Vulnerabilities in Microsoft

8,716 results
Vexday analysis

Com 8.642 CVEs catalogadas e 248 confirmadas em exploração ativa pelo CISA KEV, a taxa de exploração do portfólio Microsoft está 6,4 vezes acima da média geral do catálogo, o que indica exposição operacional significativamente elevada em relação ao universo de vendors monitorados. O tipo de falha mais recorrente é CWE-416 (use-after-free), uma classe de vulnerabilidade com alto potencial de execução arbitrária de código e historicamente difícil de mitigar em escala. A CVE mais crítica atualmente em exploração ativa é CVE-2019-0708, com EPSS de 1,0 — o valor máximo da escala —, sinalizando probabilidade de exploração praticamente certa no curto prazo e exigindo atenção prioritária em ambientes onde a correção ainda não foi aplicada. Os 561 registros surgidos nos últimos 90 dias, combinados com 320 CVEs com prova de conceito pública, reforçam a necessidade de ciclos de patching contínuos e monitoramento ativo de exposição.

CVE-2018-8579An information disclosure vulnerability exists when attaching files to Outlook messages, aka "Microsoft Outlook Information Disclosure VulneEPSS 6.3%CVE-2022-30160HIGHWindows Advanced Local Procedure Call (ALPC) Elevation of Privilege VulnerabilityEPSS 6.3%CVE-2018-8422An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows EPSS 6.3%CVE-2020-1179An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows EPSS 6.3%CVE-2023-35644HIGHWindows Sysmain Service Elevation of Privilege VulnerabilityEPSS 6.3%CVE-2022-21849CRITICALWindows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution VulnerabilityEPSS 6.2%CVE-2023-28288HIGHMicrosoft SharePoint Server Spoofing VulnerabilityEPSS 6.2%CVE-2018-0952An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "DiaEPSS 6.2%CVE-2021-28324HIGHWindows SMB Information Disclosure VulnerabilityEPSS 6.2%CVE-2019-0821An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB InformationEPSS 6.2%CVE-2018-8598An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel InEPSS 6.2%CVE-2022-24547HIGHWindows Digital Media Receiver Elevation of Privilege VulnerabilityEPSS 6.2%CVE-2021-33771HIGHWindows Kernel Elevation of Privilege VulnerabilityEPSS 6.2%KEVCVE-2021-38665HIGHRemote Desktop Protocol Client Information Disclosure VulnerabilityEPSS 6.2%CVE-2019-1209An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'.EPSS 6.2%CVE-2020-1036A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticaEPSS 6.2%CVE-2018-8383A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This EPSS 6.2%CVE-2019-1233A denial of service vulnerability exists in Microsoft Exchange Server software when the software fails to properly handle objects in memory,EPSS 6.2%CVE-2020-1382An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows GraphiEPSS 6.2%CVE-2018-0987An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, akEPSS 6.2%