政府電腦保安事故協調中心 - 高危保安警報 (A26-06-18): Microsoft 產品多個漏洞 (2026年6月)

描述:

Microsoft 發布了安全性更新，以應對影響數個 Microsoft 產品或元件的多個漏洞。有關安全性更新的列表，請參考以下網址:
https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun

有報告指一個繞過保安限制漏洞 (CVE-2026-45585，稱為「YellowKey」) 的概念驗證 (PoC) 程式碼已被公開，亦正處於被攻擊的高風險。受影響系統的系統管理員應遵從供應商的建議，立即採取行動以降低風險。

受影響的系統:

Microsoft Edge 149.0.4022.53之前的版本
Windows 10、11、11 version 24H2、25H2、26H1
Windows App Client
Windows Narrator Braille
Windows Server 2004、2012、2012 R2、2016、2019、2022、2025
Microsoft Office 2016、2019、LTSC 2021、LTSC 2024、LTSC for Mac 2021、LTSC for Mac 2024、Office 365 for Mac
Office Online Server
Microsoft Word、Excel 2016
Microsoft Word、Excel、PowerPoint (Android)
Microsoft 365 Apps for Enterprise
Microsoft Exchange Server 2016、2019、Subscription Edition RTM
Microsoft SharePoint Enterprise Server 2016
Microsoft SharePoint Server 2019、Subscription Edition
Microsoft Visual Studio 2026
Microsoft Visual Studio Code CoPilot Chat Extension
安裝了 .NET 8.0、9.0、10.0 的 Linux、Mac OS 及 Windows
ASP.NET Core 8.0、9.0、10.0
Microsoft Bing Search (Android)
Microsoft Teams
Visual Studio Code
Linux 核心 - Microsoft MANA Network Driver
Microsoft Defender for Endpoint (Mac)
Microsoft Dynamics 365
Microsoft Live Share Canvas SDK
Microsoft PC Manager
Microsoft PowerToys
Nuance PowerScribe 360 4.0
Nuance PowerScribe One 2019.1 至 2019.10
PowerScribe One 2023.1 SP2 Patch 11、2023.1 SP3 Patch 6
Remote Desktop client

有關受影響系統的詳細資料，請參閱供應商網站的相應安全公告。

影響:

成功利用漏洞可以導致受影響的系統發生遠端執行程式碼、服務被拒絕、權限提升、泄漏資訊、繞過保安限制、仿冒詐騙或篡改。

建議:

受影響產品的修補程式可在 Windows Update 或 Microsoft Update Catalog 獲取。受影響系統的用戶應遵從產品供應商的建議，立即採取行動以降低風險。

進一步資訊:

https://msrc.microsoft.com/update-guide/releaseNote/2026-Jun
https://www.hkcert.org/tc/security-bulletin/microsoft-monthly-security-update-june-2026
https://www.hkcert.org/tc/security-bulletin/microsoft-edge-multiple-vulnerabilities_20260610
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-8863
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10923
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-10984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11012
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11019
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11034 (to CVE-2026-11035)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11045
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11064 (to CVE-2026-11065)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11072
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11077
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11080
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11082
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11097
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11119
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11127
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11131
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11148
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11163
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11215
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11247
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11263
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11270
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11290 (to CVE-2026-11291)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-11297
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26142
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34335
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40371
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40376
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40404
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40409
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41108
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42828 (to CVE-2026-42829)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42835 (to CVE-2026-42837)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42902 (to CVE-2026-42916)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42968 (to CVE-2026-42974)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42977 (to CVE-2026-42981)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42983 (to CVE-2026-42987)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42989
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42991 (to CVE-2026-42993)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44801 (to CVE-2026-44805)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44807 (to CVE-2026-44815)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-44817 (to CVE-2026-44824)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45453 (to CVE-2026-45469)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45471 (to CVE-2026-45472)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45474 (to CVE-2026-45476)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45479
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45481 (to CVE-2026-45487)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45490 (to CVE-2026-45491)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45500 (to CVE-2026-45504)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45585 (to CVE-2026-45586)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45588
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45591 (to CVE-2026-45608)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45634 (to CVE-2026-45645)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45647 (to CVE-2026-45650)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-45653 (to CVE-2026-45658)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47281
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47284
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47287 (to CVE-2026-47289)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47291 (to CVE-2026-47293)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47298
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47631
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47634 (to CVE-2026-47641)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47648
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47652 (to CVE-2026-47654)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48560
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48562 (to CVE-2026-48563)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48565 (to CVE-2026-48566)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48568 (to CVE-2026-48570)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48573 (to CVE-2026-48576)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48583
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-49160 (to CVE-2026-49161)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50507 (to CVE-2026-50508)
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-50511 (to CVE-2026-50512)

標籤 : Microsoft , Edge , Windows , Windows Server , Microsoft Office , Office Online Server , Word , Excel , PowerPoint , Microsoft 365 Apps , Microsoft Exchange Server , SharePoint , Visual Studio , .NET , Microsoft Bing Search , Microsoft Teams , Visual Studio Code , Microsoft MANA Network Driver , Microsoft Defender , Dynamics 365 , Microsoft Live Share Canvas , PC Manager , PowerToys , PowerScribe , Remote Desktop