095 | Data Deduplication权限提升漏洞 | Important | | Apps | CVE-2026-41100 | Microsoft 365 Copilot for Android欺骗漏洞 | Important | | Apps | CVE-2026-41101 | Microsoft Word for Android欺骗漏洞 | Important | | Microsoft Office | CVE-2026-41102 | Microsoft PowerPoint for Android欺骗漏洞 | Important | | Visual Studio Code | CVE-2026-41109 | GitHub Copilot and Visual Studio Code安全功能绕过漏洞 | Important | | Visual Studio Code | CVE-2026-41610 | Visual Studio Code安全功能绕过漏洞 | Important | | Visual Studio Code | CVE-2026-41611 | Visual Studio Code远程代码执行漏洞 | Important | | Visual Studio Code – Live Preview extension | CVE-2026-41612 | Visual Studio Code信息泄露漏洞 | Important | | Apps | CVE-2026-41614 | M365 Copilot for Desktop欺骗漏洞 | Important | | Windows | CVE-2026-32170 | Windows Rich Text Edit权限提升漏洞 | Important | | Microsoft Office | CVE-2026-32185 | Microsoft Teams欺骗漏洞 | Important | | .NET 8.0 installed on Windows,.NET 10.0 installed on Windows,.NET 9.0 installed on Windows,Microsoft Visual Studio | CVE-2026-32175 | .NET Core篡改漏洞 | Important | | Windows | CVE-2026-42825 | Windows Telephony Service权限提升漏洞 | Important | | Windows | CVE-2026-42896 | Windows DWM Core Library权限提升漏洞 | Important | | .NET 10.0 installed on Linux,.NET 9.0 installed on Mac OS,.NET 9.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 8.0 installed on Mac OS,.NET 10.0 installed on Windows,.NET 8.0 installed on Linux,.NET 8.0 installed on Windows,.NET 9.0 installed on Linux | CVE-2026-42899 | ASP.NET Core拒绝服务漏洞 | Important | | Microsoft Office | CVE-2026-33110 | Microsoft SharePoint Server远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-33112 | Microsoft SharePoint Server远程代码执行漏洞 | Important | | Azure | CVE-2026-33833 | Azure Machine Learning Notebook欺骗漏洞 | Important | | Windows | CVE-2026-33835 | Windows Cloud Files Mini Filter Driver权限提升漏洞 | Important | | Windows | CVE-2026-33837 | Windows TCP/IP Local权限提升漏洞 | Important | | Windows | CVE-2026-33838 | Windows Message Queuing (MSMQ)权限提升漏洞 | Important | | Windows | CVE-2026-34332 | Windows Kernel-Mode Driver远程代码执行漏洞 | Important | | Windows | CVE-2026-34334 | Windows TCP/IP权限提升漏洞 | Important | | Windows | CVE-2026-34336 | Windows DWM Core Library Information Disclosure Vulnerability | Important | | Windows | CVE-2026-34337 | Windows Cloud Files Mini Filter Driver权限提升漏洞 | Important | | Windows | CVE-2026-34338 | Windows Telephony Service权限提升漏洞 | Important | | Windows | CVE-2026-34339 | Windows Lightweight Directory Access Protocol (LDAP)拒绝服务漏洞 | Important | | Windows | CVE-2026-34340 | Windows Projected File System权限提升漏洞 | Important | | Windows | CVE-2026-34341 | Windows Link-Layer Discovery Protocol (LLDP)权限提升漏洞 | Important | | Microsoft Office | CVE-2026-40357 | Microsoft SharePoint Server远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-40359 | Microsoft Excel远程代码执行漏洞 | Important | | Microsoft Office | CVE-2026-40362 | Microsoft Excel远程代码执行漏洞 | Important | | Microsoft SQL Server | CVE-2026-40370 | SQL Server远程代码执行漏洞 | Important | | Windows | CVE-2026-40369 | Windows Kernel权限提升漏洞 | Important | | Windows | CVE-2026-40382 | Windows Telephony Service权限提升漏洞 | Important | | Windows | CVE-2026-40397 | Windows Common Log File System Driver权限提升漏洞 | Important | | Windows | CVE-2026-32209 | Windows Filtering Platform (WFP)安全功能绕过漏洞 | Important | | Windows | CVE-2026-40398 | Windows Remote Desktop Services权限提升漏洞 | Important | | Windows | CVE-2026-40401 | Windows TCP/IP拒绝服务漏洞 | Important | | Windows | CVE-2026-40413 | Windows TCP/IP拒绝服务漏洞 | Important | | Microsoft Office | CVE-2026-40418 | Microsoft Office Click-To-Run权限提升漏洞 | Important | | Microsoft Office | CVE-2026-35436 | Microsoft Office Click-To-Run权限提升漏洞 | Important | | Microsoft Office | CVE-2026-40420 | Microsoft Office Click-To-Run权限提升漏洞 | Important | | Windows | CVE-2026-41097 | Secure Boot安全功能绕过漏洞 | Important | | Azure | CVE-2026-40381 | Azure Connected Machine Agent权限提升漏洞 | Important | | Visual Studio Code | CVE-2026-41613 | Visual Studio Code权限提升漏洞 | Important | | Azure | CVE-2026-42823 | Azure Logic Apps权限提升漏洞 | Important | | Azure | CVE-2026-42830 | Azure Monitor Agent Metrics Extension权限提升漏洞 | Important | | Apps,Microsoft Office | CVE-2026-42832 | Microsoft Office欺骗漏洞 | Important | | Microsoft Dynamics | CVE-2026-42833 | Microsoft Dynamics 365 On-Premises远程代码执行漏洞 | Important | | Microsoft Edge (Chromium-based) | CVE-2026-42838 | Microsoft Edge (Chromium-based)权限提升漏洞 | Important | | Microsoft Office | CVE-2026-42893 | Microsoft Outlook for iOS篡改漏洞 | Important | | Azure | CVE-2026-41086 | Windows Admin Center in Azure Portal权限提升漏洞 | Important | | Microsoft Edge (Chromium-based) | CVE-2026-41107 | Microsoft Edge (Chromium-based)信息泄露漏洞 | Moderate | | Microsoft Edge for Android | CVE-2026-42891 | Microsoft Edge (Chromium-based) for Android欺骗漏洞 | Moderate | | Microsoft Edge for Android | CVE-2026-35429 | Microsoft Edge (Chromium-based) for Android欺骗漏洞 | Moderate | | Microsoft Edge (Chromium-based) | CVE-2026-40416 | Microsoft Edge (Chromium-based) for Android欺骗漏洞 | Low |
END
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。
绿盟科技CERT∣微信公众号
长按识别二维码,关注网络安全威胁信息
免责声明:
本文所载程序、技术方法仅面向合法合规的安全研究与教学场景,旨在提升网络安全防护能力,具有明确的技术研究属性。
任何单位或个人未经授权,将本文内容用于攻击、破坏等非法用途的,由此引发的全部法律责任、民事赔偿及连带责任,均由行为人独立承担,本站不承担任何连带责任。
本站内容均为技术交流与知识分享目的发布,若存在版权侵权或其他异议,请通过邮件联系处理,具体联系方式可点击页面上方的联系我。
本文转载自:绿盟科技CERT NS-CERT NS-CERT《【安全更新】微软5月安全更新多个产品高危漏洞通告》
版权声明
本站仅做备份收录,仅供研究与教学参考之用。
读者将信息用于其他用途的,全部法律及连带责任由读者自行承担,本站不承担任何责任。
评论