Vulnerabilidades em Microsoft Corporation

865 resultados
Análise Vexday

Com 30 CVEs confirmadas em exploração ativa no catálogo CISA KEV, a Microsoft Corporation apresenta uma taxa de exploração 7,7 vezes acima da média geral do catálogo, o que indica exposição operacional significativamente elevada em relação ao universo de vendors monitorados. O tipo de falha mais recorrente é CWE-119 (corrupção de memória por escrita ou leitura fora dos limites), padrão historicamente associado a impacto elevado e exploração confiável em ambientes reais. A CVE mais perigosa atualmente ativa é CVE-2017-11882, com EPSS de 0,9995 — praticamente a probabilidade máxima de exploração —, sinalizando que esta vulnerabilidade específica deve ser tratada como prioridade imediata em qualquer programa de gestão de patches. A presença de 216 CVEs com prova de conceito pública, num universo total de 865 registros, amplia a superfície de risco para organizações que ainda não tenham aplicado as correções disponíveis.

CVE-2017-0062The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows EPSS 17.8%CVE-2017-0014The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 GolEPSS 17.6%CVE-2017-8565Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, WindoEPSS 17.5%CVE-2017-0294Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 15EPSS 17.4%CVE-2017-8744A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, MiEPSS 17.2%CVE-2017-8588Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, WindowEPSS 17.2%CVE-2017-11762The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and REPSS 17.1%CVE-2017-11763The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and REPSS 17.1%CVE-2017-8513A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "MicrEPSS 17.1%CVE-2017-0272The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows SEPSS 17.1%CVE-2017-8632A remote code execution vulnerability exists in Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 20EPSS 17.0%CVE-2017-0228A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, akaEPSS 17.0%CVE-2017-0247A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented onEPSS 16.9%CVE-2017-8692The Windows Uniscribe component on Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and EPSS 16.9%CVE-2017-8537The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SPEPSS 16.8%CVE-2017-8535The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SPEPSS 16.8%CVE-2017-8536The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SPEPSS 16.8%CVE-2018-0825StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1EPSS 16.8%CVE-2017-0053Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 SP3, Word 2010 SP2, Word 2013 SP1, Word 2013 R2 SP1, Word 2016, and WordEPSS 16.7%CVE-2017-0052Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackeEPSS 16.6%