Consorzio Metis

CSIRT Toscana

CSIRT Toscana

Aggiornamenti Mensili Microsoft (AL02/260513/CSIRT-ITA)

Data:
13 Maggio 2026

Impatto Sistemico

Alto (66.41)

Sintesi

Microsoft ha rilasciato gli aggiornamenti di sicurezza mensili che risolvono un totale di 137 nuove vulnerabilità.

Tipologia

  • Denial of Service
  • Elevation of Privilege
  • Information Disclosure
  • Remote Code Execution
  • Security Feature Bypass
  • Spoofing
  • Tampering

Prodotti e/o versioni affette

  • .NET
  • ASP.NET Core
  • Azure AI Foundry M365 published agents
  • Azure Cloud Shell
  • Azure Connected Machine Agent
  • Azure DevOps
  • Azure Entra ID
  • Azure Logic Apps
  • Azure Machine Learning
  • Azure Managed Instance for Apache Cassandra
  • Azure Monitor Agent
  • Azure Notification Service
  • Azure SDK
  • Copilot Chat (Microsoft Edge)
  • Data Deduplication
  • Dynamics Business Central
  • GitHub Copilot and Visual Studio
  • M365 Copilot
  • M365 Copilot for Desktop
  • Microsoft Data Formulator
  • Microsoft Dynamics 365 (on-premises)
  • Microsoft Dynamics 365 Customer Insights
  • Microsoft Edge (Chromium-based)
  • Microsoft Edge for Android
  • Microsoft Office
  • Microsoft Office Click-To-Run
  • Microsoft Office Excel
  • Microsoft Office PowerPoint
  • Microsoft Office SharePoint
  • Microsoft Office Word
  • Microsoft Partner Center
  • Microsoft SSO Plugin for Jira & Confluence
  • Microsoft Teams
  • Microsoft Windows DNS
  • Power Automate
  • SQL Server
  • Telnet Client
  • Visual Studio Code
  • Windows Admin Center
  • Windows Ancillary Function Driver for WinSock
  • Windows Application Identity (AppID) Subsystem
  • Windows Cloud Files Mini Filter Driver
  • Windows Common Log File System Driver
  • Windows Cryptographic Services
  • Windows DWM Core Library
  • Windows Event Logging Service
  • Windows Filtering Platform (WFP)
  • Windows GDI
  • Windows Hyper-V
  • Windows Internet Key Exchange (IKE) Protocol
  • Windows Kernel
  • Windows Kernel-Mode Drivers
  • Windows LDAP – Lightweight Directory Access Protocol
  • Windows Link-Layer Discovery Protocol (LLDP)
  • Windows Message Queuing
  • Windows Native WiFi Miniport Driver
  • Windows Netlogon
  • Windows Print Spooler Components
  • Windows Projected File System
  • Windows Remote Desktop
  • Windows Rich Text Edit
  • Windows Rich Text Edit Control
  • Windows SMB Client
  • Windows Secure Boot
  • Windows Storage Spaces Controller
  • Windows Storport Miniport Driver
  • Windows TCP/IP
  • Windows Telephony Service
  • Windows Volume Manager Extension Driver
  • Windows Win32K – GRFX
  • Windows Win32K – ICOMP

Azioni di mitigazione

In linea con le dichiarazioni del vendor, si raccomanda di procedere all’aggiornamento dei prodotti impattati attraverso l’apposita funzione di Windows Update.

Riferimenti

CVE

CVE-ID
CVE-2026-41094 CVE-2026-41095 CVE-2026-33109 CVE-2026-41088
CVE-2026-41086 CVE-2026-40398 CVE-2026-40399 CVE-2026-41089
CVE-2026-40397 CVE-2026-35419 CVE-2026-35417 CVE-2026-34329
CVE-2026-35418 CVE-2026-35415 CVE-2026-35416 CVE-2026-34327
CVE-2026-33117 CVE-2026-33111 CVE-2026-33110 CVE-2026-33112
CVE-2026-34330 CVE-2026-41096 CVE-2026-41097 CVE-2026-34339
CVE-2026-35428 CVE-2026-35429 CVE-2026-34337 CVE-2026-34338
CVE-2026-35424 CVE-2026-34336 CVE-2026-34333 CVE-2026-35422
CVE-2026-35423 CVE-2026-34334 CVE-2026-34331 CVE-2026-35420
CVE-2026-35421 CVE-2026-34332 CVE-2026-32161 CVE-2026-34340
CVE-2026-34341 CVE-2026-26164 CVE-2026-32209 CVE-2026-35439
CVE-2026-32207 CVE-2026-35438 CVE-2026-32204 CVE-2026-35435
CVE-2026-34347 CVE-2026-35436 CVE-2026-34344 CVE-2026-35433
CVE-2026-34345 CVE-2026-34342 CVE-2026-34343 CVE-2026-34351
CVE-2026-35440 CVE-2026-34350 CVE-2026-32170 CVE-2026-33823
CVE-2026-33821 CVE-2026-32175 CVE-2026-32177 CVE-2026-40358
CVE-2026-42899 CVE-2026-40359 CVE-2026-32185 CVE-2026-42898
CVE-2026-40357 CVE-2026-42891 CVE-2026-42896 CVE-2026-42893
CVE-2026-33838 CVE-2026-33837 CVE-2026-33839 CVE-2026-33834
CVE-2026-33833 CVE-2026-33835 CVE-2026-40408 CVE-2026-40369
CVE-2026-40402 CVE-2026-41613 CVE-2026-42823 CVE-2026-41612
CVE-2026-40403 CVE-2026-41611 CVE-2026-40367 CVE-2026-40368
CVE-2026-41610 CVE-2026-40401 CVE-2026-40406 CVE-2026-40407
CVE-2026-42826 CVE-2026-42825 CVE-2026-40405 CVE-2026-41614
CVE-2026-40361 CVE-2026-40362 CVE-2026-40360 CVE-2026-40365
CVE-2026-40366 CVE-2026-40363 CVE-2026-40364 CVE-2026-40380
CVE-2026-33844 CVE-2026-33841 CVE-2026-33840 CVE-2026-40419
CVE-2026-40413 CVE-2026-40414 CVE-2026-41107 CVE-2026-42833
CVE-2026-42832 CVE-2026-40379 CVE-2026-42831 CVE-2026-41105
CVE-2026-40417 CVE-2026-42838 CVE-2026-40418 CVE-2026-40415
CVE-2026-41109 CVE-2026-40416 CVE-2026-40370 CVE-2026-41102
CVE-2026-42830 CVE-2026-21530 CVE-2026-40377 CVE-2026-40410
CVE-2026-41103 CVE-2026-40374 CVE-2026-41100 CVE-2026-41101
CVE-2026-26129 CVE-2026-40381 CVE-2026-40382 CVE-2026-40420
CVE-2026-40421

Change log

Versione Note Data
1.0 Pubblicato il 13-05-2026 13/05/2026

Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità. Può essere visualizzato in versione originale al seguente link

Ultimo aggiornamento

13 Maggio 2026, 10:08