Windows update

  1. CVE-2026-20960 PowerApps Desktop Client Remote Code Execution Vulnerability

    Corrected Download links in the Security Updates table. This is an informational change only.

  2. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

    Acknowledgement added. This is an informational change only.

  3. CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

    Updated the build numbers. This is an informational update only.

  4. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

    Updated FAQ information. This is an informational change only.

  5. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

    The following revisions have been made: 1) Microsoft is announcing the availability of the security updates for Microsoft Office 2016 and 2019. Customers running these versions of Office should install the update for their product to be protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Updated FAQ and Mitigations.

  6. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

    Corrected CVSS score. This is an informational change only.

  7. CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability

    Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.

  8. CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

    Updated the build numbers. This is an informational update only.

  9. Chromium: CVE-2026-1220 Race in V8

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  10. CVE-2026-21520 Copilot Studio Information Disclosure Vulnerability

    Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector

  11. CVE-2026-24304 Azure Resource Manager Elevation of Privilege Vulnerability

    Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.

  12. CVE-2026-24306 Azure Front Door Elevation of Privilege Vulnerability

    Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.

  13. CVE-2026-21524 Azure Data Explorer Information Disclosure Vulnerability

    Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.

  14. CVE-2026-24305 Azure Entra ID Elevation of Privilege Vulnerability

    Azure Entra ID Elevation of Privilege Vulnerability

  15. CVE-2026-24307 M365 Copilot Information Disclosure Vulnerability

    Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.

  16. CVE-2026-21227 Azure Logic Apps Elevation of Privilege Vulnerability

    Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.

  17. CVE-2026-21521 Word Copilot Information Disclosure Vulnerability

    Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.

  18. CVE-2026-21264 Microsoft Account Spoofing Vulnerability

    Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.

  19. CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

    Updated the build numbers. This is an informational update only.

  20. CVE-2026-20818 Windows Kernel Information Disclosure Vulnerability

    Updated the build numbers. This is an informational update only.

  21. CVE-2026-20943 Microsoft Office Click-To-Run Remote Code Execution Vulnerability

    Updated FAQ information. This is an informational change only.

  22. CVE-2026-20830 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

    Updated the build numbers. This is an informational update only.

  23. CVE-2026-21221 Capability Access Management Service (camsvc) Elevation of Privilege Vulnerability

    Updated the build numbers. This is an informational update only.

  24. CVE-2026-20848 Windows SMB Server Elevation of Privilege Vulnerability

    Updated the build numbers. This is an informational update only.

  25. CVE-2026-20943 Microsoft Office Click-To-Run Remote Code Execution Vulnerability

    Corrected the affected product name in the CVE title and in the FAQs. This is an informational change only.

  26. CVE-2026-20960 Microsoft Power Apps Remote Code Execution Vulnerability

    Improper authorization in Microsoft Power Apps allows an authorized attacker to execute code over a network.

  27. Chromium: CVE-2026-0907 Incorrect security UI in Split View

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  28. Chromium: CVE-2026-0906 Incorrect security UI

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  29. Chromium: CVE-2026-0905 Insufficient policy enforcement in Network

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  30. Chromium: CVE-2026-0904 Incorrect security UI in Digital Credentials

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  31. Chromium: CVE-2026-0903 Insufficient validation of untrusted input in Downloads

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  32. Chromium: CVE-2026-0901 Inappropriate implementation in Blink

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  33. Chromium: CVE-2026-0899 Out of bounds memory access in V8

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  34. CVE-2026-21223 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

    Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard (non‑administrator) local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged update commands as LocalSystem. This allows a non‑administrator to enable or disable Windows Virtualization‑Based Security (VBS) by modifying protected system registry keys under HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard. Disabling VBS weakens critical platform protections such as Credential Guard, Hypervisor‑protected Code Integrity (HVCI), and the Secure Kernel, resulting in a security feature bypass.

  35. Chromium: CVE-2026-0908 Use after free in ANGLE

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  36. Chromium: CVE-2026-0900 Inappropriate implementation in V8

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  37. Chromium: CVE-2026-0902 Inappropriate implementation in V8

    This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.

  38. CVE-2025-64678 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

    Updated the build numbers. This is an informational update only.

  39. CVE-2025-64679 Windows DWM Core Library Elevation of Privilege Vulnerability

    Updated the build numbers. This is an informational update only.

  40. CVE-2026-20958 Microsoft SharePoint Information Disclosure Vulnerability

    Updated acknowledgment. This is an informational change only.

  41. CVE-2026-20962 Dynamic Root of Trust for Measurement (DRTM) Information Disclosure Vulnerability

    Use of uninitialized resource in Dynamic Root of Trust for Measurement (DRTM) allows an authorized attacker to disclose information locally.

  42. CVE-2026-21265 Secure Boot Certificate Expiration Security Feature Bypass Vulnerability

    Windows Secure Boot stores Microsoft certificates in the UEFI KEK and DB. These original certificates are approaching expiration, and devices containing affected certificate versions must update them to maintain Secure Boot functionality and avoid compromising security by losing security fixes related to Windows boot manager or Secure Boot. The operating system’s certificate update protection mechanism relies on firmware components that might contain defects, which can cause certificate trust updates to fail or behave unpredictably. This leads to potential disruption of the Secure Boot trust chain and requires careful validation and deployment to restore intended security guarantees. | Certificate Authority (CA) | Location | Purpose | Expiration Date | | ------ | ------ | ------ | ------ | | Microsoft Corporation KEK CA 2011 | KEK | Signs updates to the DB and DBX | 06/24/2026 | | Microsoft Corporation UEFI CA 2011 | DB | Signs 3rd party boot loaders, Option ROMs, etc. | 06/27/2026 | | Microsoft Windows Production PCA 2011 | DB | Signs the Windows Boot Manager | 10/19/2026 | For more information see this CVE and [Windows Secure Boot certificate expiration and CA updates](https://aka.ms/GetSecureBoot).

  43. CVE-2026-0386 Windows Deployment Services Remote Code Execution Vulnerability

    Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.

  44. CVE-2026-20803 Microsoft SQL Server Elevation of Privilege Vulnerability

    Missing authentication for critical function in SQL Server allows an authorized attacker to elevate privileges over a network.

  45. CVE-2026-20965 Windows Admin Center Elevation of Privilege Vulnerability

    Improper verification of cryptographic signature in Windows Admin Center allows an authorized attacker to elevate privileges locally.

  46. CVE-2026-20804 Windows Hello Tampering Vulnerability

    Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.

  47. CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability

    Exposure of sensitive information to an unauthorized actor in Desktop Windows Manager allows an authorized attacker to disclose information locally.

  48. CVE-2026-20808 Windows File Explorer Elevation of Privilege Vulnerability

    Concurrent execution using shared resource with improper synchronization ('race condition') in Printer Association Object allows an authorized attacker to elevate privileges locally.

  49. CVE-2026-20809 Windows Kernel Memory Elevation of Privilege Vulnerability

    Time-of-check time-of-use (toctou) race condition in Windows Kernel Memory allows an authorized attacker to elevate privileges locally.

  50. CVE-2026-20810 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

    Free of memory not on the heap in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Приглашаю на лучшие дистанционные курсы повышения квалификации, курсы профессиональной переподготовки и курсы по специальностям на проверенной образовательной платформе «Знанио».

Воспользуйтесь моим купоном «9954514» при оформлении заказа, чтобы получить скидку -50% на https://znanio.ru на все курсы и другие услуги портала.

Прогноз погоды в Анадырь
world-weather.ru