惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Schneier on Security
F
Fortinet All Blogs
B
Blog
GbyAI
GbyAI
P
Proofpoint News Feed
量子位
The Register - Security
The Register - Security
宝玉的分享
宝玉的分享
大猫的无限游戏
大猫的无限游戏
云风的 BLOG
云风的 BLOG
V
Visual Studio Blog
B
Blog RSS Feed
WordPress大学
WordPress大学
Recorded Future
Recorded Future
Recent Announcements
Recent Announcements
V
Vulnerabilities – Threatpost
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Secure Thoughts
雷峰网
雷峰网
Stack Overflow Blog
Stack Overflow Blog
C
Cybersecurity and Infrastructure Security Agency CISA
Webroot Blog
Webroot Blog
AWS News Blog
AWS News Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
O
OpenAI News
月光博客
月光博客
H
Hacker News: Front Page
S
Security Affairs
W
WeLiveSecurity
The Hacker News
The Hacker News
aimingoo的专栏
aimingoo的专栏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Help Net Security
Help Net Security
MongoDB | Blog
MongoDB | Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
D
Docker
T
The Blog of Author Tim Ferriss
Spread Privacy
Spread Privacy
Blog — PlanetScale
Blog — PlanetScale
J
Java Code Geeks
S
Securelist
Microsoft Azure Blog
Microsoft Azure Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
A
About on SuperTechFans

SANS Internet Storm Center, InfoCON: green

From a VHDX File to a Remcos RAT - SANS Internet Storm Center ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974 Evil MSI Background: BASE64 Statistical Analysis - SANS ISC ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972 ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970 ISC Stormcast For Thursday, June 11th, 2026 https://isc.sans.edu/podcastdetail/9968 How has use of framing protection security headers changed in the past 3 years? ISC Stormcast For Wednesday, June 10th, 2026 https://isc.sans.edu/podcastdetail/9966 Microsoft June 2026 Patch Tuesday - SANS Internet Storm Center ISC Stormcast For Tuesday, June 9th, 2026 https://isc.sans.edu/podcastdetail/9964 TeamPCP Supply Chain Campaign: Activity Through 2026-06-07 ISC Stormcast For Monday, June 8th, 2026 https://isc.sans.edu/podcastdetail/9962 The Evil MSI Background is Back! - SANS Internet Storm Center ISC Stormcast For Friday, June 5th, 2026 https://isc.sans.edu/podcastdetail/9960 Microsoft's Coreutils for Windows - SANS Internet Storm Center ISC Stormcast For Thursday, June 4th, 2026 https://isc.sans.edu/podcastdetail/9958 Continuing Scans for swagger.json - SANS Internet Storm Center ISC Stormcast For Wednesday, June 3rd, 2026 https://isc.sans.edu/podcastdetail/9956 New Wave Of Phishing Emails with SVG Files - SANS ISC ISC Stormcast For Tuesday, June 2nd, 2026 https://isc.sans.edu/podcastdetail/9954 ISC Stormcast For Monday, June 1st, 2026 https://isc.sans.edu/podcastdetail/9952 Unidentified RAT pushes NetSupport RAT - SANS ISC YARA-X 1.17.0 Release - SANS Internet Storm Center ISC Stormcast For Friday, May 29th, 2026 https://isc.sans.edu/podcastdetail/9950 Analysis of a Year of Files Uploaded to DShield Sensors ISC Stormcast For Thursday, May 28th, 2026 https://isc.sans.edu/podcastdetail/9948 Reconstructing an Akira Ransomware Kill Chain from Perimeter and Endpoint Logs ISC Stormcast For Wednesday, May 27th, 2026 https://isc.sans.edu/podcastdetail/9946 ISC Stormcast For Tuesday, May 26th, 2026 https://isc.sans.edu/podcastdetail/9944 Possible ACR Stealer From Page Impersonating Claude Microsoft Access VBA - SANS Internet Storm Center Wireshark 4.6.6 Released - SANS Internet Storm Center An Example of Stack String in High Level Language - SANS ISC Cross-Platform NPM Stealer - SANS Internet Storm Center ISC Stormcast For Friday, May 22nd, 2026 https://isc.sans.edu/podcastdetail/9942 Selective HTTP Proxying in Linux - SANS Internet Storm Center ISC Stormcast For Thursday, May 21st, 2026 https://isc.sans.edu/podcastdetail/9940 ISC Stormcast For Wednesday, May 20th, 2026 https://isc.sans.edu/podcastdetail/9938 ISC Stormcast For Tuesday, May 19th, 2026 https://isc.sans.edu/podcastdetail/9936 TeamPCP Supply Chain Campaign: Activity Through 2026-05-17 [Guest Diary] New Malware Libraries means New Signatures ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934 Simple bypass of the link preview function in Outlook Junk folder ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932 [GUEST DIARY] Tearing apart website fraud to see how it works. ISC Stormcast For Wednesday, May 13th, 2026 https://isc.sans.edu/podcastdetail/9930 Proxying the Unproxyable? Sending EXE traffic to a Proxy Microsoft May 2026 Patch Tuesday - SANS Internet Storm Center ISC Stormcast For Tuesday, May 12th, 2026 https://isc.sans.edu/podcastdetail/9928 Apple Patches Everything - SANS Internet Storm Center Why we use CAPTCHAs - SANS Internet Storm Center ISC Stormcast For Monday, May 11th, 2026 https://isc.sans.edu/podcastdetail/9926 YARA-X 1.16.0 Release - SANS Internet Storm Center Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag ISC Stormcast For Friday, May 8th, 2026 https://isc.sans.edu/podcastdetail/9924 ISC Stormcast For Wednesday, May 6th, 2026 https://isc.sans.edu/podcastdetail/9920 Cleartext Passwords in MS Edge? In 2026? - SANS ISC SSL.com rotates their root certificate today - SANS ISC ISC Stormcast For Tuesday, May 5th, 2026 https://isc.sans.edu/podcastdetail/9918 TeamPCP Weekly Analysis: 2026-W18 (2026-04-27 through 2026-05-03) DShield Honeypot Update - SANS Internet Storm Center ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916 Wireshark 4.6.5 Released - SANS Internet Storm Center Malicious Ad for Homebrew Leads to MacSync Stealer ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914 ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912 Danger of Libredtail [Guest Diary] - SANS Internet Storm Center Today's Odd Web Requests - SANS Internet Storm Center ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910 HTTP Requests with X-Vercel-Set-Bypass-Cookie Header ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908 TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns ISC Stormcast For Friday, April 24th, 2026 https://isc.sans.edu/podcastdetail/9906 Apple Patches Exploited Notification Flaw - SANS ISC ISC Stormcast For Thursday, April 23rd, 2026 https://isc.sans.edu/podcastdetail/9904 ISC Stormcast For Wednesday, April 22nd, 2026 https://isc.sans.edu/podcastdetail/9902 [Guest Diary] Beyond Cryptojacking: Telegram tdata as a Credential Harvesting Vector, Lessons from a Honeypot Incident, (Wed, Apr 22nd) A .WAV With A Payload - SANS Internet Storm Center ISC Stormcast For Tuesday, April 21st, 2026 https://isc.sans.edu/podcastdetail/9900 Handling the CVE Flood With EPSS - SANS Internet Storm Center ISC Stormcast For Monday, April 20th, 2026 https://isc.sans.edu/podcastdetail/9898 ISC Stormcast For Friday, April 17th, 2026 https://isc.sans.edu/podcastdetail/9896 Lumma Stealer infection with Sectop RAT (ArechClient2) ISC Stormcast For Thursday, April 16th, 2026 https://isc.sans.edu/podcastdetail/9894 [Guest Diary] Compromised DVRs and Finding Them in the Wild ISC Stormcast For Wednesday, April 15th, 2026 https://isc.sans.edu/podcastdetail/9892 Scanning for AI Models - SANS Internet Storm Center ISC Stormcast For Tuesday, April 14th, 2026 https://isc.sans.edu/podcastdetail/9890 Scans for EncystPHP Webshell - SANS Internet Storm Center ISC Stormcast For Monday, April 13th, 2026 https://isc.sans.edu/podcastdetail/9888 Obfuscated JavaScript or Nothing - SANS Internet Storm Center ISC Stormcast For Thursday, April 9th, 2026 https://isc.sans.edu/podcastdetail/9886 Number Usage in Passwords: Take Two - SANS ISC TeamPCP Supply Chain Campaign: Update 007 - Cisco Source Code Stolen via Trivy-Linked Breach, Google GTIG Tracks TeamPCP as UNC6780, and CISA KEV Deadline Arrives with No Standalone Advisory More Honeypot Fingerprinting Scans - SANS Internet Storm Center ISC Stormcast For Wednesday, April 8th, 2026 https://isc.sans.edu/podcastdetail/9884 A Little Bit Pivoting: What Web Shells are Attackers Looking for? ISC Stormcast For Tuesday, April 7th, 2026 https://isc.sans.edu/podcastdetail/9882 How often are redirects used in phishing in 2026? - SANS ISC ISC Stormcast For Monday, April 6th, 2026 https://isc.sans.edu/podcastdetail/9880
Microsoft Patch Tuesday April 2026. - SANS ISC
SANS Internet Storm Center · 2026-04-15 · via SANS Internet Storm Center, InfoCON: green

This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening

The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge. Patches for Edge were released earlier. This leaves 165 vulnerabilities that are not Edge-related. Of these, 8 are rated critical, and 154 are important. One vulnerability has already been exploited, and another was made public before today but has not yet been seen in the wild.

Noteworthy Vulnerabilities:

CVE-2026-33827 (Windows TCP/IP Remote Code Execution Vulnerability): As a packet nerd, I love these types of vulnerabilities. Need to know more to really figure out the impact. Microsoft describes this as a race condition, allowing attackers to execute arbitrary code over the network. Exploitation is likely tricky, but never underestimate the creativity of an AI aided attacker.

CVE-2026-33825 (Microsoft Defender Elevation of Privilege Vulnerability): This vulnerability has already been disclosed. 

CVE-2026-32201 (Microsoft SharePoint Server Spoofing Vulnerability): Two similar SharePoint server spoofing vulnerabilities were patched this month. Both are rated important, and this particular one is already being exploited. 

CVE-2026-33826 (Windows Active Directory Remote Code Execution Vulnerability): CVSS score of "only" 8.0, but critical according to Microsoft. 

CVE-2026-32190 (Microsoft Office Remote Code Execution Vulnerability): Standard fair for every monthly patch Tuesday. These are often the more worrisome vulnerabilities. Two additional critical RCE vulnerabilities affect Word (CVE-2026-33114, CVE-2026-33115). 

CVE-2026-32157 (Remote Desktop Client Remote Code Execution Vulnerability): Typically, these vulnerabilities require a user to connect to a malicious RDP server, but connections may be initiated by clicking on an "rdp:" link.

CVE-2026-33824 (Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability): IKE, part of IPSEC, is usually not enabled by default. It isn't clear yet what the exact exploitation requirements are (will update once MSFT's page responds again)

CVE-2026-23666 (.NET Framework Denial of Service Vulnerability): Just a denial of service. Not sure why this deserved "critical".

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Denial of Service Vulnerability
CVE-2026-26171 No No - - Important 7.5 6.5
.NET Framework Denial of Service Vulnerability
CVE-2026-32226 No No - - Important 5.9 5.2
CVE-2026-23666 No No - - Critical 7.5 6.7
.NET Spoofing Vulnerability
CVE-2026-32178 No No - - Important 7.5 6.5
.NET and Visual Studio Denial of Service Vulnerability
CVE-2026-32203 No No - - Important 7.5 6.5
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2026-33116 No No - - Important 7.5 6.5
Active Directory Spoofing Vulnerability
CVE-2026-32072 No No - - Important 6.2 5.4
Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability
CVE-2026-25184 No No - - Important 7.0 6.1
Azure Logic Apps Elevation of Privilege Vulnerability
CVE-2026-32171 No No - - Important 8.8 7.7
Azure Monitor Agent Elevation of Privilege Vulnerability
CVE-2026-32168 No No - - Important 7.8 6.8
CVE-2026-32192 No No - - Important 7.8 6.8
Chromium: CVE-2026-5272 Heap buffer overflow in GPU
CVE-2026-5272 No No - - -    
Chromium: CVE-2026-5273 Use after free in CSS
CVE-2026-5273 No No - - -    
Chromium: CVE-2026-5274 Integer overflow in Codecs
CVE-2026-5274 No No - - -    
Chromium: CVE-2026-5275 Heap buffer overflow in ANGLE
CVE-2026-5275 No No - - -    
Chromium: CVE-2026-5276 Insufficient policy enforcement in WebUSB
CVE-2026-5276 No No - - -    
Chromium: CVE-2026-5277 Integer overflow in ANGLE
CVE-2026-5277 No No - - -    
Chromium: CVE-2026-5279 Object corruption in V8
CVE-2026-5279 No No - - -    
Chromium: CVE-2026-5280 Use after free in WebCodecs
CVE-2026-5280 No No - - -    
Chromium: CVE-2026-5281 Use after free in Dawn
CVE-2026-5281 No No - - -    
Chromium: CVE-2026-5283 Inappropriate implementation in ANGLE
CVE-2026-5283 No No - - -    
Chromium: CVE-2026-5284 Use after free in Dawn
CVE-2026-5284 No No - - -    
Chromium: CVE-2026-5285 Use after free in WebGL
CVE-2026-5285 No No - - -    
Chromium: CVE-2026-5286 Use after free in Dawn
CVE-2026-5286 No No - - -    
Chromium: CVE-2026-5287 Use after free in PDF
CVE-2026-5287 No No - - -    
Chromium: CVE-2026-5289 Use after free in Navigation
CVE-2026-5289 No No - - -    
Chromium: CVE-2026-5290 Use after free in Compositing
CVE-2026-5290 No No - - -    
Chromium: CVE-2026-5291 Inappropriate implementation in WebGL
CVE-2026-5291 No No - - -    
Chromium: CVE-2026-5292 Out of bounds read in WebCodecs
CVE-2026-5292 No No - - -    
Chromium: CVE-2026-5858 Heap buffer overflow in WebML
CVE-2026-5858 No No - - -    
Chromium: CVE-2026-5859 Integer overflow in WebML
CVE-2026-5859 No No - - -    
Chromium: CVE-2026-5860 Use after free in WebRTC
CVE-2026-5860 No No - - -    
Chromium: CVE-2026-5861 Use after free in V8
CVE-2026-5861 No No - - -    
Chromium: CVE-2026-5862 Inappropriate implementation in V8
CVE-2026-5862 No No - - -    
Chromium: CVE-2026-5863 Inappropriate implementation in V8
CVE-2026-5863 No No - - -    
Chromium: CVE-2026-5864 Heap buffer overflow in WebAudio
CVE-2026-5864 No No - - -    
Chromium: CVE-2026-5865 Type Confusion in V8
CVE-2026-5865 No No - - -    
Chromium: CVE-2026-5866 Use after free in Media
CVE-2026-5866 No No - - -    
Chromium: CVE-2026-5867 Heap buffer overflow in WebML
CVE-2026-5867 No No - - -    
Chromium: CVE-2026-5868 Heap buffer overflow in ANGLE
CVE-2026-5868 No No - - -    
Chromium: CVE-2026-5869 Heap buffer overflow in WebML
CVE-2026-5869 No No - - -    
Chromium: CVE-2026-5870 Integer overflow in Skia
CVE-2026-5870 No No - - -    
Chromium: CVE-2026-5871 Type Confusion in V8
CVE-2026-5871 No No - - -    
Chromium: CVE-2026-5872 Use after free in Blink
CVE-2026-5872 No No - - -    
Chromium: CVE-2026-5873 Out of bounds read and write in V8
CVE-2026-5873 No No - - -    
Chromium: CVE-2026-5874 Use after free in PrivateAI
CVE-2026-5874 No No - - -    
Chromium: CVE-2026-5875 Policy bypass in Blink
CVE-2026-5875 No No - - -    
Chromium: CVE-2026-5876 Side-channel information leakage in Navigation
CVE-2026-5876 No No - - -    
Chromium: CVE-2026-5877 Use after free in Navigation
CVE-2026-5877 No No - - -    
Chromium: CVE-2026-5878 Incorrect security UI in Blink
CVE-2026-5878 No No - - -    
Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE
CVE-2026-5879 No No - - -    
Chromium: CVE-2026-5880 Incorrect security UI in browser UI
CVE-2026-5880 No No - - -    
Chromium: CVE-2026-5881 Policy bypass in LocalNetworkAccess
CVE-2026-5881 No No - - -    
Chromium: CVE-2026-5882 Incorrect security UI in Fullscreen
CVE-2026-5882 No No - - -    
Chromium: CVE-2026-5883 Use after free in Media
CVE-2026-5883 No No - - -    
Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media
CVE-2026-5884 No No - - -    
Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML
CVE-2026-5885 No No - - -    
Chromium: CVE-2026-5886 Out of bounds read in WebAudio
CVE-2026-5886 No No - - -    
Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads
CVE-2026-5887 No No - - -    
Chromium: CVE-2026-5888 Uninitialized Use in WebCodecs
CVE-2026-5888 No No - - -    
Chromium: CVE-2026-5889 Cryptographic Flaw in PDFium
CVE-2026-5889 No No - - -    
Chromium: CVE-2026-5890 Race in WebCodecs
CVE-2026-5890 No No - - -    
Chromium: CVE-2026-5891 Insufficient policy enforcement in browser UI
CVE-2026-5891 No No - - -    
Chromium: CVE-2026-5892 Insufficient policy enforcement in PWAs
CVE-2026-5892 No No - - -    
Chromium: CVE-2026-5893 Race in V8
CVE-2026-5893 No No - - -    
Chromium: CVE-2026-5894 Inappropriate implementation in PDF
CVE-2026-5894 No No - - -    
Chromium: CVE-2026-5895 Incorrect security UI in Omnibox
CVE-2026-5895 No No - - -    
Chromium: CVE-2026-5896 Policy bypass in Audio
CVE-2026-5896 No No - - -    
Chromium: CVE-2026-5897 Incorrect security UI in Downloads
CVE-2026-5897 No No - - -    
Chromium: CVE-2026-5898 Incorrect security UI in Omnibox
CVE-2026-5898 No No - - -    
Chromium: CVE-2026-5899 Incorrect security UI in History Navigation
CVE-2026-5899 No No - - -    
Chromium: CVE-2026-5900 Policy bypass in Downloads
CVE-2026-5900 No No - - -    
Chromium: CVE-2026-5901 Policy bypass in DevTools
CVE-2026-5901 No No - - -    
Chromium: CVE-2026-5902 Race in Media
CVE-2026-5902 No No - - -    
Chromium: CVE-2026-5903 Policy bypass in IFrameSandbox
CVE-2026-5903 No No - - -    
Chromium: CVE-2026-5904 Use after free in V8
CVE-2026-5904 No No - - -    
Chromium: CVE-2026-5905 Incorrect security UI in Permissions
CVE-2026-5905 No No - - -    
Chromium: CVE-2026-5906 Incorrect security UI in Omnibox
CVE-2026-5906 No No - - -    
Chromium: CVE-2026-5907 Insufficient data validation in Media
CVE-2026-5907 No No - - -    
Chromium: CVE-2026-5908 Integer overflow in Media
CVE-2026-5908 No No - - -    
Chromium: CVE-2026-5909 Integer overflow in Media
CVE-2026-5909 No No - - -    
Chromium: CVE-2026-5910 Integer overflow in Media
CVE-2026-5910 No No - - -    
Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers
CVE-2026-5911 No No - - -    
Chromium: CVE-2026-5912 Integer overflow in WebRTC
CVE-2026-5912 No No - - -    
Chromium: CVE-2026-5913 Out of bounds read in Blink
CVE-2026-5913 No No - - -    
Chromium: CVE-2026-5914 Type Confusion in CSS
CVE-2026-5914 No No - - -    
Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML
CVE-2026-5915 No No - - -    
Chromium: CVE-2026-5918 Inappropriate implementation in Navigation
CVE-2026-5918 No No - - -    
Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets
CVE-2026-5919 No No - - -    
Connected User Experiences and Telemetry Service Denial of Service Vulnerability
CVE-2026-32181 No No - - Important 5.5 4.8
Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2026-27924 No No - - Important 7.8 6.8
CVE-2026-32152 No No - - Important 7.8 6.8
CVE-2026-32154 No No - - Important 7.8 6.8
CVE-2026-27923 No No - - Important 7.8 6.8
CVE-2026-32155 No No - - Important 7.8 6.8
GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability
CVE-2026-23653 No No - - Important 5.7 5.0
HTTP.sys Denial of Service Vulnerability
CVE-2026-33096 No No - - Important 7.5 6.5
Microsoft Brokering File System Elevation of Privilege Vulnerability
CVE-2026-26181 No No - - Important 7.8 6.8
CVE-2026-32219 No No - - Important 7.0 6.1
CVE-2026-32091 No No - - Important 8.4 7.3
Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2026-26152 No No - - Important 7.0 6.1
Microsoft Defender Elevation of Privilege Vulnerability
CVE-2026-33825 Yes No - - Important 7.8 7.0
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2026-33103 No No - - Important 5.5 4.8
Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE-2026-33118 No No - - Low 4.3 3.8
Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
CVE-2026-33119 No No - - Moderate 5.4 4.7
Microsoft Excel Information Disclosure Vulnerability
CVE-2026-32188 No No - - Important 7.1 6.2
Microsoft Excel Remote Code Execution Vulnerability
CVE-2026-32189 No No - - Important 7.8 6.8
CVE-2026-32197 No No - - Important 7.8 6.8
CVE-2026-32198 No No - - Important 7.8 6.8
CVE-2026-32199 No No - - Important 7.8 6.8
Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability
CVE-2026-32184 No No - - Important 7.8 6.8
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability
CVE-2026-26155 No No - - Important 6.5 5.7
Microsoft Management Console Elevation of Privilege Vulnerability
CVE-2026-27914 No No - - Important 7.8 6.8
Microsoft Office Remote Code Execution Vulnerability
CVE-2026-32190 No No - - Critical 8.4 7.3
Microsoft Power Apps Security Feature Bypass
CVE-2026-26149 No No - - Important 9.0 7.9
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2026-32200 No No - - Important 7.8 6.8
Microsoft PowerShell Security Feature Bypass Vulnerability
CVE-2026-26143 No No - - Important 7.8 6.8
Microsoft SQL Server Remote Code Execution Vulnerability
CVE-2026-33120 No No - - Important 8.8 7.7
Microsoft SharePoint Server Spoofing Vulnerability
CVE-2026-20945 No No - - Important 4.6 4.0
CVE-2026-32201 No Yes - - Important 6.5 6.0
Microsoft Word Information Disclosure Vulnerability
CVE-2026-33822 No No - - Important 6.1 5.3
Microsoft Word Remote Code Execution Vulnerability
CVE-2026-33095 No No - - Important 7.8 6.8
CVE-2026-23657 No No - - Important 7.8 6.8
CVE-2026-33114 No No - - Critical 8.4 7.3
CVE-2026-33115 No No - - Critical 8.4 7.3
Package Catalog Information Disclosure Vulnerability
CVE-2026-32081 No No - - Important 5.5 4.8
PowerShell Elevation of Privilege Vulnerability
CVE-2026-26170 No No - - Important 7.8 6.8
Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
CVE-2026-26183 No No - - Important 7.8 6.8
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-32157 No No - - Critical 8.8 7.7
Remote Desktop Licensing Service Elevation of Privilege Vulnerability
CVE-2026-26160 No No - - Important 7.8 6.8
CVE-2026-26159 No No - - Important 7.8 6.8
Remote Desktop Spoofing Vulnerability
CVE-2026-26151 No No - - Important 7.1 6.2
Remote Procedure Call Information Disclosure Vulnerability
CVE-2026-32085 No No - - Important 5.5 4.8
SQL Server Elevation of Privilege Vulnerability
CVE-2026-32167 No No - - Important 6.7 5.8
CVE-2026-32176 No No - - Important 6.7 5.8
UEFI Secure Boot Security Feature Bypass Vulnerability
CVE-2026-0390 No No - - Important 6.7 5.8
CVE-2026-32220 No No - - Important 4.4 3.9
Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability
CVE-2026-32212 No No - - Important 5.5 4.8
CVE-2026-32214 No No - - Important 5.5 4.8
Web Account Manager Information Disclosure Vulnerability
CVE-2026-32079 No No - - Important 5.5 4.8
Win32k Elevation of Privilege Vulnerability
CVE-2026-33104 No No - - Important 7.0 6.1
Windows Active Directory Remote Code Execution Vulnerability
CVE-2026-33826 No No - - Critical 8.0 7.0
Windows Admin Center Spoofing Vulnerability
CVE-2026-32196 No No - - Important 6.1 5.3
Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability
CVE-2026-26178 No No - - Important 8.8 7.7
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-32073 No No - - Important 7.0 6.1
CVE-2026-26168 No No - - Important 7.8 6.8
CVE-2026-26173 No No - - Important 7.0 6.1
CVE-2026-26177 No No - - Important 7.0 6.1
CVE-2026-26182 No No - - Important 7.0 6.1
CVE-2026-27922 No No - - Important 7.0 6.1
CVE-2026-33099 No No - - Important 7.0 6.1
CVE-2026-33100 No No - - Important 7.0 6.1
Windows Biometric Service Security Feature Bypass Vulnerability
CVE-2026-32088 No No - - Important 6.1 5.3
Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-27913 No No - - Important 7.7 6.7
Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2026-26175 No No - - Important 4.6 4.0
Windows COM Elevation of Privilege Vulnerability
CVE-2026-32162 No No - - Important 8.4 7.3
Windows COM Server Information Disclosure Vulnerability
CVE-2026-20806 No No - - Important 5.5 4.8
Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability
CVE-2026-26176 No No - - Important 7.8 6.8
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-27926 No No - - Important 7.0 6.1
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-32070 No No - - Important 7.0 6.1
Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability
CVE-2026-33098 No No - - Important 7.8 6.8
Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability
CVE-2026-26153 No No - - Important 7.8 6.8
Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-32087 No No - - Important 7.0 6.1
CVE-2026-32093 No No - - Important 7.0 6.1
CVE-2026-32086 No No - - Important 7.0 6.1
CVE-2026-32150 No No - - Important 7.0 6.1
Windows GDI Information Disclosure Vulnerability
CVE-2026-27931 No No - - Important 5.5 4.8
CVE-2026-27930 No No - - Important 5.5 4.8
Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-32221 No No - - Important 8.4 7.3
Windows Hello Security Feature Bypass Vulnerability
CVE-2026-27906 No No - - Important 4.4 3.9
CVE-2026-27928 No No - - Important 8.7 7.6
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2026-26156 No No - - Important 7.8 6.8
CVE-2026-32149 No No - - Important 7.3 6.4
Windows Installer Elevation of Privilege Vulnerability
CVE-2026-27910 No No - - Important 7.8 6.8
Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability
CVE-2026-33824 No No - - Critical 9.8 8.5
Windows Kerberos Elevation of Privilege Vulnerability
CVE-2026-27912 No No - - Important 8.0 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-26179 No No - - Important 7.8 6.8
CVE-2026-26180 No No - - Important 7.8 6.8
CVE-2026-32195 No No - - Important 7.0 6.1
CVE-2026-26163 No No - - Important 7.8 6.8
Windows Kernel Information Disclosure Vulnerability
CVE-2026-32215 No No - - Important 5.5 4.8
CVE-2026-32217 No No - - Important 5.5 4.8
CVE-2026-32218 No No - - Important 5.5 4.8
Windows Kernel Memory Information Disclosure Vulnerability
CVE-2026-26169 No No - - Important 6.1 5.3
Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
CVE-2026-27929 No No - - Important 7.0 6.1
Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2026-32071 No No - - Important 7.5 6.5
Windows Management Services Elevation of Privilege Vulnerability
CVE-2026-20930 No No - - Important 7.8 6.8
Windows OLE Elevation of Privilege Vulnerability
CVE-2026-26162 No No - - Important 7.8 6.8
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2026-33101 No No - - Important 7.8 6.8
Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-32084 No No - - Important 5.5 4.8
Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-27927 No No - - Important 7.8 6.8
CVE-2026-26184 No No - - Important 7.8 6.8
CVE-2026-32069 No No - - Important 7.8 6.8
CVE-2026-32074 No No - - Important 7.8 6.8
CVE-2026-32078 No No - - Important 7.8 6.8
Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-26167 No No - - Important 8.8 7.7
CVE-2026-32158 No No - - Important 7.8 6.8
CVE-2026-32159 No No - - Important 7.8 6.8
CVE-2026-32160 No No - - Important 7.8 6.8
CVE-2026-26172 No No - - Important 7.8 6.8
Windows Recovery Environment Security Feature Bypass Vulnerability
CVE-2026-20928 No No - - Important 4.6 4.0
Windows Redirected Drive Buffering System Denial of Service Vulnerability
CVE-2026-32216 No No - - Important 5.5 4.8
Windows Search Service Elevation of Privilege Vulnerability
CVE-2026-27909 No No - - Important 7.8 6.8
Windows Sensor Data Service Elevation of Privilege Vulnerability
CVE-2026-26161 No No - - Important 7.8 6.8
Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability
CVE-2026-26174 No No - - Important 7.0 6.1
CVE-2026-32224 No No - - Important 7.0 6.1
Windows Server Update Service (WSUS) Tampering Vulnerability
CVE-2026-26154 No No - - Important 7.5 6.5
Windows Shell Elevation of Privilege Vulnerability
CVE-2026-26165 No No - - Important 7.0 6.1
CVE-2026-26166 No No - - Important 7.0 6.1
CVE-2026-27918 No No - - Important 7.8 6.8
Windows Shell Information Disclosure Vulnerability
CVE-2026-32151 No No - - Important 6.5 5.7
Windows Shell Security Feature Bypass Vulnerability
CVE-2026-32225 No No - - Important 8.8 7.7
Windows Shell Spoofing Vulnerability
CVE-2026-32202 No No - - Important 4.3 3.8
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
CVE-2026-32082 No No - - Important 7.0 6.1
CVE-2026-32083 No No - - Important 7.0 6.1
CVE-2026-32068 No No - - Important 7.0 6.1
Windows Snipping Tool Remote Code Execution Vulnerability
CVE-2026-32183 No No - - Important 7.8 6.8
Windows Snipping Tool Spoofing Vulnerability
CVE-2026-33829 No No - - Moderate 4.3 3.8
Windows Speech Brokered Api Elevation of Privilege Vulnerability
CVE-2026-32089 No No - - Important 7.8 6.8
CVE-2026-32090 No No - - Important 7.8 6.8
Windows Speech Runtime Elevation of Privilege Vulnerability
CVE-2026-32153 No No - - Important 7.8 6.8
Windows Storage Spaces Controller Elevation of Privilege Vulnerability
CVE-2026-27907 No No - - Important 7.8 6.8
CVE-2026-32076 No No - - Important 7.8 6.8
Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-33827 No No - - Critical 8.1 7.1
Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability
CVE-2026-27908 No No - - Important 7.0 6.1
CVE-2026-27921 No No - - Important 7.0 6.1
Windows UPnP Device Host Elevation of Privilege Vulnerability
CVE-2026-27915 No No - - Important 7.8 6.8
CVE-2026-27919 No No - - Important 7.8 6.8
CVE-2026-32075 No No - - Important 7.0 6.1
CVE-2026-27916 No No - - Important 7.8 6.8
CVE-2026-27920 No No - - Important 7.8 6.8
CVE-2026-32077 No No - - Important 7.8 6.8
Windows UPnP Device Host Information Disclosure Vulnerability
CVE-2026-27925 No No - - Important 6.5 5.7
Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-32156 No No - - Important 7.4 6.4
Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability
CVE-2026-32223 No No - - Important 6.8 5.9
Windows User Interface Core Elevation of Privilege Vulnerability
CVE-2026-32165 No No - - Important 7.8 6.8
CVE-2026-27911 No No - - Important 7.8 6.8
CVE-2026-32163 No No - - Important 7.8 6.8
CVE-2026-32164 No No - - Important 7.8 6.8
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
CVE-2026-23670 No No - - Important 5.7 5.0
Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability
CVE-2026-27917 No No - - Important 7.0 6.1
Windows WalletService Elevation of Privilege Vulnerability
CVE-2026-32080 No No - - Important 7.0 6.1
Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-32222 No No - - Important 7.8 6.8

--
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|