Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Advisory	Title	Published
CVE-2024-38103	CVE-2024-38103 Microsoft Edge (Chromium-based) Information Disclosure Vulnerability	July 25, 2024
CVE-2024-7000	Chromium: CVE-2024-7000 Use after free in CSS	July 25, 2024
CVE-2024-7001	Chromium: CVE-2024-7001 Inappropriate implementation in HTML	July 25, 2024
CVE-2024-7004	Chromium: CVE-2024-7004 Insufficient validation of untrusted input in Safe Browsing	July 25, 2024
CVE-2024-7003	Chromium: CVE-2024-7003 Inappropriate implementation in FedCM	July 25, 2024
CVE-2024-6991	Chromium: CVE-2024-6991 Use after free in Dawn	July 25, 2024
CVE-2024-6992	Chromium: CVE-2024-6992	July 25, 2024
CVE-2024-7005	Chromium: CVE-2024-7005 Insufficient validation of untrusted input in Safe Browsing	July 25, 2024
CVE-2024-6995	Chromium: CVE-2024-6995 Inappropriate implementation in Fullscreen	July 25, 2024
CVE-2024-6993	Chromium: CVE-2024-6993	July 25, 2024

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title	Description	Added
Microsoft Internet Explorer Use-After-Free Vulnerability	Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. CVE-2012-4792	July 23, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability	Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. CVE-2024-38112	July 9, 2024
Microsoft Windows Hyper-V Privilege Escalation Vulnerability	Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-38080	July 9, 2024
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability	Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-26169	June 13, 2024
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability	Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-30040	May 14, 2024
Microsoft DWM Core Library Privilege Escalation Vulnerability	Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. CVE-2024-30051	May 14, 2024
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability	Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. CVE-2024-29988	April 30, 2024
Microsoft Windows Print Spooler Privilege Escalation Vulnerability	Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions. CVE-2022-38028	April 23, 2024
Microsoft SharePoint Server Code Injection Vulnerability	Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. CVE-2023-24955	March 26, 2024
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability	Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. CVE-2024-21338	March 4, 2024
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability	Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2023-29360	February 29, 2024
Microsoft Exchange Server Privilege Escalation Vulnerability	Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. CVE-2024-21410	February 15, 2024
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability	Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-21412	February 13, 2024
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability	Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CVE-2024-21351	February 13, 2024
Microsoft SharePoint Server Privilege Escalation Vulnerability	Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges. CVE-2023-29357	January 10, 2024
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability	Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2023-36584	November 16, 2023
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability	Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36033	November 14, 2023
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability	Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2023-36036	November 14, 2023
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability	Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. CVE-2023-36025	November 14, 2023
Microsoft WordPad Information Disclosure Vulnerability	Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36563	October 10, 2023

By the Year

In 2024 there have been 761 vulnerabilities in Microsoft with an average score of 7.5 out of ten. Last year Microsoft had 1464 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.24.

Year	Vulnerabilities	Average Score
2024	761	7.51
2023	1464	7.27
2022	1297	7.44
2021	1111	7.45
2020	1207	7.26
2019	761	7.21
2018	580	6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-38103 5.9 - Medium - July 25, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Privacy violation

An improper access control vulnerability in GroupMe

CVE-2024-38164 9.6 - Critical - July 23, 2024

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.

Authorization

An improper restriction of excessive authentication attempts in GroupMe

CVE-2024-38176 8.1 - High - July 23, 2024

An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network.

Improper Restriction of Excessive Authentication Attempts

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-38156 6.1 - Medium - July 19, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

XSS

Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182

CVE-2024-6774 - July 16, 2024

Use after free in Screen Capture in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Navigation in Google Chrome prior to 126.0.6478.182

CVE-2024-6777 - July 16, 2024

Use after free in Navigation in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)

Race in DevTools in Google Chrome prior to 126.0.6478.182

CVE-2024-6778 - July 16, 2024

Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)

Use after free in Audio in Google Chrome prior to 126.0.6478.182

CVE-2024-6776 - July 16, 2024

Use after free in Audio in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Media Stream in Google Chrome prior to 126.0.6478.182

CVE-2024-6775 - July 16, 2024

Use after free in Media Stream in Google Chrome prior to 126.0.6478.182 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182

CVE-2024-6772 - July 16, 2024

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182

CVE-2024-6773 - July 16, 2024

Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182

CVE-2024-6779 - July 16, 2024

Out of bounds memory access in V8 in Google Chrome prior to 126.0.6478.182 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

Windows Text Services Framework Elevation of Privilege Vulnerability

CVE-2024-21417 8.8 - High - July 10, 2024

Windows Text Services Framework Elevation of Privilege Vulnerability

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text

CVE-2024-39684 - July 09, 2024

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer overflow vulnerability (when the file is parsed), leading to elevation of privilege.

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text

CVE-2024-38517 - July 09, 2024

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the `GenericReader::ParseNumber()` function of `include/rapidjson/reader.h` when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer underflow vulnerability (when the file is parsed), leading to elevation of privilege.

Microsoft Windows Server Backup Elevation of Privilege Vulnerability

CVE-2024-38013 6.7 - Medium - July 09, 2024

Microsoft Windows Server Backup Elevation of Privilege Vulnerability

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

CVE-2024-30061 7.3 - High - July 09, 2024

Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-28899 8.8 - High - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Windows NTLM Spoofing Vulnerability

CVE-2024-30081 7.1 - High - July 09, 2024

Windows NTLM Spoofing Vulnerability

Windows Cryptographic Services Security Feature Bypass Vulnerability

CVE-2024-30098 7.5 - High - July 09, 2024

Windows Cryptographic Services Security Feature Bypass Vulnerability

.NET and Visual Studio Remote Code Execution Vulnerability

CVE-2024-35264 8.1 - High - July 09, 2024

.NET and Visual Studio Remote Code Execution Vulnerability

Windows iSCSI Service Denial of Service Vulnerability

CVE-2024-35270 5.3 - Medium - July 09, 2024

Windows iSCSI Service Denial of Service Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-38088 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-38087 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21332 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21333 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21335 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21373 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21398 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21414 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21415 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21428 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37318 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37332 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-37331 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37969 8 - High - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37970 8 - High - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37974 8 - High - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37981 8 - High - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37986 8 - High - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-37987 8 - High - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CVE-2024-38015 7.5 - High - July 09, 2024

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Windows Image Acquisition Elevation of Privilege Vulnerability

CVE-2024-38022 7 - High - July 09, 2024

Windows Image Acquisition Elevation of Privilege Vulnerability

insecure temporary file

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38023 7.2 - High - July 09, 2024

Microsoft SharePoint Server Remote Code Execution Vulnerability

Marshaling, Unmarshaling

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38024 7.2 - High - July 09, 2024

Microsoft SharePoint Server Remote Code Execution Vulnerability

Marshaling, Unmarshaling

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

CVE-2024-38025 7.2 - High - July 09, 2024

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

Memory Corruption

Windows Filtering Platform Elevation of Privilege Vulnerability

CVE-2024-38034 7.8 - High - July 09, 2024

Windows Filtering Platform Elevation of Privilege Vulnerability

Windows Kernel Information Disclosure Vulnerability

CVE-2024-38041 5.5 - Medium - July 09, 2024

Windows Kernel Information Disclosure Vulnerability

PowerShell Elevation of Privilege Vulnerability

CVE-2024-38043 7.8 - High - July 09, 2024

PowerShell Elevation of Privilege Vulnerability

Windows Graphics Component Remote Code Execution Vulnerability

CVE-2024-38051 7.8 - High - July 09, 2024

Windows Graphics Component Remote Code Execution Vulnerability

Memory Corruption

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-38054 7.8 - High - July 09, 2024

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Memory Corruption

Microsoft Windows Codecs Library Information Disclosure Vulnerability

CVE-2024-38055 5.5 - Medium - July 09, 2024

Microsoft Windows Codecs Library Information Disclosure Vulnerability

Microsoft Windows Codecs Library Information Disclosure Vulnerability

CVE-2024-38056 5.5 - Medium - July 09, 2024

Microsoft Windows Codecs Library Information Disclosure Vulnerability

Win32k Elevation of Privilege Vulnerability

CVE-2024-38059 7.8 - High - July 09, 2024

Win32k Elevation of Privilege Vulnerability

Windows Imaging Component Remote Code Execution Vulnerability

CVE-2024-38060 8.8 - High - July 09, 2024

Windows Imaging Component Remote Code Execution Vulnerability

Memory Corruption

DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

CVE-2024-38061 7.5 - High - July 09, 2024

DCOM Remote Cross-Session Activation Elevation of Privilege Vulnerability

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

CVE-2024-38062 7.8 - High - July 09, 2024

Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

Windows TCP/IP Information Disclosure Vulnerability

CVE-2024-38064 7.5 - High - July 09, 2024

Windows TCP/IP Information Disclosure Vulnerability

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

CVE-2024-38071 7.5 - High - July 09, 2024

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

CVE-2024-38072 7.5 - High - July 09, 2024

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38077 9.8 - Critical - July 09, 2024

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

CVE-2024-38080 7.8 - High - July 09, 2024

Windows Hyper-V Elevation of Privilege Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2024-38085 7.8 - High - July 09, 2024

Windows Graphics Component Elevation of Privilege Vulnerability

Azure Kinect SDK Remote Code Execution Vulnerability

CVE-2024-38086 6.4 - Medium - July 09, 2024

Azure Kinect SDK Remote Code Execution Vulnerability

Microsoft WS-Discovery Denial of Service Vulnerability

CVE-2024-38091 7.5 - High - July 09, 2024

Microsoft WS-Discovery Denial of Service Vulnerability

Windows File Explorer Elevation of Privilege Vulnerability

CVE-2024-38100 7.8 - High - July 09, 2024

Windows File Explorer Elevation of Privilege Vulnerability

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

CVE-2024-38102 6.5 - Medium - July 09, 2024

Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

Windows Fax Service Remote Code Execution Vulnerability

CVE-2024-38104 8.8 - High - July 09, 2024

Windows Fax Service Remote Code Execution Vulnerability

Buffer Overflow

Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-38112 7.5 - High - July 09, 2024

Windows MSHTML Platform Spoofing Vulnerability

User Interface (UI) Misrepresentation of Critical Information

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-26184 6.8 - Medium - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Windows MultiPoint Services Remote Code Execution Vulnerability

CVE-2024-30013 8.8 - High - July 09, 2024

Windows MultiPoint Services Remote Code Execution Vulnerability

Microsoft SharePoint Server Information Disclosure Vulnerability

CVE-2024-32987 7.5 - High - July 09, 2024

Microsoft SharePoint Server Information Disclosure Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2024-30071 4.7 - Medium - July 09, 2024

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2024-30079 7.8 - High - July 09, 2024

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

.NET Core and Visual Studio Denial of Service Vulnerability

CVE-2024-30105 7.5 - High - July 09, 2024

.NET Core and Visual Studio Denial of Service Vulnerability

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

CVE-2024-35261 7.8 - High - July 09, 2024

Azure Network Watcher VM Extension Elevation of Privilege Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2024-35266 7.6 - High - July 09, 2024

Azure DevOps Server Spoofing Vulnerability

Azure DevOps Server Spoofing Vulnerability

CVE-2024-35267 7.6 - High - July 09, 2024

Azure DevOps Server Spoofing Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-35271 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-35272 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-20701 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21303 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21308 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

CVE-2024-38048 6.5 - Medium - July 09, 2024

Windows Network Driver Interface Specification (NDIS) Denial of Service Vulnerability

Out-of-bounds Read

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-38065 6.8 - Medium - July 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Memory Corruption

BitLocker Security Feature Bypass Vulnerability

CVE-2024-38058 6.8 - Medium - July 09, 2024

BitLocker Security Feature Bypass Vulnerability

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-38057 7.8 - High - July 09, 2024

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

CVE-2024-38053 8.8 - High - July 09, 2024

Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability

Dangling pointer

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-38052 7.8 - High - July 09, 2024

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Windows Workstation Service Elevation of Privilege Vulnerability

CVE-2024-38050 7.8 - High - July 09, 2024

Windows Workstation Service Elevation of Privilege Vulnerability

Integer underflow

Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability

CVE-2024-38049 8.1 - High - July 09, 2024

Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability

Externally Controlled Reference to a Resource in Another Sphere

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

CVE-2024-21317 8.8 - High - July 09, 2024

SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability

Microsoft Xbox Remote Code Execution Vulnerability

CVE-2024-38032 7.1 - High - July 09, 2024

Microsoft Xbox Remote Code Execution Vulnerability

Memory Corruption

Windows Line Printer Daemon Service Denial of Service Vulnerability

CVE-2024-38027 6.5 - Medium - July 09, 2024

Windows Line Printer Daemon Service Denial of Service Vulnerability

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

CVE-2024-38028 7.2 - High - July 09, 2024

Microsoft Windows Performance Data Helper Library Remote Code Execution Vulnerability

Out-of-bounds Read

Windows Themes Spoofing Vulnerability

CVE-2024-38030 6.5 - Medium - July 09, 2024

Windows Themes Spoofing Vulnerability

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

CVE-2024-38031 7.5 - High - July 09, 2024

Windows Online Certificate Status Protocol (OCSP) Server Denial of Service Vulnerability

DHCP Server Service Remote Code Execution Vulnerability

CVE-2024-38044 7.2 - High - July 09, 2024

DHCP Server Service Remote Code Execution Vulnerability

Incorrect Conversion between Numeric Types

PowerShell Elevation of Privilege Vulnerability

CVE-2024-38047 7.8 - High - July 09, 2024

PowerShell Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

CVE-2024-38066 7.8 - High - July 09, 2024

Windows Win32k Elevation of Privilege Vulnerability

Dangling pointer

Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 103255 vulnerabilities

Microsoft Windows Server 20163188 vulnerabilities

Microsoft Windows Server 20192988 vulnerabilities

Microsoft Windows Server 20122340 vulnerabilities

Microsoft Windows Server 20082295 vulnerabilities

Microsoft Windows 71788 vulnerabilities

Microsoft Windows 8.11689 vulnerabilities

Microsoft Windows Rt 8 11558 vulnerabilities

Microsoft Windows 111319 vulnerabilities

Microsoft Windows Server 20221299 vulnerabilities

Microsoft Windows 10 1507498 vulnerabilities

Microsoft Office429 vulnerabilities

Microsoft Internet Explorer (IE)419 vulnerabilitiesPopular web browser for windows

Microsoft Windows Vista373 vulnerabilities

Microsoft Sharepoint Server347 vulnerabilities

Microsoft Windows XP323 vulnerabilities

Microsoft Windows Server283 vulnerabilities

Microsoft Windows Server 2003257 vulnerabilities

Microsoft Edge Browser243 vulnerabilitiesWeb Browser based on Chromium

Microsoft Windows 11 23h2238 vulnerabilities

Microsoft 365 Apps227 vulnerabilities

Microsoft Windows Server 2022 23h2197 vulnerabilities

Microsoft Windows 2003 Server161 vulnerabilities

Microsoft Edge Chromium152 vulnerabilities

Microsoft Excel123 vulnerabilitiesSpreadsheet Software

Microsoft Exchange Server123 vulnerabilities

Microsoft Windows 2000111 vulnerabilities

Microsoft Office Online Server101 vulnerabilities

Microsoft Visual Studio 201997 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Dynamics 36582 vulnerabilities

Microsoft Visual Studio 201781 vulnerabilities

Microsoft Office Long Term Servicing Channel81 vulnerabilities

Microsoft Word76 vulnerabilities

Microsoft Visual Studio 202266 vulnerabilities

Microsoft Office Compatibility Pack60 vulnerabilities

Microsoft Windows 10 21h159 vulnerabilities

Microsoft Net55 vulnerabilities

Microsoft Office Web Apps55 vulnerabilities

Microsoft Outlook55 vulnerabilities

Microsoft Windows Nt54 vulnerabilities

Microsoft Windows 853 vulnerabilities

Microsoft Visual Studio Code45 vulnerabilities

Microsoft Office Web Apps Server41 vulnerabilities

Microsoft Windows Rt40 vulnerabilities

Microsoft Azure Devops Server39 vulnerabilities

Microsoft Windows Server 20h239 vulnerabilities

Microsoft Visual Studio38 vulnerabilitiesDeveloper IDE

Microsoft SQL Server37 vulnerabilitiesDatabase Server

Microsoft Azure Site Recovery37 vulnerabilities

Microsoft Excel Viewer33 vulnerabilities

Microsoft .NET Core32 vulnerabilities

Microsoft Hevc Video Extensions32 vulnerabilities

Microsoft ASP.NET Core31 vulnerabilities

Microsoft Azure Sphere27 vulnerabilities

Microsoft Team Foundation Server23 vulnerabilities

Microsoft 3d Builder20 vulnerabilities

Microsoft Windows 10 190920 vulnerabilities

Microsoft Office Word Viewer20 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Windows Server 23h218 vulnerabilities

Microsoft Defender For Iot17 vulnerabilities

Microsoft Visio17 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft Powershell15 vulnerabilities

Microsoft Word Viewer14 vulnerabilities

Microsoft Remote Desktop14 vulnerabilities

Microsoft Dynamics 365 Business Central13 vulnerabilities

Microsoft Windows 10 151113 vulnerabilities

Microsoft Onedrive13 vulnerabilities

Microsoft Windows Server 200413 vulnerabilities

Microsoft Internet Information Server13 vulnerabilities

Microsoft Lync12 vulnerabilities

Microsoft Malware Protection Engine12 vulnerabilities

Microsoft Internet Explorer (IE)419 vulnerabilities
Popular web browser for windows

Microsoft Edge Browser243 vulnerabilities
Web Browser based on Chromium

Microsoft Excel123 vulnerabilities
Spreadsheet Software

Microsoft Visual Studio38 vulnerabilities
Developer IDE

Microsoft SQL Server37 vulnerabilities
Database Server