轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202603-00000009

[內容說明]
微軟釋出115年3月份安全性更新，共修補包含SQL Server、Microsoft Office SharePoint及Active Directory Domain Services等共84個漏洞，其中包含16個CVSS達8.8分之高風險漏洞，請儘速確認並進行修補。

[影響平台]
影響軟體與服務項目如下:
Active Directory Domain Services
ASP.NET Core
Azure Arc
Azure Compute Gallery
Azure Entra ID
Azure IoT Explorer
Azure Linux Virtual Machines
Azure MCP Server
Azure Portal Windows Admin Center
Azure Windows Virtual Machine Agent
Broadcast DVR
Connected Devices Platform Service (Cdpsvc)
GitHub Repo: zero-shot-scfoundation
Microsoft Authenticator
Microsoft Brokering File System
Microsoft Devices Pricing Program
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
.NET
Payment Orchestrator Service
Push Message Routing Service
Role: Windows Hyper-V
SQL Server
System Center Operations Manager
Windows Accessibility Infrastructure (ATBroker.exe)
Windows Ancillary Function Driver for WinSock
Windows App Installer
Windows Authentication Methods
Windows Bluetooth RFCOM Protocol Driver
Windows Device Association Service
Windows DWM Core Library
Windows Extensible File Allocation
Windows File Server
Windows GDI
Windows GDI+
Windows Kerberos
Windows Kernel
Windows MapUrlToZone
Windows Mobile Broadband
Windows NTFS
Windows Performance Counters
Windows Print Spooler Components
Windows Projected File System
Windows Resilient File System (ReFS)
Windows Routing and Remote Access Service (RRAS)
Windows Shell Link Processing
Windows SMB Server
Windows System Image Manager
Windows Telephony Service
Windows Universal Disk Format File System Driver (UDFS)
Windows Win32K
Winlogon

[建議措施]
目前微軟官方已針對弱點釋出修復版本，請儘速完成更新，或聯絡系統維護廠商， 詳細資訊參考微軟官方連結： https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar

Forwarded from the National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202603-00000009

[Content Description]
Microsoft released its March 2016 security update, patching 84 vulnerabilities including those in SQL Server, Microsoft Office SharePoint, and Active Directory Domain Services. Among these are 16 high-risk vulnerabilities with a CVSS score of 8.8. Please identify and patch them as soon as possible.

[Influence Platform]
The affected software and services are as follows:
Active Directory Domain Services
ASP.NET Core
Azure Arc
Azure Compute Gallery
Azure Entra ID
Azure IoT Explorer
Azure Linux Virtual Machines
Azure MCP Server
Azure Portal Windows Admin Center
Azure Windows Virtual Machine Agent
Broadcast DVR
Connected Devices Platform Service (Cdpsvc)
GitHub Repo: zero-shot-scfoundation
Microsoft Authenticator
Microsoft Brokering File System
Microsoft Devices Pricing Program
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
.NET
Payment Orchestrator Service
Push Message Routing Service
Role: Windows Hyper-V
SQL Server
System Center Operations Manager
Windows Accessibility Infrastructure (ATBroker.exe)
Windows Ancillary Function Driver for WinSock
Windows App Installer
Windows Authentication Methods
Windows Bluetooth RFCOM Protocol Driver
Windows Device Association Service
Windows DWM Core Library
Windows Extensible File Allocation
Windows File Server
Windows GDI
Windows GDI+
Windows Kerberos
Windows Kernel
Windows MapUrlToZone
Windows Mobile Broadband
Windows NTFS
Windows Performance Counters
Windows Print Spooler Components
Windows Projected File System
Windows Resilient File System (ReFS)
Windows Routing and Remote Access Service (RRAS)
Windows Shell Link Processing
Windows SMB Server
Windows System Image Manager
Windows Telephony Service
Windows Universal Disk Format File System Driver (UDFS)
Windows Win32K
Winlogon

[Recommended Actions]
Microsoft has released a patch to fix this vulnerability. Please update as soon as possible or contact your system maintenance vendor. For detailed information, please refer to the official Microsoft link: https://msrc.microsoft.com/update-guide/releaseNote/2026-Mar