Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Do you want an email whenever new security vulnerabilities are reported in any Microsoft product?

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows 103339 vulnerabilities

Microsoft Windows Server 20163277 vulnerabilities

Microsoft Windows Server 20193077 vulnerabilities

Microsoft Windows Server 20122400 vulnerabilities

Microsoft Windows Server 20082345 vulnerabilities

Microsoft Windows 71790 vulnerabilities

Microsoft Windows 8.11691 vulnerabilities

Microsoft Windows Rt 8 11560 vulnerabilities

Microsoft Windows 111400 vulnerabilities

Microsoft Windows Server 20221390 vulnerabilities

Microsoft Windows 10 1507570 vulnerabilities

Microsoft Office438 vulnerabilities

Microsoft Internet Explorer (IE)419 vulnerabilities
Popular web browser for windows

Microsoft Windows Vista373 vulnerabilities

Microsoft Sharepoint Server352 vulnerabilities

Microsoft Windows XP323 vulnerabilities

Microsoft Windows 11 23h2318 vulnerabilities

Microsoft Windows Server283 vulnerabilities

Microsoft Windows Server 2003257 vulnerabilities

Microsoft Edge Browser250 vulnerabilities
Web Browser based on Chromium

Microsoft 365 Apps236 vulnerabilities

Microsoft Windows 2003 Server161 vulnerabilities

Microsoft Edge Chromium160 vulnerabilities

Microsoft Excel124 vulnerabilities
Spreadsheet Software

Microsoft Exchange Server123 vulnerabilities

Microsoft Windows 2000111 vulnerabilities

Microsoft Office Online Server102 vulnerabilities

Microsoft Visual Studio 201997 vulnerabilities

Microsoft Dynamics 36584 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Visual Studio 201781 vulnerabilities

Microsoft Windows 10 21h179 vulnerabilities

Microsoft Word76 vulnerabilities

Microsoft Windows 11 24h272 vulnerabilities

Microsoft Visual Studio 202269 vulnerabilities

Microsoft Net58 vulnerabilities

Microsoft Outlook57 vulnerabilities

Microsoft Office Web Apps55 vulnerabilities

Microsoft Windows Nt54 vulnerabilities

Microsoft Windows 853 vulnerabilities

Microsoft Windows Server 20h251 vulnerabilities

Microsoft Visual Studio Code45 vulnerabilities

Microsoft Windows Rt40 vulnerabilities

Microsoft Azure Devops Server39 vulnerabilities

Microsoft Visual Studio38 vulnerabilities
Developer IDE

Microsoft SQL Server37 vulnerabilities
Database Server

Microsoft Azure Site Recovery37 vulnerabilities

Microsoft Windows 10 190935 vulnerabilities

Microsoft Excel Viewer33 vulnerabilities

Microsoft .NET Core32 vulnerabilities

Microsoft ASP.NET Core31 vulnerabilities

Microsoft Windows Server 200427 vulnerabilities

Microsoft Azure Sphere27 vulnerabilities

Microsoft Sql Server 201625 vulnerabilities

Microsoft Sql Server 202225 vulnerabilities

Microsoft Sql Server 201725 vulnerabilities

Microsoft Sql Server 201925 vulnerabilities

Microsoft Windows 10 200425 vulnerabilities

Microsoft 3d Builder20 vulnerabilities

Microsoft Office Word Viewer20 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Windows Server 23h218 vulnerabilities

Microsoft Visio18 vulnerabilities

Microsoft Defender For Iot17 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft Remote Desktop15 vulnerabilities

Microsoft Powershell15 vulnerabilities

Microsoft Word Viewer14 vulnerabilities

Microsoft Windows 10 151113 vulnerabilities

Microsoft Onedrive13 vulnerabilities

Microsoft Powerpoint12 vulnerabilities

Microsoft Lync12 vulnerabilities

Microsoft Windows Server 180311 vulnerabilities

Microsoft Project11 vulnerabilities

Microsoft Windows 10 180311 vulnerabilities

Microsoft Teams11 vulnerabilities

Microsoft Skype For Business11 vulnerabilities

Microsoft 3d Viewer10 vulnerabilities

Microsoft Raw Image Extension10 vulnerabilities

Microsoft Azure Rtos Usbx10 vulnerabilities

Microsoft Azure Stack Hub10 vulnerabilities

Microsoft Security Essentials10 vulnerabilities

Microsoft Dynamics Nav9 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2024-43489 CVE-2024-43489 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability September 19, 2024
CVE-2024-43496 CVE-2024-43496 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability September 19, 2024
CVE-2024-8907 Chromium: CVE-2024-8907 Insufficient data validation in Omnibox September 19, 2024
CVE-2024-8906 Chromium: CVE-2024-8906 Incorrect security UI in Downloads September 19, 2024
CVE-2024-8905 Chromium: CVE-2024-8905 Inappropriate implementation in V8 September 19, 2024
CVE-2024-8909 Chromium: CVE-2024-8909 Inappropriate implementation in UI September 19, 2024
CVE-2024-8908 Chromium: CVE-2024-8908 Inappropriate implementation in Autofill September 19, 2024
CVE-2024-8904 Chromium: CVE-2024-8904 Type Confusion in V8 September 19, 2024
CVE-2024-38221 CVE-2024-38221 Microsoft Edge (Chromium-based) Spoofing Vulnerability September 19, 2024
CVE-2024-38207 CVE-2024-38207 Microsoft Edge (HTML-based) Memory Corruption Vulnerability September 19, 2024

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account. CVE-2020-0618 September 18, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112. CVE-2024-43461 September 16, 2024
Microsoft Publisher Security Feature Bypass Vulnerability Microsoft Publisher contains a security feature bypass vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files. CVE-2024-38226 September 10, 2024
Microsoft Windows Installer Privilege Escalation Vulnerability Microsoft Windows Installer contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2024-38014 September 10, 2024
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. CVE-2024-38217 September 10, 2024
Microsoft Windows Update Remote Code Execution Vulnerability Microsoft Windows Update contains an unspecified vulnerability that allows for remote code execution. CVE-2024-43491 September 10, 2024
Microsoft Exchange Server Information Disclosure Vulnerability Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. CVE-2021-31196 August 21, 2024
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file. CVE-2024-38213 August 13, 2024
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2024-38193 August 13, 2024
Microsoft Windows Kernel Privilege Escalation Vulnerability Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition. CVE-2024-38106 August 13, 2024
Microsoft Windows Scripting Engine Memory Corruption Vulnerability Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL. CVE-2024-38178 August 13, 2024
Microsoft Project Remote Code Execution Vulnerability Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file. CVE-2024-38189 August 13, 2024
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges. CVE-2024-38107 August 13, 2024
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. CVE-2018-0824 August 5, 2024
Microsoft Internet Explorer Use-After-Free Vulnerability Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. CVE-2012-4792 July 23, 2024
Microsoft Windows MSHTML Platform Spoofing Vulnerability Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. CVE-2024-38112 July 9, 2024
Microsoft Windows Hyper-V Privilege Escalation Vulnerability Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-38080 July 9, 2024
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-26169 June 13, 2024
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-30040 May 14, 2024
Microsoft DWM Core Library Privilege Escalation Vulnerability Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. CVE-2024-30051 May 14, 2024

By the Year

In 2024 there have been 1002 vulnerabilities in Microsoft with an average score of 7.5 out of ten. Last year Microsoft had 1464 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.26.

Year Vulnerabilities Average Score
2024 1002 7.53
2023 1464 7.27
2022 1299 7.44
2021 1111 7.45
2020 1207 7.26
2019 761 7.21
2018 580 6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2024-43489 6.5 - Medium - September 19, 2024

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Object Type Confusion

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

CVE-2024-43496 6.5 - Medium - September 19, 2024

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Memory Corruption

Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE-2024-38221 4.3 - Medium - September 19, 2024

Microsoft Edge (Chromium-based) Spoofing Vulnerability

XSS

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2024-38016 7.8 - High - September 19, 2024

Microsoft Office Visio Remote Code Execution Vulnerability

Authorization

Windows Kernel Information Disclosure Vulnerability

CVE-2024-37985 5.9 - Medium - September 17, 2024

Windows Kernel Information Disclosure Vulnerability

Processor Optimization Removal or Modification of Security-critical Code

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58

CVE-2024-8906 - September 17, 2024

Incorrect security UI in Downloads in Google Chrome prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58

CVE-2024-8907 - September 17, 2024

Insufficient data validation in Omnibox in Google Chrome on Android prior to 129.0.6668.58 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (XSS) via a crafted set of UI gestures. (Chromium security severity: Medium)

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58

CVE-2024-8905 - September 17, 2024

Inappropriate implementation in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58

CVE-2024-8909 - September 17, 2024

Inappropriate implementation in UI in Google Chrome on iOS prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58

CVE-2024-8908 - September 17, 2024

Inappropriate implementation in Autofill in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58

CVE-2024-8904 - September 17, 2024

Type Confusion in V8 in Google Chrome prior to 129.0.6668.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability

CVE-2024-43460 8.1 - High - September 17, 2024

Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network.

An improper access control vulnerability in GroupMe

CVE-2024-38183 8.8 - High - September 17, 2024

An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link.

XSPA

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800)

CVE-2024-45383 5 - Medium - September 12, 2024

A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability.

Improper Control of a Resource Through its Lifetime

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-38222 6.5 - Medium - September 12, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Incorrect Default Permissions

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137

CVE-2024-8637 8.8 - High - September 11, 2024

Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137

CVE-2024-8638 8.8 - High - September 11, 2024

Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Object Type Confusion

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137

CVE-2024-8639 8.8 - High - September 11, 2024

Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137

CVE-2024-8636 8.8 - High - September 11, 2024

Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Memory Corruption

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

CVE-2024-38231 7.5 - High - September 10, 2024

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

AuthZ

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37338 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Out-of-bounds Read

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVE-2024-37966 7.1 - High - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Out-of-bounds Read

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37335 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37340 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Untrusted Pointer Dereference

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-37339 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVE-2024-37337 7.1 - High - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Numeric Truncation Error

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

CVE-2024-37342 7.1 - High - September 10, 2024

Microsoft SQL Server Native Scoring Information Disclosure Vulnerability

Out-of-bounds Read

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-26186 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Dangling pointer

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

CVE-2024-26191 8.8 - High - September 10, 2024

Microsoft SQL Server Native Scoring Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38018 8.8 - High - September 10, 2024

Microsoft SharePoint Server Remote Code Execution Vulnerability

Marshaling, Unmarshaling

Azure Stack Hub Elevation of Privilege Vulnerability

CVE-2024-38216 9 - Critical - September 10, 2024

Azure Stack Hub Elevation of Privilege Vulnerability

Improper Input Validation

Azure Stack Hub Elevation of Privilege Vulnerability

CVE-2024-38220 9 - Critical - September 10, 2024

Azure Stack Hub Elevation of Privilege Vulnerability

Authorization

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

CVE-2024-38188 7.1 - High - September 10, 2024

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

insecure temporary file

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CVE-2024-38230 7.5 - High - September 10, 2024

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

Improper Input Validation

DHCP Server Service Denial of Service Vulnerability

CVE-2024-38236 7.5 - High - September 10, 2024

DHCP Server Service Denial of Service Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2024-38240 9.8 - Critical - September 10, 2024

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Out-of-bounds Read

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2024-38241 7.8 - High - September 10, 2024

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Improper Input Validation

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2024-38242 7.8 - High - September 10, 2024

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2024-38249 7.8 - High - September 10, 2024

Windows Graphics Component Elevation of Privilege Vulnerability

Dangling pointer

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2024-38250 7.8 - High - September 10, 2024

Windows Graphics Component Elevation of Privilege Vulnerability

Buffer Over-read

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2024-38252 7.8 - High - September 10, 2024

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Dangling pointer

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

CVE-2024-38253 7.8 - High - September 10, 2024

Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability

Windows Authentication Information Disclosure Vulnerability

CVE-2024-38254 6.2 - Medium - September 10, 2024

Windows Authentication Information Disclosure Vulnerability

Use of Uninitialized Resource

Windows Kernel-Mode Driver Information Disclosure Vulnerability

CVE-2024-38256 5.5 - Medium - September 10, 2024

Windows Kernel-Mode Driver Information Disclosure Vulnerability

Use of Uninitialized Resource

Microsoft Office Visio Remote Code Execution Vulnerability

CVE-2024-43463 7.8 - High - September 10, 2024

Microsoft Office Visio Remote Code Execution Vulnerability

Dangling pointer

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-43464 7.2 - High - September 10, 2024

Microsoft SharePoint Server Remote Code Execution Vulnerability

Marshaling, Unmarshaling

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-43467 7.5 - High - September 10, 2024

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Race Condition

Microsoft SQL Server Information Disclosure Vulnerability

CVE-2024-43474 7.6 - High - September 10, 2024

Microsoft SQL Server Information Disclosure Vulnerability

Improper Null Termination

Microsoft Outlook for iOS Information Disclosure Vulnerability

CVE-2024-43482 6.5 - Medium - September 10, 2024

Microsoft Outlook for iOS Information Disclosure Vulnerability

AuthZ

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

CVE-2024-43492 7.8 - High - September 10, 2024

Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability

Authorization

Microsoft Excel Elevation of Privilege Vulnerability

CVE-2024-43465 7.8 - High - September 10, 2024

Microsoft Excel Elevation of Privilege Vulnerability

Dangling pointer

Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2024-37965 8.8 - High - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Improper Input Validation

Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2024-37341 8.8 - High - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

Authorization

Windows Installer Elevation of Privilege Vulnerability

CVE-2024-38014 7.8 - High - September 10, 2024

Windows Installer Elevation of Privilege Vulnerability

Improper Privilege Management

PowerShell Elevation of Privilege Vulnerability

CVE-2024-38046 7.8 - High - September 10, 2024

PowerShell Elevation of Privilege Vulnerability

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2024-38217 5.4 - Medium - September 10, 2024

Windows Mark of the Web Security Feature Bypass Vulnerability

Protection Mechanism Failure

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

CVE-2024-38225 9.8 - Critical - September 10, 2024

Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability

authentification

Microsoft Publisher Security Feature Bypass Vulnerability

CVE-2024-38226 7.3 - High - September 10, 2024

Microsoft Publisher Security Feature Bypass Vulnerability

Protection Mechanism Failure

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38227 7.2 - High - September 10, 2024

Microsoft SharePoint Server Remote Code Execution Vulnerability

Command Injection

Microsoft SharePoint Server Remote Code Execution Vulnerability

CVE-2024-38228 7.2 - High - September 10, 2024

Microsoft SharePoint Server Remote Code Execution Vulnerability

Command Injection

Microsoft SQL Server Elevation of Privilege Vulnerability

CVE-2024-37980 8.8 - High - September 10, 2024

Microsoft SQL Server Elevation of Privilege Vulnerability

An authenticated attacker

CVE-2024-38194 9.9 - Critical - September 10, 2024

An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network.

Improper Input Validation

Windows libarchive Remote Code Execution Vulnerability

CVE-2024-43495 7.3 - High - September 10, 2024

Windows libarchive Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Microsoft is aware of a vulnerability in Servicing Stack

CVE-2024-43491 9.8 - Critical - September 10, 2024

Microsoft is aware of a vulnerability in Servicing Stack that has rolled back the fixes for some vulnerabilities affecting Optional Components on Windows 10, version 1507 (initial version released July 2015). This means that an attacker could exploit these previously mitigated vulnerabilities on Windows 10, version 1507 (Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB) systems that have installed the Windows security update released on March 12, 2024KB5035858 (OS Build 10240.20526) or other updates released until August 2024. All later versions of Windows 10 are not impacted by this vulnerability. This servicing stack vulnerability is addressed by installing the September 2024 Servicing stack update (SSU KB5043936) AND the September 2024 Windows security update (KB5043083), in that order. Note: Windows 10, version 1507 reached the end of support (EOS) on May 9, 2017 for devices running the Pro, Home, Enterprise, Education, and Enterprise IoT editions. Only Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB editions are still under support.

Dangling pointer

Windows Mark of the Web Security Feature Bypass Vulnerability

CVE-2024-43487 6.5 - Medium - September 10, 2024

Windows Mark of the Web Security Feature Bypass Vulnerability

Protection Mechanism Failure

Windows Security Zone Mapping Security Feature Bypass Vulnerability

CVE-2024-30073 7.8 - High - September 10, 2024

Windows Security Zone Mapping Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Microsoft Power Automate Desktop Remote Code Execution Vulnerability

CVE-2024-43479 8.5 - High - September 10, 2024

Microsoft Power Automate Desktop Remote Code Execution Vulnerability

Authorization

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

CVE-2024-43476 5.4 - Medium - September 10, 2024

Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability

XSS

Microsoft Windows Admin Center Information Disclosure Vulnerability

CVE-2024-43475 7.3 - High - September 10, 2024

Microsoft Windows Admin Center Information Disclosure Vulnerability

Buffer Over-read

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

CVE-2024-43470 7.3 - High - September 10, 2024

Azure Network Watcher VM Agent Elevation of Privilege Vulnerability

Azure CycleCloud Remote Code Execution Vulnerability

CVE-2024-43469 8.8 - High - September 10, 2024

Azure CycleCloud Remote Code Execution Vulnerability

Code Injection

Microsoft SharePoint Server Denial of Service Vulnerability

CVE-2024-43466 7.5 - High - September 10, 2024

Microsoft SharePoint Server Denial of Service Vulnerability

Marshaling, Unmarshaling

Windows MSHTML Platform Spoofing Vulnerability

CVE-2024-43461 8.8 - High - September 10, 2024

Windows MSHTML Platform Spoofing Vulnerability

User Interface (UI) Misrepresentation of Critical Information

Windows Networking Information Disclosure Vulnerability

CVE-2024-43458 7.7 - High - September 10, 2024

Windows Networking Information Disclosure Vulnerability

Use of Uninitialized Resource

Windows Setup and Deployment Elevation of Privilege Vulnerability

CVE-2024-43457 7.8 - High - September 10, 2024

Windows Setup and Deployment Elevation of Privilege Vulnerability

Unquoted Search Path or Element

Windows Remote Desktop Licensing Service Spoofing Vulnerability

CVE-2024-43455 9.8 - Critical - September 10, 2024

Windows Remote Desktop Licensing Service Spoofing Vulnerability

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-43454 7.1 - High - September 10, 2024

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Relative Path Traversal

Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

CVE-2024-38119 7.5 - High - September 10, 2024

Windows Network Address Translation (NAT) Remote Code Execution Vulnerability

Dangling pointer

Windows TCP/IP Remote Code Execution Vulnerability

CVE-2024-38045 8.1 - High - September 10, 2024

Windows TCP/IP Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38263 7.5 - High - September 10, 2024

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Sensitive Data Storage in Improperly Locked Memory

Windows Networking Denial of Service Vulnerability

CVE-2024-38232 7.5 - High - September 10, 2024

Windows Networking Denial of Service Vulnerability

NULL Pointer Dereference

Windows Networking Denial of Service Vulnerability

CVE-2024-38233 7.5 - High - September 10, 2024

Windows Networking Denial of Service Vulnerability

NULL Pointer Dereference

Windows Networking Denial of Service Vulnerability

CVE-2024-38234 6.5 - Medium - September 10, 2024

Windows Networking Denial of Service Vulnerability

Improper Input Validation

Windows Hyper-V Denial of Service Vulnerability

CVE-2024-38235 6.5 - Medium - September 10, 2024

Windows Hyper-V Denial of Service Vulnerability

Dangling pointer

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

CVE-2024-38237 7.8 - High - September 10, 2024

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2024-38238 7.8 - High - September 10, 2024

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2024-38239 7.2 - High - September 10, 2024

Windows Kerberos Elevation of Privilege Vulnerability

1390

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2024-38243 7.8 - High - September 10, 2024

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Improper Input Validation

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2024-38244 7.8 - High - September 10, 2024

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Improper Input Validation

Win32k Elevation of Privilege Vulnerability

CVE-2024-38246 7 - High - September 10, 2024

Win32k Elevation of Privilege Vulnerability

Stack Overflow

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

CVE-2024-38245 7.8 - High - September 10, 2024

Kernel Streaming Service Driver Elevation of Privilege Vulnerability

Windows TCP/IP Remote Code Execution Vulnerability

CVE-2024-21416 8.1 - High - September 10, 2024

Windows TCP/IP Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38260 8.8 - High - September 10, 2024

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

Use of Uninitialized Resource

Microsoft Management Console Remote Code Execution Vulnerability

CVE-2024-38259 8.8 - High - September 10, 2024

Microsoft Management Console Remote Code Execution Vulnerability

Dangling pointer

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2024-38247 7.8 - High - September 10, 2024

Windows Graphics Component Elevation of Privilege Vulnerability

Double-free

Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

CVE-2024-38258 7.5 - High - September 10, 2024

Windows Remote Desktop Licensing Service Information Disclosure Vulnerability

Relative Path Traversal

Microsoft AllJoyn API Information Disclosure Vulnerability

CVE-2024-38257 7.5 - High - September 10, 2024

Microsoft AllJoyn API Information Disclosure Vulnerability

Use of Uninitialized Resource

Windows Storage Elevation of Privilege Vulnerability

CVE-2024-38248 7 - High - September 10, 2024

Windows Storage Elevation of Privilege Vulnerability

Dangling pointer

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability

CVE-2024-41879 7.8 - High - August 26, 2024

Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Memory Corruption

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

CVE-2024-38207 6.3 - Medium - August 23, 2024

Microsoft Edge (HTML-based) Memory Corruption Vulnerability

Memory Corruption

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.