Cert-In-Advisories

[CIVN-2026-0273] Multiple Vulnerabilities in Microsoft Products

By Published On: May 29, 2026

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256


Multiple Vulnerabilities in Microsoft Products


Indian – Computer Emergency Response Team (https://www.cert-in.org.in)


Severity Rating: HIGH


Software Affected


Microsoft Global Secure Access (GSA)

Microsoft Entra ID

Microsoft Planetary Computer Pro (GeoCatalog)

Azure Stack HCI

Microsoft 365 Copilot for iOS

Microsoft 365 Copilot

Azure Resource Manager

Azure Virtual Network Gateway

Azure Privileged Identity Management (PIM)

Microsoft Power Pages

Azure Orbital Spatio

Overview


Multiple vulnerabilities have been reported in Microsoft Products which could allow attacker to execute arbitrary code, input validation, elevate privileges, disclose sensitive information or cause denial of services on the affected systems.


Target Audience:

All organizations and individuals using affected Microsoft products.


Risk Assessment:

High risk due to the potential for remote code execution and command injection and disruption of cloud services.


Impact Assessment:

Data exposure, service compromise, unauthorized privilege escalation, remote code execution and system compromise.


Description


These vulnerabilities exist Microsoft Products and identity services due to improper input validation, authentication weaknesses, authorization issues, and command handling flaws.


Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code, elevate privileges, disclose sensitive information or cause denial of services on the affected systems.


Solution


Apply appropriate updates as mentioned by the vendor:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23663


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42901


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41104


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26147


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41090


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42827


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47280


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40411


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35430


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23652


https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40412



Vendor Information


 

https://www.microsoft.com/en-in/


References


 

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23663

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42901

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41104

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33843

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26147

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41090

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42827

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47280

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40411

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35430

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23652

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40412


CVE Name

CVE-2026-23663

CVE-2026-42901

CVE-2026-41104

CVE-2026-33843

CVE-2026-26147

CVE-2026-41090

CVE-2026-42901

CVE-2026-47280

CVE-2026-40411

CVE-2026-35430

CVE-2026-23652

CVE-2026-40412




– —


Thanks and Regards,

CERT-In


Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS


Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–


iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmoZaUwACgkQ3jCgcSdc

ys96phAAoLYawL8537i/+dbBrzQuFr+ZkeDcEYC8ctl1cqtwAzeuoEglLGl/OVUT

Oh5JoiDodWNly+NbkM3gvKpPbjhTZG8r1qELbXJd+/ol02RqjTlJNC7atkPz/ha7

8rp5r5Km4oEygfTUbyHQlRyvrDWkybQiPPBssPSadTVeaFh2IAdLWxwBMqb7Twor

QIsmHnhDYWfFQKS/xXtrTl6hxlJ1GpY3DUwJ44of1Jk7DC+Og4hIXxYDH80OBaxN

T5lHxUurbniOycAGZ/mUjZMbqOz2q7Uc/xbKgdniP9Q9ItyIVis7d0uxsVSQF7eT

+GhZe5tNZymE5Fw9UKST23bW9wk9eTthRohmTnNVPSOjcazlodyCbXv459Jbow1X

NMz1vTdbl1vtu7rX4zhc7zNYkI392p838NCc+thWf6ufok/68BHjnqqUP/SgdzAy

/jQpF2IxSDvAomfyiuBdJ/ALTNUiifYD8UIaMcxZL7X5SPJMCHUVg3UygINzUlIC

d3l3heC6CKFnyzEqvJMJkNV45iZd6zEtQYMdwd3RiLx34VYDIidKWM1KEjnXX13C

bt9+gBNqgmjGDl4RgtXYND+cbfW0e412X4leZksstmX/cvWv/OgXHCXlfFzr8lHG

YvIig+S0+2SjuNO/xzse9qfKPhrcFBwQ/2iFZ4A9tNm8yodG7zE=

=/CIW

—–END PGP SIGNATURE—–

Share this article

Related Posts

[CIVN-2026-0275] Multiple Vulnerabilities in Check Point Products

[CIVN-2026-0275] Multiple Vulnerabilities in Check Point Products

May 29, 2026
[CIVN-2026-0274] Multiple Vulnerabilities in 7-Zip

[CIVN-2026-0274] Multiple Vulnerabilities in 7-Zip

May 29, 2026
[CIVN-2026-0272] Multiple Vulnerabilities in Google Chrome for Desktop

[CIVN-2026-0272] Multiple Vulnerabilities in Google Chrome for Desktop

May 29, 2026
Total Views: 21|Daily Views: 21
Follow us :

Categories

Archives

Join our team

Join us today latest article updates!