【資安漏洞預警】Microsoft 旗下SharePoint Server 存在2個重大資安漏洞

【資安漏洞預警】Microsoft 旗下SharePoint Server 存在2個重大資安漏洞
[Security Vulnerability Alert] Microsoft's SharePoint Server has two major security vulnerabilities.

發布單位：圖資處數位服務組

日期範圍：2026/3/13 ～ 2026/9/13

發布單位：圖資處數位服務組

日期範圍：2026/3/13 ～ 2026/9/13

行政行政公告

全體

轉發台灣電腦網路危機處理暨協調中心資安訊息警訊 TWCERTCC-200-202603-00000010

[內容說明]
Microsoft SharePoint Server 是一款企業級協作平台，提供文件管理與團隊協作等功能，是企業資訊整合的核心平台。近日Microsoft 發布2個重大資安漏洞公告(CVE-2026-26106，CVSS：8.8 和 CVE-2026-26114，CVSS：8.8)。
其中CVE-2026-26106為輸入驗證不當漏洞，允許經授權的攻擊者透過網路執行程式碼；CVE-2026-26114為不受信任資料反序列化漏洞，允許經授權的攻擊者透過網路執行程式碼。

[影響平台]
Microsoft SharePoint Enterprise Server 2016 16.0.0至16.0.55431000版本
Microsoft SharePoint Server Subion Edition 16.0.0至16.0.10417.20102版本
Microsoft SharePoint Server 2019 16.0.0至16.0.19725.20076版本
Microsoft SharePoint Server 2019 16.0.0至16.0.10417.20102版本

[建議措施]
根據官方網站釋出的解決方式進行修補：
【CVE-2026-26106】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26106
【CVE-2026-26114】 https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26114

[參考資料]
1. https://www.twcert.org.tw/tw/cp-169-10761-7d364-1.html

Forwarded from Taiwan Computer Network Crisis Management and Coordination Center: Cybersecurity Alert TWCERTCC-200-202603-00000010

[Content Description]
Microsoft SharePoint Server is an enterprise-level collaboration platform that provides file management and team collaboration functions, serving as a core platform for enterprise information integration. Recently, Microsoft released two major cybersecurity vulnerability announcements (CVE-2026-26106, CVSS: 8.8 and CVE-2026-26114, CVSS: 8.8).

CVE-2026-26106 is an input validation vulnerability that allows an authorized attacker to execute code over a network; CVE-2026-26114 is an untrusted data deserialization vulnerability that allows an authorized attacker to execute code over a network.

[Affected Platforms]
Microsoft SharePoint Enterprise Server 2016 versions 16.0.0 to 16.0.55431000
Microsoft SharePoint Server Subion Edition versions 16.0.0 to 16.0.10417.20102
Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.19725.20076
Microsoft SharePoint Server 2019 versions 16.0.0 to 16.0.10417.20102

[Recommended Actions]
Patch according to the solutions released on the official website:
【CVE-2026-26106】https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26106
【CVE-2026-26114】https://msrc.microsoft.com/update-guide/zh-tw/vulnerability/CVE-2026-26114

[References]
1. https://www.twcert.org.tw/tw/cp-169-10761-7d364-1.html

【資安漏洞預警】Microsoft 旗下SharePoint Server 存在2個重大資安漏洞
[Security Vulnerability Alert] Microsoft's SharePoint Server has two major security vulnerabilities.

發布單位：圖資處數位服務組

日期範圍：2026/3/13 ～ 2026/9/13

行政行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】Microsoft 旗下SharePoint Server 存在2個重大資安漏洞 [Security Vulnerability Alert] Microsoft's SharePoint Server has two major security vulnerabilities.

發布單位：圖資處數位服務組

日期範圍：2026/3/13 ～ 2026/9/13

行政 行政公告

全體

相關附件

無

【返回上頁】

【資安漏洞預警】Microsoft 旗下SharePoint Server 存在2個重大資安漏洞
[Security Vulnerability Alert] Microsoft's SharePoint Server has two major security vulnerabilities.

行政行政公告