Vulnerabilidades em Microsoft Corporation

865 resultados
Análise Vexday

Com 30 CVEs confirmadas em exploração ativa no catálogo CISA KEV, a Microsoft Corporation apresenta uma taxa de exploração 7,7 vezes acima da média geral do catálogo, o que indica exposição operacional significativamente elevada em relação ao universo de vendors monitorados. O tipo de falha mais recorrente é CWE-119 (corrupção de memória por escrita ou leitura fora dos limites), padrão historicamente associado a impacto elevado e exploração confiável em ambientes reais. A CVE mais perigosa atualmente ativa é CVE-2017-11882, com EPSS de 0,9995 — praticamente a probabilidade máxima de exploração —, sinalizando que esta vulnerabilidade específica deve ser tratada como prioridade imediata em qualquer programa de gestão de patches. A presença de 216 CVEs com prova de conceito pública, num universo total de 865 registros, amplia a superfície de risco para organizações que ainda não tenham aplicado as correções disponíveis.

CVE-2017-0019Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted documenEPSS 16.6%CVE-2017-0006Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on SharePoint Server 2007 SP3 allow remote attackeEPSS 16.6%CVE-2018-0903Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execEPSS 16.6%CVE-2017-8757Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the cEPSS 16.4%CVE-2017-0020Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary codEPSS 16.4%CVE-2017-0055Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows ServerEPSS 16.4%CVE-2017-8631A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, MiEPSS 16.4%CVE-2017-0060The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows EPSS 15.9%CVE-2017-8619Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affEPSS 15.9%CVE-2018-0889Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting enEPSS 15.9%CVE-2018-0876Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting enEPSS 15.9%CVE-2018-0872ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, duEPSS 15.9%CVE-2018-0874ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, duEPSS 15.9%CVE-2017-0281Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2016, Office Online Server 2016, Office Web Apps 2010 SP2,Office Web AppEPSS 15.8%CVE-2018-0856Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles obEPSS 15.7%CVE-2018-0857Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, duEPSS 15.7%CVE-2018-0836Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles obEPSS 15.7%CVE-2017-0029Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hEPSS 15.6%CVE-2018-0873ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to hEPSS 15.6%CVE-2018-0937ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memEPSS 15.6%