Important Notice: Security vulnerabilities of Microsoft (updated at 13 May 2026)

關於 Microsoft 的安全漏洞通告 (更新於 2026年5月13日)

2026-05-13 ICTO Bulletin / 公告

資訊安全警示 Information Security Alert

English
中文

To: All Users

As informed by the Cybersecurity Incident Alert and Response Centre (CARIC), Microsoft have recently released its May security update notice, there are 137 vulnerability updates this time.

This update mainly addresses vulnerabilities in the following components: Microsoft SharePoint Server, Windows Win32k, Windows GDI, and other related drivers.

Details of the vulnerabilities:

Microsoft Word Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40361

Microsoft Word Remote Code Execution Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40364

Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33835

Windows TCP/IP Local Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33837

Windows Win32k Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35417

Windows Win32k Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33840

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-35416

Windows Kernel Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40369

Windows Kernel Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-33841

Windows Remote Desktop Services Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40398

Windows Common Log File System Driver Elevation of Privilege Vulnerability

For more details, please refer to: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-40397

For more details about Microsoft May Updates, please refer to: https://msrc.microsoft.com/update-guide/releaseNote/2026-May

If the relevant affected products are used, please install the security updates released by Microsoft as soon as possible.

Reference

Should you have any enquiries, please feel free to contact ICTO Help Desk.

ICTO Help Desk
Location : Room 2085, 2/F, Central Teaching Building (E5), eMap
Telephone : 8822 8600
email : icto.helpdesk@um.edu.mo