Vulnerabilities in Microsoft

8,716 results
Vexday analysis

Com 8.642 CVEs catalogadas e 248 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração do portfólio Microsoft está 6,4 vezes acima da média geral do catálogo, o que indica exposição operacional significativamente elevada em relação ao universo de vendors monitorados. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade com alto potencial de execução arbitrária de código e historicamente difícil de mitigar em escala. A CVE mais crítica atualmente em exploração ativa é CVE-2019-0708, com EPSS de 1,0 — o valor máximo da escala —, sinalizando probabilidade de exploração praticamente certa no curto prazo e exigindo atenção prioritária em ambientes onde a correção ainda não foi aplicada. Os 561 registros surgidos nos últimos 90 dias, combinados com 320 CVEs com prova de conceito pública, reforçam a necessidade de ciclos de patching contínuos e monitoramento ativo de exposição.

CVE-2021-31985HIGHMicrosoft Defender Remote Code Execution VulnerabilityEPSS 7.8%CVE-2019-1236A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code ExecutEPSS 7.8%CVE-2024-49040HIGHMicrosoft Exchange Server Spoofing VulnerabilityEPSS 7.7%CVE-2020-0895A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine RemEPSS 7.7%CVE-2020-0847A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code ExecutEPSS 7.7%CVE-2019-1489An information disclosure vulnerability exists when the Windows Remote Desktop Protocol (RDP) fails to properly handle objects in memory, akEPSS 7.7%CVE-2020-1375An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of PriEPSS 7.7%CVE-2019-1485A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code ExecutEPSS 7.7%CVE-2019-0660An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows EPSS 7.7%CVE-2019-0616An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows EPSS 7.7%CVE-2019-0615An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows EPSS 7.7%CVE-2019-0602An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows EPSS 7.7%CVE-2019-0664An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows EPSS 7.7%CVE-2019-0619An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows EPSS 7.7%CVE-2019-0658An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'EPSS 7.7%CVE-2020-1065A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting EnginEPSS 7.7%CVE-2020-1037A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-bEPSS 7.7%CVE-2020-0812A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-bEPSS 7.7%CVE-2020-0683HIGHAn elevation of privilege vulnerability exists in the Windows Installer when MSI packages process symbolic links, aka 'Windows Installer EleEPSS 7.7%KEVCVE-2025-26670HIGHLightweight Directory Access Protocol (LDAP) Client Remote Code Execution VulnerabilityEPSS 7.7%