CSIRT Toscana

Aggiornamenti Mensili Microsoft (AL02/260513/CSIRT-ITA)

Data:
3 Luglio 2026

Impatto Sistemico

Critico (79.23)

Sintesi

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 138 nuove vulnerabilità.

Tipologia

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Security Feature Bypass
  • Spoofing
  • Tampering

Prodotti e/o versioni affette

  • .NET
  • ASP.NET Core
  • Azure AI Foundry M365 published agents
  • Azure Cloud Shell
  • Azure Connected Machine Agent
  • Azure DevOps
  • Azure Entra ID
  • Azure Logic Apps
  • Azure Machine Learning
  • Azure Managed Instance for Apache Cassandra
  • Azure Monitor Agent
  • Azure Notification Service
  • Azure SDK
  • Copilot Chat (Microsoft Edge)
  • Data Deduplication
  • Dynamics Business Central
  • GitHub Copilot and Visual Studio
  • M365 Copilot
  • M365 Copilot for Desktop
  • Microsoft Data Formulator
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Dynamics 365 Customer Insights
  • Microsoft Edge (Chromium-based)
  • Microsoft Edge for Android
  • Microsoft Office
  • Microsoft Office Click-To-Run
  • Microsoft Office Excel
  • Microsoft Office PowerPoint
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Partner Center
  • Microsoft SSO Plugin for Jira & Confluence
  • Microsoft Teams
  • Microsoft Windows DNS
  • Power Automate
  • SQL Server
  • Telnet Client
  • Visual Studio Code
  • Windows Admin Center
  • Windows Ancillary Function Driver for WinSock
  • Windows Application Identity (AppID) Subsystem
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows DWM Core Library
  • Windows Event Logging Service
  • Windows Filtering Platform (WFP)
  • Windows GDI
  • Windows Hyper-V
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows Link-Layer Discovery Protocol (LLDP)
  • Windows Message Queuing
  • Windows Native WiFi Miniport Driver
  • Windows Netlogon
  • Windows Print Spooler Components
  • Windows Projected File System
  • Windows Remote Desktop
  • Windows Rich Text Edit
  • Windows Rich Text Edit Control
  • Windows SMB Client
  • Windows Secure Boot
  • Windows Storage Spaces Controller
  • Windows Storport Miniport Driver
  • Windows TCP/IP
  • Windows Telephony Service
  • Windows Volume Manager Extension Driver
  • Windows Win32K – GRFX
  • Windows Win32K – ICOMP

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di procedere all’aggiornamento dei prodotti impattati attraverso l’apposita funzione di Windows Update.

Riferimenti

CVE

CVE-ID
CVE-2026-41089 CVE-2026-45659 CVE-2026-41094 CVE-2026-41095
CVE-2026-33109 CVE-2026-41088 CVE-2026-41086 CVE-2026-40398
CVE-2026-40399 CVE-2026-40397 CVE-2026-35419 CVE-2026-35417
CVE-2026-34329 CVE-2026-35418 CVE-2026-35415 CVE-2026-35416
CVE-2026-34327 CVE-2026-33117 CVE-2026-33111 CVE-2026-33110
CVE-2026-33112 CVE-2026-34330 CVE-2026-41096 CVE-2026-41097
CVE-2026-34339 CVE-2026-35428 CVE-2026-35429 CVE-2026-34337
CVE-2026-34338 CVE-2026-35424 CVE-2026-34336 CVE-2026-34333
CVE-2026-35422 CVE-2026-35423 CVE-2026-34334 CVE-2026-34331
CVE-2026-35420 CVE-2026-35421 CVE-2026-34332 CVE-2026-32161
CVE-2026-34340 CVE-2026-34341 CVE-2026-26164 CVE-2026-32209
CVE-2026-35439 CVE-2026-32207 CVE-2026-35438 CVE-2026-32204
CVE-2026-35435 CVE-2026-34347 CVE-2026-35436 CVE-2026-34344
CVE-2026-35433 CVE-2026-34345 CVE-2026-34342 CVE-2026-34343
CVE-2026-34351 CVE-2026-35440 CVE-2026-34350 CVE-2026-32170
CVE-2026-33823 CVE-2026-33821 CVE-2026-32175 CVE-2026-32177
CVE-2026-40358 CVE-2026-42899 CVE-2026-40359 CVE-2026-32185
CVE-2026-42898 CVE-2026-40357 CVE-2026-42891 CVE-2026-42896
CVE-2026-42893 CVE-2026-33838 CVE-2026-33837 CVE-2026-33839
CVE-2026-33834 CVE-2026-33833 CVE-2026-33835 CVE-2026-40408
CVE-2026-40369 CVE-2026-40402 CVE-2026-41613 CVE-2026-42823
CVE-2026-41612 CVE-2026-40403 CVE-2026-41611 CVE-2026-40367
CVE-2026-40368 CVE-2026-41610 CVE-2026-40401 CVE-2026-40406
CVE-2026-40407 CVE-2026-42826 CVE-2026-42825 CVE-2026-40405
CVE-2026-41614 CVE-2026-40361 CVE-2026-40362 CVE-2026-40360
CVE-2026-40365 CVE-2026-40366 CVE-2026-40363 CVE-2026-40364
CVE-2026-40380 CVE-2026-33844 CVE-2026-33841 CVE-2026-33840
CVE-2026-40419 CVE-2026-40413 CVE-2026-40414 CVE-2026-41107
CVE-2026-42833 CVE-2026-42832 CVE-2026-40379 CVE-2026-42831
CVE-2026-41105 CVE-2026-40417 CVE-2026-42838 CVE-2026-40418
CVE-2026-40415 CVE-2026-41109 CVE-2026-40416 CVE-2026-40370
CVE-2026-41102 CVE-2026-42830 CVE-2026-21530 CVE-2026-40377
CVE-2026-40410 CVE-2026-41103 CVE-2026-40374 CVE-2026-41100
CVE-2026-41101 CVE-2026-26129 CVE-2026-40381 CVE-2026-40382
CVE-2026-40420 CVE-2026-40421

Change log

Versione Note Data
1.0 Pubblicato il 13-05-2026 13/05/2026
1.1 Aggiunta la CVE-2026-45659 in seguito a disclosure successiva agli aggiornamenti rilasciati il 13 maggio 2026 (Nessuna azione richiesta: il vendor dichiara che i fix per questa CVE erano già presenti negli aggiornamenti del 13) 27/05/2026
1.2 Aggiornata sezione “CVE” per rilevato sfruttamento della CVE-2026-41089 01/06/2026
1.3 Aggiornata sezione “CVE” per rilevamento PoC per lo sfruttamento della CVE-2026-41089 24/06/2026
1.4 Aggiornata sezione “CVE” per rilevato sfruttamento della CVE-2026-45659 02/07/2026

Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità. Può essere visualizzato in versione originale al seguente link

Ultimo aggiornamento

3 Luglio 2026, 16:00