一、漏洞簡述
微軟於 11 月釋出安全性更新,合計修補 68 個漏洞。本次更新涵蓋多項核心 Windows 元件、Office 系列產品、Visual Studio、SQL Server、Azure 服務、Hyper-V、Kerberos、WinSock、Bluetooth、DirectX、WLAN Service 等眾多功能模組。
部分漏洞允許遠端攻擊者執行任意程式碼、提升權限、繞過安全防護或造成拒絕服務攻擊 (DoS),建議各機關應儘速完成修補。
二、設備/版本影響
受影響平台包含:
Azure Monitor Agent
Customer Experience Improvement Program (CEIP)
Dynamics 365 Field Service (online)
GitHub Copilot and Visual Studio Code
Host Process for Windows Tasks
Microsoft Configuration Manager
Microsoft Dynamics 365 (on-premises)
Microsoft Edge (Chromium-based)
Microsoft Graphics Component
Microsoft Office
Microsoft Office Excel
Microsoft Office SharePoint
Microsoft Office Word
Microsoft Streaming Service
Microsoft Wireless Provisioning System
Multimedia Class Scheduler Service (MMCSS)
Nuance PowerScribe
OneDrive for Android
Role: Windows Hyper-V
SQL Server
Storvsp.sys Driver
Visual Studio
Visual Studio Code CoPilot Chat Extension
Windows Administrator Protection
Windows Ancillary Function Driver for WinSock
Windows Bluetooth RFCOM Protocol Driver
Windows Broadcast DVR User Service
Windows Client-Side Caching (CSC) Service
Windows Common Log File System Driver
Windows DirectX
Windows Kerberos
Windows Kernel
Windows License Manager
Windows OLE
Windows Remote Desktop
Windows Routing and Remote Access Service (RRAS)
Windows Smart Card
Windows Speech
Windows Subsystem for Linux GUI
Windows TDX.sys
Windows WLAN Service
三、建議處置
目前微軟官方已針對弱點釋出修復版本,請各機關可聯絡系統維護廠商或參考以下連結:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov
四、相關連結
參考資料:
https://msrc.microsoft.com/update-guide/releaseNote/2025-Nov