Vulnerabilidades em Microsoft Corporation

865 resultados

Análise Vexday

Com 30 CVEs confirmadas em exploração ativa no catálogo CISA KEV, a Microsoft Corporation apresenta uma taxa de exploração 7,7 vezes acima da média geral do catálogo, o que indica exposição operacional significativamente elevada em relação ao universo de vendors monitorados. O tipo de falha mais recorrente é CWE-119 (corrupção de memória por escrita ou leitura fora dos limites), padrão historicamente associado a impacto elevado e exploração confiável em ambientes reais. A CVE mais perigosa atualmente ativa é CVE-2017-11882, com EPSS de 0,9995 — praticamente a probabilidade máxima de exploração —, sinalizando que esta vulnerabilidade específica deve ser tratada como prioridade imediata em qualquer programa de gestão de patches. A presença de 216 CVEs com prova de conceito pública, num universo total de 865 registros, amplia a superfície de risco para organizações que ainda não tenham aplicado as correções disponíveis.

CVE-2018-0941—Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft Exchange Server 2016 Cumulative Update 8 allow an information disclosure vuEPSS 12.9%CVE-2017-0267—Microsoft Server Message Block 1.0 (SMBv1) allows an information disclosure vulnerability in the way that Microsoft Windows Server 2008 SP2 EPSS 12.7%CVE-2017-0034—A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memoEPSS 12.7%CVE-2017-11834—Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2EPSS 12.7%CVE-2017-0075—Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; WindowsEPSS 12.7%CVE-2017-11934—Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft Office 2016 allow an information disclosure vulnerability due to the EPSS 12.6%CVE-2017-8572—Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allowsEPSS 12.6%CVE-2017-0158—An elevation of privilege vulnerability exists when Microsoft Windows running on Windows 10, Windows 10 1511, Windows 8.1 Windows RT 8.1, anEPSS 12.6%CVE-2017-8555—Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge ContEPSS 12.5%CVE-2018-0919—Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Web Apps 2EPSS 12.1%CVE-2018-0853—Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, Microsoft Office 2016, and Microsoft Office 2016 Click-to-Run (C2R) allow aEPSS 12.0%CVE-2018-0772—Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, anEPSS 11.9%CVE-2018-0762—Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, anEPSS 11.9%CVE-2017-8741—Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2EPSS 11.9%CVE-2018-0930—ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objeEPSS 11.8%CVE-2017-8748—Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and MicrosEPSS 11.8%CVE-2018-0925—ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory EPSS 11.7%CVE-2018-0931—ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the ChakrEPSS 11.7%CVE-2017-8611—Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via EPSS 11.5%CVE-2017-0224—A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "ScEPSS 11.4%

← anteriorpágina 17 / 44próxima →