Cert-In-Advisories

[CIVN-2026-0231] Multiple Vulnerabilities in Microsoft Products

By Published On: May 14, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Microsoft Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: CRITICAL


Software Affected


Windows 10: Versions 21H2 and 22H2

Windows 11Versions 23H2, 24H2, and 25H2

Windows Server: 2016, 2019, 2022, 2022 (23H2 Edition), and 2025

Microsoft Office / Microsoft 365 Apps

Microsoft Edge (Chromium-based)

ASP.NET Core

Azure DevOps Server / Services

SharePoint Server

Microsoft Azure cloud components

Overview


Multiple vulnerabilities have been identified in Microsoft cloud and AI-integrated service, Azure, Microsoft 365, Teams, Copilot, and Edge. These vulnerabilities could allow attackers to execute arbitrary code, insufficient input validation, disclose sensitive information, or perform spoofing attacks, potentially leading to compromise system.


Target Audience:

All organizations and individuals using affected Microsoft products.


Risk Assessment:

High risk due to the potentially exploiting information disclosure, spoofing, remote code execution, and injection-based attacks due to improper input validation.


Impact Assessment:

Data exposure, service compromise, privilege escalation, remote code execution, and disruption of cloud and AI services.


Description


These vulnerabilities exists in Microsoft Azure and M365 services primarily caused by insufficient input validation this can result in unauthorized access to sensitive data, compromise of cloud and AI services, privilege escalation, remote code execution, and service disruption across affected environments.


Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code privilege escalation, access sensitive data and service disruption.


Solution


Apply appropriate updates as mentioned by the vendor:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42826


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35428


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35435


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34327


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33844


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33823


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32207


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40379


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33109


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33111


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41105


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26129


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26164



References


 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42826

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35428

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35435

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34327

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33844

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33823

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32207

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40379

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33109

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33111

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41105

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26129

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26164


CVE Name

CVE-2026-42826

CVE-2026-35428

CVE-2026-35435

CVE-2026-34327

CVE-2026-33844

CVE-2026-33823

CVE-2026-32207

CVE-2026-40379

CVE-2026-33109

CVE-2026-33111

CVE-2026-41105

CVE-2026-26129

CVE-2026-26164




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoF4z4ACgkQ3jCgcSdc

ys+E7RAAn82LQ13ImcHrEFkyzL66RPJc1S18SoBZfj+EC3q0CxznRqAZo1aepFvm

uSH9xfjvAIxGkjot2lmCQIPOm7BMCHkyB4s2yPUWOwEGG7jyrSth7gNrAH8Y/1tp

ip43a1QveEG00UyuTHabm3vcziG7I/4iGYiuurdAac9ocWqiv6LVgsPLrFEdPZEN

puUObtj7/gsQJQUXWcbWStgv9VMwHpIl32jilyayP1XPWfttDIkY0H+0fNi++4fL

qSvVSlRNUSGyp+wCuaVfQ21TyaiKFT+1M4OSFX3uqpoqplBlq8H5Jik0uq4WCyPq

cBjyxdlThzDqvpgSPEcq6Rj/QLLnlOCN7oT8XL8druCeLzVcb6LA3luVgSqh3JO+

HJQACrVO06+9amg0v2L2g61NWXXuNeCc21F6lxTdv4uIhQiIxcHH8V/1asYIOEeN

lYEd/ahDHpdhxqXmk8ZKca6f93OKuWfeub9+uFK962THdwMA5jubFYJ5SrMOiTEl

CMrwj90+5QLCGxqTFVoUbr/ve18a92TPMeKcdEvFEZgzb9RqePDlxS/kJd1iLqS3

6LmMCPQbomnndl5iBEUUp9QVCHJwydjHw/ZzD/O1ySnmtcy76tPRbcbLtbJyuzAY

DR1O8QkR+dbDM06wuK9IlEfK5Zw2hU7IK2pUym5QrsyboX5Dnfk=

=vUTm

—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIAD-2026-0023] Multiple Vulnerabilities in SAP Products

[CIAD-2026-0023] Multiple Vulnerabilities in SAP Products

May 14, 2026
[CIVN-2026-0235] Multiple Vulnerabilities in Google Chrome for Desktop

[CIVN-2026-0235] Multiple Vulnerabilities in Google Chrome for Desktop

May 14, 2026
[CIVN-2026-0234] Multiple Vulnerabilities in Mozilla Products

[CIVN-2026-0234] Multiple Vulnerabilities in Mozilla Products

May 14, 2026
Total Views: 13|Daily Views: 13
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!