Уязвимости

1. CVE-2026-20960 PowerApps Desktop Client Remote Code Execution Vulnerability

   Corrected Download links in the Security Updates table. This is an informational change only.

2. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

   Acknowledgement added. This is an informational change only.

3. CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

   Updated the build numbers. This is an informational update only.

4. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

   Updated FAQ information. This is an informational change only.

5. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

   The following revisions have been made: 1) Microsoft is announcing the availability of the security updates for Microsoft Office 2016 and 2019. Customers running these versions of Office should install the update for their product to be protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Updated FAQ and Mitigations.

6. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

   Corrected CVSS score. This is an informational change only.

7. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

   Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

8. CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

   Updated the build numbers. This is an informational update only.

9. Chromium: CVE-2026-1220 Race in V8

   This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

10. CVE-2026-21520 Copilot Studio Information Disclosure Vulnerability

    Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

11. CVE-2026-24304 Azure Resource Manager Elevation of Privilege Vulnerability

    Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.

12. CVE-2026-24306 Azure Front Door Elevation of Privilege Vulnerability

    Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

13. CVE-2026-21524 Azure Data Explorer Information Disclosure Vulnerability

    Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.

14. CVE-2026-24305 Azure Entra ID Elevation of Privilege Vulnerability

    Azure Entra ID Elevation of Privilege Vulnerability

15. CVE-2026-24307 M365 Copilot Information Disclosure Vulnerability

    Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

16. CVE-2026-21227 Azure Logic Apps Elevation of Privilege Vulnerability

    Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.

17. CVE-2026-21521 Word Copilot Information Disclosure Vulnerability

    Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

18. CVE-2026-21264 Microsoft Account Spoofing Vulnerability

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

19. CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

    Updated the build numbers. This is an informational update only.

20. CVE-2026-20818 Windows Kernel Information Disclosure Vulnerability

    Updated the build numbers. This is an informational update only.