政府电脑保安事故协调中心 - 保安警报 (A26-05-17): Microsoft 产品多个漏洞 (2026年5月)

描述:

Microsoft 发布了安全性更新，以应对影响数个 Microsoft 产品或元件的多个漏洞。有关安全性更新的列表，请参考以下网址:
https://msrc.microsoft.com/update-guide/releaseNote/2026-May

受影响的系统:

Windows 10、11、11 version 26H1
Windows Server 2012、2012 R2、2016、2019、2022、23H2 Edition、2025
Microsoft Word、Excel 2016
Microsoft Word、Excel、PowerPoint for Android
Microsoft Office 2016、2019、LTSC 2021、LTSC 2024
Microsoft Office for Android
Microsoft Office LTSC for Mac 2021、2024
Microsoft 365 Apps for Enterprise
Microsoft 365 Copilot
Microsoft 365 Copilot for Android
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019
Microsoft SharePoint Server Subscription Edition
Microsoft SQL Server 2016、2017、2019、2022、2025
Microsoft Visual Studio 2017、2019、2022、2026
Microsoft Visual Studio Code
Microsoft Visual Studio Code - Live Preview extension
Microsoft .NET Framework 3.5、4.6.2、4.7、4.7.1、4.7.2、4.8 及 4.8.1
安装了 .NET 8.0、.NET 9.0 及 .NET 10.0 的 Linux、Mac OS 及 Windows
Microsoft Dynamics 365
Microsoft Dynamics 365 Business Central 2024 Release Wave 2
Microsoft Dynamics 365 Business Central 2026 Release Wave 1
Microsoft Dynamics 365 Business Central Release Wave 1 2025
Microsoft Dynamics 365 Business Central Release Wave 2 2025
Microsoft Confluence SAML SSO plugin
Microsoft Data Formulator
Microsoft JIRA SAML SSO plugin
Microsoft Teams
Office Online Server
Power Automate
Windows Admin Center

有关受影响系统的详细资料，请参阅供应商网站的相应安全公告。

影响:

成功利用漏洞可以导致受影响的系统发生远端执行程式码、服务被拒绝、权限提升、泄漏资讯、绕过保安限制、仿冒诈骗或篡改，视乎攻击者利用哪个漏洞而定。

建议:

受影响产品的修补程式可在 Windows Update 或 Microsoft Update Catalog 获取。受影响系统的用户应遵从产品供应商的建议，立即採取行动以降低风险。

进一步资讯:

https://msrc.microsoft.com/update-guide/releaseNote/2026-May
https://www.hkcert.org/tc/security-bulletin/microsoft-monthly-security-update-may-2026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54518
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-21530
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32161
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32185
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32209
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33110
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33112
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33834 (to CVE-2026-33835)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33837 (to CVE-2026-33841)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34329 (to CVE-2026-34334)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34336 (to CVE-2026-34345)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34350 (to CVE-2026-34351)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35415 (to CVE-2026-35424)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35433
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35436
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-35438 (to CVE-2026-35440)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40357 (to CVE-2026-40370)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40374
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40377
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40380
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40382
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40397 (to CVE-2026-40399)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40401 (to CVE-2026-40403)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40405 (to CVE-2026-40408)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40410
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40413 (to CVE-2026-40415)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40417 (to CVE-2026-40421)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41086
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41088 (to CVE-2026-41089)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41094 (to CVE-2026-41097)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41100 (to CVE-2026-41103)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41610 (to CVE-2026-41614)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42831 (to CVE-2026-42833)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42896
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42898 (to CVE-2026-42899)

标签 : Microsoft , Windows , Windows Server , Microsoft Office , Word , Excel , PowerPoint , Microsoft 365 Apps , Microsoft 365 Copilot , SharePoint , SQL Server , Visual Studio , Visual Studio Code , .NET , Dynamics 365 , Microsoft Confluence , Microsoft Data Formulator , JIRA , Microsoft Teams , Office Online Server , Power Automate , Windows Admin Center