预警背景:
2026 年 4 月,监测到 Microsoft 官方发布了 4 月安全更新,共发布165 个漏洞的补丁信息:93个特权提升类漏洞,20个信息泄漏类漏洞,20个远程执行代码类漏洞,12个安全功能绕过类漏洞,10个欺骗类漏洞,9个拒绝服务类漏洞,1个篡改类漏洞,在此次更新的补丁中,有8个漏洞被微软标记为严重漏洞,且部分漏洞存在在野利用。
预警描述:
本次微软安全更新涉及组件包括:.NET, .NET and Visual Studio,.NET Framework,Applocker Filter Driver (applockerfltr.sys),Azure Logic Apps,Azure Monitor Agent,Desktop Window Manager,Function Discovery Service (fdwsd.dll),GitHub Copilot and Visual Studio Code,Microsoft Brokering File System,Microsoft Defender,Microsoft Dynamics 365 (on-premises),Microsoft Edge (Chromium-based),Microsoft Graphics Component,Microsoft High Performance Compute Pack (HPC),Microsoft Management Console,Microsoft Office,Microsoft Office Excel等多个组件。其中部分重要漏洞描述如下:
1、.NET Framework 拒绝服务漏洞(CVE-2026-23666)
该漏洞是由于 .NET Framework 存在输入验证不严格,因此未授权的攻击者可利用该漏洞发起拒绝服务攻击。
2、Remote Desktop Client 远程代码执行漏洞(CVE-2026-32157)
该漏洞是由于 Remote Desktop Client 存在释放后重用漏洞,当受害者使用易受攻击的远程桌面客户端连接到攻击服务器时,控制远程桌面服务器的攻击者可以在计算机上触发远程代码执行 (RCE) 。
3、Microsoft Office 远程代码执行漏洞(CVE-2026-32190)
该漏洞是由于 Microsoft Office 中存在释放后重用,攻击者可通过预览窗格发起攻击,导致任意代码执行。
4、Microsoft SharePoint Server 欺骗漏洞(CVE-2026-32201)
该漏洞影响 Microsoft SharePoint 服务器,存在欺骗风险。 SharePoint Server 存在输入验证缺陷,未经授权的攻击者可通过网络实施伪造攻击,且已存在在野利用。
5、Microsoft Word 远程代码执行漏洞(CVE-2026-33115)
该漏洞是由于 Microsoft Word 存在不可信指针解引用漏洞,未授权攻击者可以通过预览窗格利用此漏洞在本地执行任意代码。
6、Windows TCP/IP 远程代码执行漏洞(CVE-2026-33827)
该漏洞是由于未经身份验证的攻击者可以将特制的 IPv6 数据包发送到启用了 IPSec 的 Windows 节点,可在目标机器上执行任意代码。成功利用此漏洞需要攻击者赢得竞争条件,在利用之前采取额外的行动来准备目标环境。
7、Windows Internet Key Exchange (IKE) Service Extensions 远程代码执行漏洞(CVE-2026-33824)
该漏洞是由于未经身份验证的远程攻击者可以通过向启用了IKEv2(Internet Key Exchange version 2)的Windows系统发送特制数据包来利用此漏洞,从而在无需用户交互的情况下实现远程代码执行。
风险:
利用上述漏洞,攻击者可以实现权限提升、远程代码执行等。
影响范围:
Windows 11 Version 24H2 for x64-based Systems
Windows 11 Version 24H2 for ARM64-based Systems
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows 11 Version 26H1 for ARM64-based Systems
Windows Server 2025
Windows 11 version 26H1 for x64-based Systems
Windows Server 2025 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows 11 Version 23H2 for x64-based Systems
Windows 11 Version 23H2 for ARM64-based Systems
Windows 11 Version 25H2 for x64-based Systems
Windows 11 Version 25H2 for ARM systems
Windows 10 Version 22H2 for 32-bit Systems
Windows 10 Version 22H2 for ARM64-based Systems
Windows 10 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for x64-based Systems
Windows 11 Version 22H2 for ARM64-based Systems
Windows 10 Version 21H2 for x64-based Systems
Windows 10 Version 21H2 for ARM64-based Systems
Windows 10 Version 21H2 for 32-bit Systems
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows 10 Version 1809 for ARM64-based Systems
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server 2016 (Server Core installation)
Windows Server 2016
Remote Desktop client for Windows Desktop
Windows Server 2019 (Server Core installation)
Windows Server 2019
Windows App Client for Windows Desktop
Microsoft Office LTSC 2021 for 64-bit editions
Microsoft Office LTSC for Mac 2021
Microsoft 365 Apps for Enterprise for 64-bit Systems
Microsoft 365 Apps for Enterprise for 32-bit Systems
Microsoft Office 2019 for 64-bit editions
Microsoft Office 2019 for 32-bit editions
Microsoft Office 2016 (64-bit edition)
Microsoft Office 2016 (32-bit edition)
Microsoft Office LTSC for Mac 2024
Microsoft Office LTSC 2024 for 64-bit editions
Microsoft Office LTSC 2024 for 32-bit editions
Microsoft Office LTSC 2021 for 32-bit editions
Microsoft SharePoint Server Subscription Edition
Microsoft SharePoint Server 2019
Microsoft SharePoint Enterprise Server 2016
解决方案:
目前,微软官方已发布安全补丁修复上述漏洞,建议相关用户及时确认漏洞影响,尽快采取修补措施,避免引发漏洞相关的网络安全事件。
补丁链接:https://msrc.microsoft.com/update-guide/releaseNote/2026-Apr
