Changeflow GovPing Data Privacy & Cybersecurity Microsoft Product Vulnerabilities Detailed
Priority review Notice Added Final

Microsoft Product Vulnerabilities Detailed

Favicon for www.cert.ssi.gouv.fr CERT-FR Security Advisories
Published March 23rd, 2026
Detected March 23rd, 2026
Email

Summary

CERT-FR has issued an advisory detailing multiple vulnerabilities discovered in Microsoft products, referencing numerous CVEs. These vulnerabilities could allow an attacker to cause unspecified security issues. Users are advised to consult Microsoft's security bulletins for patch information.

View original document View source feed page

What changed

This advisory from CERT-FR details multiple vulnerabilities affecting various Microsoft products, as identified by numerous CVEs (e.g., CVE-2026-32775, CVE-2025-71239). The vulnerabilities are described as allowing an attacker to cause an unspecified security problem. The advisory lists specific affected software versions, including azl3 kernel, azl3 libexif, azl3 nghttp2, and azl3 pyOpenSSL, with versions prior to specific updates being vulnerable.

Organizations using affected Microsoft products should immediately consult the provided Microsoft Security Bulletins and apply the necessary patches and updates. Failure to do so could expose systems to exploitation, leading to unspecified security risks. While the risk is not explicitly detailed by the publisher, the nature of multiple CVEs suggests a potentially broad impact. Prompt patching is the recommended solution to mitigate these risks.

What to do next

  1. Review Microsoft Security Bulletins for affected products
  2. Apply relevant patches and updates promptly
  3. Assess system configurations for azl3 kernel, libexif, nghttp2, and pyOpenSSL

Source document (simplified)

Premier Ministre S.G.D.S.N

Agence nationale
de la sécurité des
systèmes d'information

Paris, le 23 mars 2026 N° CERTFR-2026-AVI-0341 Affaire suivie par: CERT-FR

Avis du CERT-FR

Objet: Multiples vulnérabilités dans les produits Microsoft

Gestion du document

| Référence | CERTFR-2026-AVI-0341 |
| Titre | Multiples vulnérabilités dans les produits Microsoft |
| Date de la première version | 23 mars 2026 |
| Date de la dernière version | 23 mars 2026 |
| Source(s) | Bulletin de sécurité Microsoft CVE-2026-32775 du 17 mars 2026
Bulletin de sécurité Microsoft CVE-2025-71239 du 18 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23241 du 18 mars 2026
Bulletin de sécurité Microsoft CVE-2025-71265 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2025-71266 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2025-71267 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23233 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23242 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23243 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23248 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2026-27448 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2026-27459 du 19 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23259 du 20 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23266 du 20 mars 2026
Bulletin de sécurité Microsoft CVE-2026-23267 du 20 mars 2026
Bulletin de sécurité Microsoft CVE-2026-27135 du 20 mars 2026 |
Une gestion de version détaillée se trouve à la fin de ce document.

Risque

  • Non spécifié par l'éditeur

Systèmes affectés

  • azl3 kernel 6.6.126.1-1 versions antérieures à 6.6.129.1-1
  • azl3 libexif 0.6.24-1 versions antérieures à 0.6.24-2
  • azl3 nghttp2 1.61.0-2 versions antérieures à 1.61.0-3
  • azl3 pyOpenSSL 24.2.1-1 versions antérieures à 24.2.1-2

Résumé

De multiples vulnérabilités ont été découvertes dans les produits Microsoft. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Documentation

Gestion détaillée du document

  1. le 23 mars 2026 Version initiale

Named provisions

Risk Affected Systems Summary Solutions Documentation

Related changes

Favicon for www.cert.ssi.gouv.fr Qnap Products Security Vulnerabilities
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr Citrix Products Vulnerabilities
Urgent Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for www.cert.ssi.gouv.fr CPython Vulnerability Allows Security Policy Bypass
Priority review Mar 23, 2026 CERT-FR Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de Uptime Kuma Vulnerability Allows Information Disclosure
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de MinIO Vulnerability Allows Info Disclosure and Security Bypass
Urgent Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity
Favicon for wid.cert-bund.de PyTorch Vulnerability Allows Local Code Execution
Priority review Mar 23, 2026 CERT-Bund Security Advisories Data Privacy & Cybersecurity

Source

Favicon for www.cert.ssi.gouv.fr
CERT-FR Security Advisories cert.ssi.gouv.fr/avis
Data Privacy & Cybersecurity
Analysis generated by AI. Source diff and links are from the original.

Classification

Agency
CERT-FR
Published
March 23rd, 2026
Instrument
Notice
Legal weight
Non-binding
Stage
Final
Change scope
Substantive
Document ID
CERTFR-2026-AVI-0341

Who this affects

Applies to
Technology companies
Industry sector
3341 Computer & Electronics Manufacturing 5112 Software & Technology
Activity scope
Vulnerability Management Patch Management
Geographic scope
France FR

Taxonomy

Primary area
Cybersecurity
Operational domain
IT Security
Compliance frameworks
NIST CSF
Topics
Vulnerability Management Software Security

Browse Categories

Agriculture & Food Safety 61 Banking & Finance 230 Consumer Protection 40 Courts & Legal 315 Data Privacy & Cybersecurity 63 Defense & National Security 48 Education 20 Energy 104 Environment 83 Government & Legislation 259 Healthcare 131 Housing 15 Immigration 9 Insurance 56 Labor & Employment 111 Legal & Courts 1 Pharma & Drug Safety 97 Securities & Markets 78 Tax 63 Telecom & Technology 47 Trade & Sanctions 124 Transportation 56

Get Data Privacy & Cybersecurity alerts

Weekly digest. AI-summarized, no noise.

Free. Unsubscribe anytime.

Get alerts for this source

We'll email you when CERT-FR Security Advisories publishes new changes.

Free. Unsubscribe anytime.