آپدیت ماه می 2026 مایکروسافت با رفع 120 آسیب پذیری منتشر شده است که از بین آنها 17 آسیب پذیری حیاتی (14 آسیب پذیری اجرای کد از راه دور، 2 آسیب پذیری ارتقا سطح امتیازات و یک آسیب پذیری افشای اطلاعات) مورد توجه است.
تعداد آسیب پذیری ها در هر دسته به شکل زیر است:
- 61 Elevation of Privilege Vulnerabilities
- 6 Security Feature Bypass Vulnerabilities
- 31 Remote Code Execution Vulnerabilities
- 14 Information Disclosure Vulnerabilities
- 8 Denial of Service Vulnerabilities
- 13 Spoofing Vulnerabilities
در آپدیت این ماه، آسیب پذیری Zero-day ای وجود نداشته اما آسیب پذیری هایی وجود دارد که نیازمند توجه مدیران IT و امنیت می باشد.
بخشی از آسیب پذیری های رفع شده در این آپدیت مربوط به آسیب پذیری های موجود در مایکروسافت آفیس، ورد و اکسل است که می تواند منجر به اجرای کد از راه دور شود. این آسیب پذیری ها با باز کردن فایل های مخرب و همچنین پیش نمایش فایل مورد بهره برداری قرار میگیرد بنابراین اکیدا توصیه شده است که در اولین فرصت ممکن مایکروسافت آفیس سیستم ها آپدیت شوند مخصوصا سیستم هایی که به طور مداوم فایل های ضمیمه دریافت می کنند.
سایر آسیب پذیری های قابل توجه:
CVE-2026-35421 – Windows GDI Remote Code Execution Vulnerability
این آسیب پذیری می تواند با باز کردن یک فایل مخرب EMF در Microsoft Paint مورد بهره برداری قرار گیرد.
CVE-2026-40365 – Microsoft SharePoint Server Remote Code Execution Vulnerability
یک مهاجم احراز هویت شده می تواند حمله ای مبتنی بر شبکه اجرا کرده تا کدهای از راه دور را روی سرور SharePoint اجرا کند.
CVE-2026-41096 – Windows DNS Client Remote Code Execution Vulnerability
یک سرور DNS تحت کنترل مهاجم می تواند درخواست های DNS جعلی خاصی را به سیستم ویندوزی آسیب پذیر ارسال کرده و باعث اشغال حافظه می شود. این کار به مهاجم امکان اجرای کد از راه دور روی سیستم آسیب پذیر را خواهد داد.
آپدیت های منتشر شده توسط سایر شرکتها
- Adobe has released security updates for After Effects, Premiere Pro, Media Encoder, Commerce, Illustrator, and more.
- AMD disclosed updates for an elevation of privileges vulnerability in the CPU operation (op/µop) cache on Zen 2 based.
- Apple released security updates for macOS, iOS, watchOS, iPadOS, visionOS, and tvOS.
- Cisco released security updates for numerous products, including a DoS flaw that requires manual rebooting of affected systems for recovery.
- Fortinet released security updates for two critical flaws in FortiSandbox and FortiAuthenticator.
- Google released Android’s May security bulletin, which fixes 10 vulnerabilities.
- Ivanti released security updates for a high-severity Endpoint Manager Mobile (EPMM) remote code execution vulnerability, which was exploited in zero-day attacks.
- Mozilla released security updates for five Firefox vulnerabilities.
- Palo Alto Networks warned of a critical PAN-OS User-ID Authentication Portal flaw that was exploited in attacks as a zero-day. Patches have still not been released, but mitigations are available.
- SAP released the May security updates, which include fixes for one high-severity and two Critical flaws.
- vm2 released security updates for a critical vulnerability in the popular Node.js sandboxing library.
لیست کامل آپدیت ماه می 2026 مایکروسافت
|
Tag |
CVE ID | CVE Title | Severity |
| .NET | CVE-2026-35433 | .NET Elevation of Privilege Vulnerability | Important |
| .NET | CVE-2026-32177 | .NET Elevation of Privilege Vulnerability | Important |
| .NET | CVE-2026-32175 | .NET Core Tampering Vulnerability | Important |
| AMD CPU Branch | CVE-2025-54518 | AMD: CVE-2025-54518 CPU OP Cache Corruption | Important |
| ASP.NET Core | CVE-2026-42899 | ASP.NET Core Denial of Service Vulnerability | Important |
| Azure Connected Machine Agent | CVE-2026-40381 | Azure Connected Machine Agent Elevation of Privilege Vulnerability | Important |
| Azure Logic Apps | CVE-2026-42823 | Azure Logic Apps Elevation of Privilege Vulnerability | Important |
| Azure Machine Learning | CVE-2026-33833 | Azure Machine Learning Notebook Spoofing Vulnerability | Important |
| Azure Monitor Agent | CVE-2026-32204 | Azure Monitor Agent Elevation of Privilege Vulnerability | Important |
| Azure Monitor Agent | CVE-2026-42830 | Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability | Important |
| Azure SDK | CVE-2026-33117 | Azure SDK for Java Security Feature Bypass Vulnerability | Important |
| Data Deduplication | CVE-2026-41095 | Data Deduplication Elevation of Privilege Vulnerability | Important |
| Dynamics Business Central | CVE-2026-40417 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Important |
| GitHub Copilot and Visual Studio | CVE-2026-41109 | GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability | Important |
| M365 Copilot | CVE-2026-41100 | Microsoft 365 Copilot for Android Spoofing Vulnerability | Important |
| M365 Copilot | CVE-2026-42893 | Microsoft Outlook for iOS Tampering Vulnerability | Important |
| M365 Copilot | CVE-2026-26164 | M365 Copilot Information Disclosure Vulnerability | Critical |
| M365 Copilot for Desktop | CVE-2026-41614 | M365 Copilot for Desktop Spoofing Vulnerability | Important |
| Microsoft Data Formulator | CVE-2026-41094 | Microsoft Data Formulator Remote Code Execution Vulnerability | Important |
| Microsoft Dynamics 365 (on-premises) | CVE-2026-42898 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | Critical |
| Microsoft Dynamics 365 (on-premises) | CVE-2026-42833 | Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | Important |
| Microsoft Office | CVE-2026-42832 | Microsoft Office Spoofing Vulnerability | Important |
| Microsoft Office | CVE-2026-42831 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-40363 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office | CVE-2026-40419 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office | CVE-2026-40358 | Microsoft Office Remote Code Execution Vulnerability | Critical |
| Microsoft Office Click-To-Run | CVE-2026-35436 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office Click-To-Run | CVE-2026-40420 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office Click-To-Run | CVE-2026-40418 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-40360 | Microsoft Excel Information Disclosure Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-40362 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office Excel | CVE-2026-40359 | Microsoft Excel Remote Code Execution Vulnerability | Important |
| Microsoft Office PowerPoint | CVE-2026-41102 | Microsoft PowerPoint for Android Spoofing Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-40368 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-35439 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-33112 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-40365 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Critical |
| Microsoft Office SharePoint | CVE-2026-40357 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office SharePoint | CVE-2026-33110 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Important |
| Microsoft Office Word | CVE-2026-40361 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-40367 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-35440 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office Word | CVE-2026-40421 | Microsoft Word Information Disclosure Vulnerability | Important |
| Microsoft Office Word | CVE-2026-41101 | Microsoft Word for Android Spoofing Vulnerability | Important |
| Microsoft Office Word | CVE-2026-40366 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft Office Word | CVE-2026-40364 | Microsoft Word Remote Code Execution Vulnerability | Critical |
| Microsoft SSO Plugin for Jira & Confluence | CVE-2026-41103 | Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability | Critical |
| Microsoft Teams | CVE-2026-32185 | Microsoft Teams Spoofing Vulnerability | Important |
| Microsoft Windows DNS | CVE-2026-41096 | Windows DNS Client Remote Code Execution Vulnerability | Critical |
| Power Automate | CVE-2026-40374 | Microsoft Power Automate Desktop Information Disclosure Vulnerability | Important |
| SQL Server | CVE-2026-40370 | SQL Server Remote Code Execution Vulnerability | Important |
| Telnet Client | CVE-2026-35423 | Windows 11 Telnet Client Information Disclosure Vulnerability | Important |
| Visual Studio Code | CVE-2026-41613 | Visual Studio Code Elevation of Privilege Vulnerability | Important |
| Visual Studio Code | CVE-2026-41612 | Visual Studio Code Information Disclosure Vulnerability | Important |
| Visual Studio Code | CVE-2026-41610 | Visual Studio Code Security Feature Bypass Vulnerability | Important |
| Visual Studio Code | CVE-2026-41611 | Visual Studio Code Remote Code Execution Vulnerability | Important |
| Windows Admin Center | CVE-2026-41086 | Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability | Important |
| Windows Admin Center | CVE-2026-35438 | Windows Admin Center Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-35416 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-41088 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-34345 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Ancillary Function Driver for WinSock | CVE-2026-34344 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | Important |
| Windows Application Identity (AppID) Subsystem | CVE-2026-34343 | Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2026-34337 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2026-35418 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Cloud Files Mini Filter Driver | CVE-2026-33835 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2026-40397 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Common Log File System Driver | CVE-2026-40407 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
| Windows Cryptographic Services | CVE-2026-40377 | Microsoft Cryptographic Services Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2026-34336 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows DWM Core Library | CVE-2026-42896 | Windows DWM Core Library Elevation of Privilege Vulnerability | Important |
| Windows DWM Core Library | CVE-2026-35419 | Windows DWM Core Library Information Disclosure Vulnerability | Important |
| Windows Event Logging Service | CVE-2026-33834 | Windows Event Logging Service Elevation of Privilege Vulnerability | Important |
| Windows Filtering Platform (WFP) | CVE-2026-32209 | Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability | Important |
| Windows GDI | CVE-2026-35421 | Windows GDI Remote Code Execution Vulnerability | Critical |
| Windows Hyper-V | CVE-2026-40402 | Windows Hyper-V Elevation of Privilege Vulnerability | Critical |
| Windows Internet Key Exchange (IKE) Protocol | CVE-2026-35424 | Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability | Important |
| Windows Kernel | CVE-2026-40369 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-33841 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel | CVE-2026-35420 | Windows Kernel Elevation of Privilege Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2026-34332 | Windows Kernel-Mode Driver Remote Code Execution Vulnerability | Important |
| Windows Kernel-Mode Drivers | CVE-2026-40408 | Windows WAN ARP Driver Elevation of Privilege Vulnerability | Important |
| Windows LDAP – Lightweight Directory Access Protocol | CVE-2026-34339 | Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | Important |
| Windows Link-Layer Discovery Protocol (LLDP) | CVE-2026-34341 | Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability | Important |
| Windows Message Queuing | CVE-2026-34329 | Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | Important |
| Windows Message Queuing | CVE-2026-33838 | Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability | Important |
| Windows Native WiFi Miniport Driver | CVE-2026-32161 | Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability | Critical |
| Windows Netlogon | CVE-2026-41089 | Windows Netlogon Remote Code Execution Vulnerability | Critical |
| Windows Print Spooler Components | CVE-2026-34342 | Windows Print Spooler Elevation of Privilege Vulnerability | Important |
| Windows Projected File System | CVE-2026-34340 | Windows Projected File System Elevation of Privilege Vulnerability | Important |
| Windows Remote Desktop | CVE-2026-40398 | Windows Remote Desktop Services Elevation of Privilege Vulnerability | Important |
| Windows Rich Text Edit | CVE-2026-21530 | Windows Rich Text Edit Elevation of Privilege Vulnerability | Important |
| Windows Rich Text Edit Control | CVE-2026-32170 | Windows Rich Text Edit Elevation of Privilege Vulnerability | Important |
| Windows Secure Boot | CVE-2026-41097 | Secure Boot Security Feature Bypass Vulnerability | Important |
| Windows SMB Client | CVE-2026-40410 | Windows SMB Client Elevation of Privilege Vulnerability | Important |
| Windows Storage Spaces Controller | CVE-2026-35415 | Windows Storage Spaces Controller Elevation of Privilege Vulnerability | Important |
| Windows Storport Miniport Driver | CVE-2026-34350 | Windows Storport Miniport Driver Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-34351 | Windows TCP/IP Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-33837 | Windows TCP/IP Local Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40406 | Windows TCP/IP Information Disclosure Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40414 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-34334 | Windows TCP/IP Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40399 | Windows TCP/IP Elevation of Privilege Vulnerability | Important |
| Windows TCP/IP | CVE-2026-35422 | Windows TCP/IP Driver Security Feature Bypass Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40413 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40415 | Windows TCP/IP Remote Code Execution Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40401 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows TCP/IP | CVE-2026-40405 | Windows TCP/IP Denial of Service Vulnerability | Important |
| Windows Telephony Service | CVE-2026-40382 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Telephony Service | CVE-2026-34338 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Telephony Service | CVE-2026-42825 | Windows Telephony Service Elevation of Privilege Vulnerability | Important |
| Windows Volume Manager Extension Driver | CVE-2026-40380 | Windows Volume Manager Extension Driver Remote Code Execution Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-33839 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-40403 | Windows Graphics Component Remote Code Execution Vulnerability | Critical |
| Windows Win32K – GRFX | CVE-2026-34347 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-34333 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-34330 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – GRFX | CVE-2026-34331 | Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2026-35417 | Windows Win32k Elevation of Privilege Vulnerability | Important |
| Windows Win32K – ICOMP | CVE-2026-33840 | Win32k Elevation of Privilege Vulnerability | Important |
منبع: