| ■ 通告编号 | NS-2026–0016 | ■ 发布日期 | 2026–06-10 |
| ■ 漏洞危害 | 攻击者利用本次安全更新中的漏洞,可造成权限提升、远程代码执行等 | ||
| ■ TAG | 安全更新、Windows、Offce、Exchange Server、Visual Studio Code、Azure | ||
| © 2026 绿盟科技 |
6月9日绿盟科技CERT监测到微软发布6月安全更新补丁,修复了206个安全问题,涉及Windows、Microsoft Office、Microsoft Exchange Server、Visual Studio Code、Azure等广泛使用的产品,其中包括远程代码执行漏洞、信息泄露漏洞、权限提升漏洞等高危漏洞类型。
本月微软月度更新修复的漏洞中,严重程度为关键(Critical)的漏洞有38个,重要(Important)漏洞有168个。
请相关用户尽快更新补丁进行防护,完整漏洞列表请参考附录。
参考链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun
- 重点漏洞简述
根据产品流行度和漏洞重要性筛选出此次更新中包含影响较大的漏洞,请相关用户重点进行关注:
Remote Desktop Client远程代码执行漏洞(CVE-2026-47289):
远程桌面客户端中存在远程代码执行漏洞,由于远程桌面客户端在处理来自恶意服务器的响应数据时存在堆栈缓冲区溢出,未经身份验证的攻击者可搭建恶意远程桌面服务器诱导用户发起连接,用户连接时处理恶意证书触发漏洞,从而以客户端的用户权限任意代码执行。CVSS评分8.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-47289
Microsoft Office远程代码执行漏洞(CVE-2026-45461/CVE-2026-45472/CVE-2026-45474):
Microsoft Office中存在释放后重用(use-after-free)漏洞,未经身份验证的攻击者可通过向用户发送特制的恶意文档,诱导用户预览或打开后会导致任意代码执行。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-45461
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-45472
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-45474
Windows Kernel远程代码执行漏洞(CVE-2026-45657):
Windows Kernel中存在远程代码执行漏洞,由于内核在处理对象时存在释放后使用及堆栈缓冲区溢出问题,未经身份验证的攻击者可通过特制请求触发Windows 内核处理特定 TCP/IP 数据时的缺陷,从而以系统级权限执行任意代码。CVSS评分9.8
官方通告链接:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-45657
HTTP.sys远程代码执行漏洞(CVE-2026-47291):
HTTP.sys 中存在远程代码执行漏洞,由于 HTTP 协议栈在处理特制请求时存在整数溢出或回绕问题,未经身份验证的攻击者可通过构造特制的HTTP数据包触发内存破坏,从而在目标系统上执行任意代码。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-47291
DHCP Client Service远程代码执行漏洞(CVE-2026-44815):
DHCP客户端服务中存在远程代码执行漏洞,由于DHCP客户端在处理网络数据时存在栈缓冲区溢出,未经身份验证的攻击者可通过特制DHCP响应包触发内存破坏,从而在目标设备上执行任意代码。CVSS评分9.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-44815
Windows Graphics Component远程代码执行漏洞(CVE-2026-44803/CVE-2026-44812):
Windows图形组件中存在远程代码执行漏洞,由于图形组件在处理特制图像或文件时存在整数溢出或回绕问题,未经身份验证的攻击者可通过诱导用户打开恶意构造的文件或访问恶意网站触发漏洞,用户预览窗格或打开文件即会导致任意代码执行。CVSS评分7.8。
官方通告链接:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-44803
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-44812
Windows Hyper-V远程代码执行漏洞(CVE-2026-45607/CVE-2026-45641):
Windows Hyper-V中存在远程代码执行漏洞,由于Hyper-V中的越界读取和类型混淆问题,VM上经过身份验证的攻击者可通过向虚拟机的硬件资源发送特制的文件操作请求,从而在主机服务器上执行代码。CVSS评分8.4。
官方通告链接:
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-45607
https://msrc.microsoft.com/update-guide/zh-cn/vulnerability/CVE-2026-45641
- 影响范围
以下为部分重点关注漏洞的受影响产品版本,其他漏洞影响产品范围请参阅官方通告链接。
| 漏洞编号 | 受影响产品版本 |
| CVE-2026-47289 | Windows App Client for Windows Desktop
Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems |
| CVE-2026-45461
CVE-2026-45472 CVE-2026-45474 |
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition) Microsoft Office LTSC for Mac 2024 Microsoft Office LTSC 2024 for 64-bit editions Microsoft Office LTSC 2024 for 32-bit editions Microsoft Office LTSC 2021 for 32-bit editions Microsoft Office LTSC 2021 for 64-bit editions Microsoft Office LTSC for Mac 2021 Microsoft 365 Apps for Enterprise for 64-bit Systems Microsoft 365 Apps for Enterprise for 32-bit Systems Microsoft Office 2019 for 64-bit editions Microsoft Office 2019 for 32-bit editions Microsoft Office 365 for Mac Microsoft Office for Android |
| CVE-2026-45657 | Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2025 Windows Server 2025 (Server Core installation) |
| CVE-2026-47291
CVE-2026-44815 |
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows 10 Version 1809 for x64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2012 Windows Server 2012 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 R2 (Server Core installation) Windows Server 2016 Windows Server 2016 (Server Core installation) Windows Server 2019 Windows Server 2019 (Server Core installation) Windows Server 2022 Windows Server 2022 (Server Core installation) Windows Server 2025 Windows Server 2025 (Server Core installation) |
| CVE-2026-44803
CVE-2026-44812 |
Microsoft Word for Android
Microsoft PowerPoint for Android Microsoft Excel for Android Windows Server 2012 R2 (Server Core installation) Windows Server 2012 R2 Windows Server 2012 (Server Core installation) Windows Server 2012 Windows Server 2016 (Server Core installation) Windows Server 2022 (Server Core installation) Windows Server 2022 Windows Server 2019 (Server Core installation) Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows 10 Version 1809 for 32-bit Systems Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 10 Version 21H2 for ARM64-based Systems Windows 10 Version 21H2 for 32-bit Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for 32-bit Systems Windows 10 Version 22H2 for ARM64-based Systems Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems |
| CVE-2026-45607 | Windows Server 2019 (Server Core installation)
Windows Server 2019 Windows 10 Version 1809 for x64-based Systems Windows Server 2016 (Server Core installation) Windows Server 2016 Windows 10 Version 1607 for x64-based Systems Windows 11 Version 26H1 for ARM64-based Systems Windows 11 version 26H1 for x64-based Systems Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 24H2 for ARM64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 23H2 for ARM64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows 11 Version 25H2 for ARM64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 |
| CVE-2026-45641 | Windows 11 version 26H1 for x64-based Systems
Windows Server 2025 Windows 11 Version 24H2 for x64-based Systems Windows 11 Version 23H2 for x64-based Systems Windows 11 Version 25H2 for x64-based Systems Windows Server 2025 (Server Core installation) Windows 10 Version 22H2 for x64-based Systems Windows 10 Version 21H2 for x64-based Systems Windows Server 2022 (Server Core installation) Windows Server 2022 |
- 漏洞防护
- 补丁更新
目前微软官方已针对受支持的产品版本发布了修复以上漏洞的安全补丁,强烈建议受影响用户尽快安装补丁进行防护,官方下载链接:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun
注:由于网络问题、计算机环境问题等原因,Windows Update的补丁更新可能出现失败。用户在安装补丁后,应及时检查补丁是否成功更新。
右键点击Windows图标,选择“设置(N)”,选择“更新和安全”-“Windows更新”,查看该页面上的提示信息,也可点击“查看更新历史记录”查看历史更新情况。
针对未成功安装的更新,可点击更新名称跳转到微软官方下载页面,建议用户点击该页面上的链接,转到“Microsoft更新目录”网站下载独立程序包并安装。
附录:漏洞列表
| 影响产品 | CVE编号 | 漏洞标题 | 严重程度 |
| Microsoft Office | CVE-2026-45472 | Microsoft Office远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-45474 | Microsoft Office远程代码执行漏洞 | Critical |
| Copilot Chat (Microsoft Edge) | CVE-2026-47644 | Copilot Chat (Microsoft Edge)信息泄露漏洞 | Critical |
| Azure | CVE-2026-47655 | Microsoft Graph信息泄露漏洞 | Critical |
| Windows | CVE-2026-33828 | Windows Device Health Attestation (DHA)权限提升漏洞 | Critical |
| Microsoft Office | CVE-2026-45456 | Microsoft Outlook and Word远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-45458 | Microsoft Outlook and Word远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-45460 | Microsoft Office信息泄露漏洞 | Critical |
| Microsoft Office | CVE-2026-45461 | Microsoft Office远程代码执行漏洞 | Critical |
| Windows | CVE-2026-45607 | Windows Hyper-V远程代码执行漏洞 | Critical |
| Windows | CVE-2026-45641 | Windows Hyper-V远程代码执行漏洞 | Critical |
| Windows | CVE-2026-45648 | Windows Active Directory Domain Services远程代码执行漏洞 | Critical |
| Windows | CVE-2026-45657 | Windows Kernel远程代码执行漏洞 | Critical |
| Windows | CVE-2026-47288 | Windows Kerberos Key Distribution Center (KDC) Remote Code Execution | Critical |
| Windows | CVE-2026-47289 | Remote Desktop Client远程代码执行漏洞 | Critical |
| Windows | CVE-2026-47291 | HTTP.sys远程代码执行漏洞 | Critical |
| Azure | CVE-2026-32193 | Azure Kubernetes Service (AKS)远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-47635 | Microsoft Outlook and Word远程代码执行漏洞 | Critical |
| Windows | CVE-2026-47652 | Windows Hyper-V远程代码执行漏洞 | Critical |
| Windows | CVE-2026-47654 | Remote Desktop Client远程代码执行漏洞 | Critical |
| Windows | CVE-2026-48563 | Remote Desktop Client远程代码执行漏洞 | Critical |
| Other | CVE-2026-26142 | Nuance PowerScribe远程代码执行漏洞 | Critical |
| Microsoft Office | CVE-2026-45463 | Microsoft Office远程代码执行漏洞 | Critical |
| Other | CVE-2026-45476 | Microsoft Azure Network Adapter权限提升漏洞 | Critical |
| Windows | CVE-2026-48574 | Windows Media远程代码执行漏洞 | Critical |
| Windows | CVE-2026-44810 | Microsoft Cryptographic Services权限提升漏洞 | Critical |
| Windows | CVE-2026-42992 | Remote Desktop Client远程代码执行漏洞 | Critical |
| Windows | CVE-2026-44799 | Remote Desktop Client远程代码执行漏洞 | Critical |
| Windows | CVE-2026-44815 | DHCP Client Service远程代码执行漏洞 | Critical |
| Windows | CVE-2026-44801 | Remote Desktop Client远程代码执行漏洞 | Critical |
| Windows | CVE-2026-42985 | Remote Desktop Client远程代码执行漏洞 | Critical |
| Windows | CVE-2026-42987 | Windows Deployment Services (WDS) Remote Code Execution | Critical |
| Microsoft Office,Apps,Windows | CVE-2026-44803 | Windows Graphics Component远程代码执行漏洞 | Critical |
| Microsoft Office,Apps,Windows | CVE-2026-44812 | Windows Graphics Component远程代码执行漏洞 | Critical |
| Apps | CVE-2026-45497 | Microsoft M365 Copilot远程代码执行漏洞 | Critical |
| Apps | CVE-2026-42824 | M365 Copilot信息泄露漏洞 | Critical |
| Azure | CVE-2026-48567 | Azure HorizonDB权限提升漏洞 | Critical |
| Microsoft Exchange Online | CVE-2026-48579 | Microsoft Exchange Online信息泄露漏洞 | Critical |
| Windows | CVE-2026-41108 | Windows DNS Client权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-45467 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45468 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45469 | Microsoft Excel远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45475 | Microsoft Office远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45471 | Microsoft Word远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45479 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45486 | Microsoft Word远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45485 | Microsoft Office信息泄露漏洞 | Important |
| Microsoft Office | CVE-2026-45483 | Microsoft Office Project Server欺骗漏洞 | Important |
| Windows | CVE-2026-40409 | Windows Universal Disk Format File System Driver (UDFS)权限提升漏洞 | Important |
| Windows | CVE-2026-40404 | Windows Universal Disk Format File System Driver (UDFS)权限提升漏洞 | Important |
| Windows | CVE-2026-34335 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Apps | CVE-2026-42902 | Microsoft PowerToys权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-44817 | Microsoft Excel远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-44818 | Microsoft Excel远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-44819 | Microsoft Office远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-44820 | Microsoft Excel远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-44821 | Microsoft Office信息泄露漏洞 | Important |
| Microsoft Office | CVE-2026-44823 | Microsoft Excel远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-44824 | Microsoft Office远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45453 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45466 | Microsoft Word信息泄露漏洞 | Important |
| Windows | CVE-2026-45487 | Windows Program Compatibility Assistant Service权限提升漏洞 | Important |
| .NET 10.0 installed on Windows,.NET 9.0 installed on Windows,.NET 8.0 installed on Windows | CVE-2026-45490 | .NET SDK权限提升漏洞 | Important |
| .NET,.NET 10.0 installed on Linux,.NET 9.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 8.0 installed on Linux,.NET 10.0 installed on Windows,.NET 9.0 installed on Mac OS,.NET 8.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Windows | CVE-2026-45491 | .NET篡改漏洞 | Important |
| Windows | CVE-2026-45605 | Windows Bluetooth Service权限提升漏洞 | Important |
| Windows | CVE-2026-45639 | Windows Remote Desktop Protocol (RDP)信息泄露漏洞 | Important |
| Windows | CVE-2026-45640 | Windows Bluetooth Port Driver权限提升漏洞 | Important |
| Windows | CVE-2026-45606 | Microsoft UxTheme Library (uxtheme.dll)拒绝服务漏洞 | Important |
| Windows | CVE-2026-45634 | Windows DHCP Client信息泄露漏洞 | Important |
| Windows | CVE-2026-45642 | Microsoft Azure Attestation service and Device Health Attestation Service欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45643 | Microsoft Word远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45645 | Microsoft Office远程代码执行漏洞 | Important |
| Apps,Microsoft Office | CVE-2026-45649 | Office for Android欺骗漏洞 | Important |
| Apps | CVE-2026-45650 | Microsoft Bing Search欺骗漏洞 | Important |
| Windows | CVE-2026-45655 | Windows BitLocker安全功能绕过漏洞 | Important |
| Windows | CVE-2026-45656 | UEFI Secure Boot安全功能绕过漏洞 | Important |
| Visual Studio Code | CVE-2026-47287 | Visual Studio Code篡改漏洞 | Important |
| Visual Studio Code – MSSQL Extension | CVE-2026-47292 | Visual Studio Code MSSQL Extension远程代码执行漏洞 | Important |
| Windows | CVE-2026-41092 | Microsoft Kinect权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-47298 | Microsoft SharePoint Server远程代码执行漏洞 | Important |
| Azure | CVE-2026-41098 | Azure Stack Edge欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-47636 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-47637 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-47638 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-47639 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-47641 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Windows | CVE-2026-45588 | Secure Boot安全功能绕过漏洞 | Important |
| Windows | CVE-2026-47648 | Windows Storage权限提升漏洞 | Important |
| Windows | CVE-2026-47653 | Remote Desktop Client远程代码执行漏洞 | Important |
| Windows | CVE-2026-48566 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-48568 | Secure Boot安全功能绕过漏洞 | Important |
| Windows | CVE-2026-48570 | Secure Boot安全功能绕过漏洞 | Important |
| Windows | CVE-2026-48573 | Secure Boot安全功能绕过漏洞 | Important |
| Windows | CVE-2026-48575 | Secure Boot安全功能绕过漏洞 | Important |
| Windows | CVE-2026-48576 | Secure Boot安全功能绕过漏洞 | Important |
| Windows | CVE-2026-48578 | Secure Boot安全功能绕过漏洞 | Important |
| Windows | CVE-2026-48583 | Windows Kernel权限提升漏洞 | Important |
| Apps | CVE-2026-49161 | Microsoft PC Manager安全功能绕过漏洞 | Important |
| Windows | CVE-2026-50508 | Windows NTLM欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-33113 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Dynamics | CVE-2026-40371 | Microsoft Dynamics 365 (on-premises)权限提升漏洞 | Important |
| Windows | CVE-2026-42828 | Windows Projected File System权限提升漏洞 | Important |
| Windows | CVE-2026-42829 | Windows Administrator Protection Secure功能绕过漏洞 | Important |
| Microsoft Office | CVE-2026-42835 | Microsoft Teams for Android信息泄露漏洞 | Important |
| Visual Studio Code | CVE-2026-40376 | Visual Studio Code权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-44822 | Microsoft Excel信息泄露漏洞 | Important |
| Microsoft Office | CVE-2026-45454 | Microsoft SharePoint远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45455 | Microsoft Excel信息泄露漏洞 | Important |
| Microsoft Office | CVE-2026-45457 | Microsoft Word远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45459 | Microsoft Excel安全功能绕过漏洞 | Important |
| Microsoft Office | CVE-2026-45462 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45464 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45465 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Visual Studio Code CoPilot Chat Extension | CVE-2026-45482 | Microsoft Visual Studio Code CoPilot Chat Extension安全功能绕过漏洞 | Important |
| Windows | CVE-2026-45586 | Windows Collaborative Translation Framework (CTFMON)权限提升漏洞 | Important |
| .NET 10.0 installed on Linux,.NET 9.0 installed on Linux,.NET 8.0 installed on Mac OS,.NET 8.0 installed on Linux,.NET 10.0 installed on Windows,.NET 9.0 installed on Mac OS,Microsoft Visual Studio,.NET 8.0 installed on Windows,.NET 10.0 installed on Mac OS,.NET 9.0 installed on Windows,ASP.NET Core | CVE-2026-45591 | ASP.NET Core拒绝服务漏洞 | Important |
| Windows | CVE-2026-45592 | Windows Internet (wininet.dll)权限提升漏洞 | Important |
| Windows | CVE-2026-45593 | Windows SDK权限提升漏洞 | Important |
| Windows | CVE-2026-45594 | Windows Application Identity (AppID)信息泄露漏洞 | Important |
| Windows | CVE-2026-45604 | Windows Managed Installer信息泄露漏洞 | Important |
| Windows | CVE-2026-45595 | Windows Mark of the Web安全功能绕过漏洞 | Important |
| Windows | CVE-2026-45597 | Windows UI Automation Manager (uiamanager.dll)权限提升漏洞 | Important |
| Windows | CVE-2026-45599 | Windows UPnP Device Host远程代码执行漏洞 | Important |
| Windows | CVE-2026-45601 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-45598 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-45636 | Windows NTFS远程代码执行漏洞 | Important |
| Windows | CVE-2026-45596 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-45600 | Windows Kernel-Mode Driver权限提升漏洞 | Important |
| Windows | CVE-2026-45602 | Windows Dynamic Host Configuration Protocol (DHCP)篡改漏洞 | Important |
| Windows | CVE-2026-45635 | Windows UPnP Device Host远程代码执行漏洞 | Important |
| Windows | CVE-2026-45638 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-45603 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-45637 | Microsoft DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-45608 | Windows DHCP Client信息泄露漏洞 | Important |
| Microsoft Live Share Canvas SDK | CVE-2026-45644 | Microsoft Live Share Canvas SDK权限提升漏洞 | Important |
| Windows | CVE-2026-45653 | Windows Kernel权限提升漏洞 | Important |
| Windows | CVE-2026-45654 | Secure Boot安全功能绕过漏洞 | Important |
| System Center | CVE-2026-45647 | Microsoft Defender for Endpoint for Mac权限提升漏洞 | Important |
| Windows | CVE-2026-45658 | Windows BitLocker安全功能绕过漏洞 | Important |
| Visual Studio Code | CVE-2026-47281 | Visual Studio Code权限提升漏洞 | Important |
| Visual Studio Code | CVE-2026-47284 | Visual Studio Code信息泄露漏洞 | Important |
| Microsoft Office | CVE-2026-47293 | Microsoft Office Click-To-Run权限提升漏洞 | Important |
| Windows | CVE-2026-42910 | Windows Hotpatch Monitoring Service权限提升漏洞 | Important |
| Microsoft Office | CVE-2026-47634 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-47640 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Azure | CVE-2026-47643 | Azure Stack Edge远程代码执行漏洞 | Important |
| Microsoft Office | CVE-2026-45481 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-45484 | Microsoft SharePoint权限提升漏洞 | Important |
| Windows | CVE-2026-47656 | Windows Boot Manager安全功能绕过漏洞 | Important |
| Microsoft Office | CVE-2026-48560 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Microsoft Office | CVE-2026-48562 | Microsoft SharePoint Server欺骗漏洞 | Important |
| Windows | CVE-2026-48565 | Windows Narrator Braille权限提升漏洞 | Important |
| Visual Studio Code | CVE-2026-48569 | Visual Studio Code安全功能绕过漏洞 | Important |
| Windows | CVE-2026-49160 | HTTP.sys拒绝服务漏洞 | Important |
| Windows | CVE-2026-50507 | Windows BitLocker安全功能绕过漏洞 | Important |
| Windows | CVE-2026-42836 | Windows Function Discovery Service (fdwsd.dll)权限提升漏洞 | Important |
| Windows | CVE-2026-42837 | Windows Projected File System权限提升漏洞 | Important |
| Windows | CVE-2026-42903 | Windows Kerberos拒绝服务漏洞 | Important |
| Windows | CVE-2026-42904 | Windows TCP/IP权限提升漏洞 | Important |
| Windows | CVE-2026-42905 | Windows DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-42906 | Windows Shell信息泄露漏洞 | Important |
| Windows | CVE-2026-42907 | Windows Shell信息泄露漏洞 | Important |
| Windows | CVE-2026-42908 | Windows Remote Desktop Protocol (RDP)信息泄露漏洞 | Important |
| Windows | CVE-2026-42980 | NT OS Kernel权限提升漏洞 | Important |
| Windows | CVE-2026-42909 | Remote Desktop Client远程代码执行漏洞 | Important |
| Windows | CVE-2026-42916 | NT OS Kernel权限提升漏洞 | Important |
| Windows | CVE-2026-42911 | Windows Ancillary Function Driver for WinSock权限提升漏洞 | Important |
| Windows | CVE-2026-42913 | Remote Desktop Client远程代码执行漏洞 | Important |
| Windows | CVE-2026-42912 | Windows Telephony Service权限提升漏洞 | Important |
| Windows | CVE-2026-42914 | Windows Kerberos拒绝服务漏洞 | Important |
| Windows | CVE-2026-42915 | Windows TCP/IP拒绝服务漏洞 | Important |
| Windows | CVE-2026-42968 | Windows Telephony Server信息泄露漏洞 | Important |
| Windows | CVE-2026-42972 | Windows Hyper-V信息泄露漏洞 | Important |
| Windows | CVE-2026-42969 | Windows Push Notification信息泄露漏洞 | Important |
| Windows | CVE-2026-42971 | Windows Push Notification信息泄露漏洞 | Important |
| Windows | CVE-2026-42970 | Windows Push Notification信息泄露漏洞 | Important |
| Windows | CVE-2026-42973 | Windows Push Notification信息泄露漏洞 | Important |
| Windows | CVE-2026-42984 | Windows Kernel权限提升漏洞 | Important |
| Windows | CVE-2026-42981 | Windows Performance Monitor远程代码执行漏洞 | Important |
| Windows | CVE-2026-42974 | Windows Performance Monitor远程代码执行漏洞 | Important |
| Windows | CVE-2026-42986 | Microsoft Graphics Component权限提升漏洞 | Important |
| Windows | CVE-2026-42978 | Windows Push Notifications权限提升漏洞 | Important |
| Windows | CVE-2026-42977 | Windows Push Notifications权限提升漏洞 | Important |
| Windows | CVE-2026-42979 | Windows Push Notifications权限提升漏洞 | Important |
| Windows | CVE-2026-42991 | Windows Push Notifications权限提升漏洞 | Important |
| Windows | CVE-2026-42989 | Winlogon权限提升漏洞 | Important |
| Windows | CVE-2026-44809 | Windows Common Log File System Driver权限提升漏洞 | Important |
| Windows | CVE-2026-44805 | Windows Network Controller (NC) Host Agent拒绝服务漏洞 | Important |
| Windows | CVE-2026-44811 | Windows DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-44808 | Windows DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-44807 | Windows DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-42983 | Windows DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-44802 | Windows DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-44814 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows | CVE-2026-42993 | Remote Desktop Client远程代码执行漏洞 | Important |
| Windows | CVE-2026-44813 | Windows DWM Core Library权限提升漏洞 | Important |
| Windows | CVE-2026-44804 | Windows DWM Core Library权限提升漏洞 | Important |
| Apps | CVE-2026-50512 | Microsoft PC Manager权限提升漏洞 | Important |
| Apps | CVE-2026-50511 | Microsoft PC Manager权限提升漏洞 | Important |
| Microsoft Exchange Server,Microsoft Exchange Server Subscription Edition RTM | CVE-2026-47631 | Microsoft Exchange Server欺骗漏洞 | Important |
| Microsoft Exchange Server,Microsoft Exchange Server Subscription Edition RTM | CVE-2026-45500 | Microsoft Exchange Server欺骗漏洞 | Important |
| Microsoft Exchange Server,Microsoft Exchange Server Subscription Edition RTM | CVE-2026-45501 | Microsoft Exchange Server欺骗漏洞 | Important |
| Microsoft Exchange Server,Microsoft Exchange Server Subscription Edition RTM | CVE-2026-45502 | Microsoft Exchange Server信息泄露漏洞 | Important |
| Microsoft Exchange Server,Microsoft Exchange Server Subscription Edition RTM | CVE-2026-45503 | Microsoft Exchange Server信息泄露漏洞 | Important |
| Microsoft Exchange Server,Microsoft Exchange Server Subscription Edition RTM | CVE-2026-45504 | Microsoft Exchange Server权限提升漏洞 | Important |
| Microsoft Exchange Server,Microsoft Exchange Server Subscription Edition RTM | CVE-2026-45583 | Microsoft Exchange Server远程代码执行漏洞 | Important |
声明
本安全公告仅用来描述可能存在的安全问题,绿盟科技不为此安全公告提供任何保证或承诺。由于传播、利用此安全公告所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,绿盟科技以及安全公告作者不为此承担任何责任。
绿盟科技拥有对此安全公告的修改和解释权。如欲转载或传播此安全公告,必须保证此安全公告的完整性,包括版权声明等全部内容。未经绿盟科技允许,不得任意修改或者增减此安全公告内容,不得以任何方式将其用于商业目的。