Microsoft Microsoft Makers of the Windows Operating System and hundreds of products that run on it.

Do you want an email whenever new security vulnerabilities are reported in any Microsoft product?

Products by Microsoft Sorted by Most Security Vulnerabilities since 2018

Microsoft Windows Server 20163082 vulnerabilities

Microsoft Windows Server 20192884 vulnerabilities

Microsoft Windows 102605 vulnerabilities

Microsoft Windows Server 20122234 vulnerabilities

Microsoft Windows Server 20082221 vulnerabilities

Microsoft Windows 71761 vulnerabilities

Microsoft Windows 8.11667 vulnerabilities

Microsoft Windows Rt 8 11536 vulnerabilities

Microsoft Windows Server 20221188 vulnerabilities

Microsoft Windows 11 21h2612 vulnerabilities

Microsoft Windows 11604 vulnerabilities

Microsoft Windows 11 22h2597 vulnerabilities

Microsoft Windows 10 1809586 vulnerabilities

Microsoft Windows 10 22h2578 vulnerabilities

Microsoft Windows 10 21h2575 vulnerabilities

Microsoft Windows 10 1607507 vulnerabilities

Microsoft Internet Explorer (IE)416 vulnerabilities
Popular web browser for windows

Microsoft Office407 vulnerabilities

Microsoft Windows 10 1507384 vulnerabilities

Microsoft Windows Vista349 vulnerabilities

Microsoft Windows XP319 vulnerabilities

Microsoft Windows Server283 vulnerabilities

Microsoft Sharepoint Server280 vulnerabilities

Microsoft Windows Server 2003249 vulnerabilities

Microsoft Windows 10 20h2237 vulnerabilities

Microsoft 365 Apps221 vulnerabilities

Microsoft ChakraCore189 vulnerabilities
ChakraCore is the core part of the Chakra JavaScript engine that powers Microsoft Edge

Microsoft Sharepoint Foundation180 vulnerabilities

Microsoft Windows 2003 Server160 vulnerabilities

Microsoft Edge Chromium152 vulnerabilities

Microsoft Ie149 vulnerabilities

Microsoft Windows 11 23h2141 vulnerabilities

Microsoft Exchange Server122 vulnerabilities

Microsoft Excel121 vulnerabilities
Spreadsheet Software

Microsoft Windows 2000109 vulnerabilities

Microsoft Office Online Server100 vulnerabilities

Microsoft Visual Studio 201995 vulnerabilities

Microsoft Office 365 Proplus84 vulnerabilities

Microsoft Dynamics 36580 vulnerabilities

Microsoft Visual Studio 201780 vulnerabilities

Microsoft Word70 vulnerabilities

Microsoft Edge Browser66 vulnerabilities
Web Browser based on Chromium

Microsoft Visual Studio 202261 vulnerabilities

Microsoft Windows Nt52 vulnerabilities

Microsoft Net52 vulnerabilities

Microsoft Office Web Apps52 vulnerabilities

Microsoft Outlook52 vulnerabilities

Microsoft Visual Studio Code45 vulnerabilities

Microsoft Windows 845 vulnerabilities

Microsoft Visual Studio38 vulnerabilities
Developer IDE

Microsoft Azure Devops Server37 vulnerabilities

Microsoft Azure Site Recovery37 vulnerabilities

Microsoft SQL Server36 vulnerabilities
Database Server

Microsoft Windows Rt33 vulnerabilities

Microsoft .NET Core32 vulnerabilities

Microsoft Windows 10 21h132 vulnerabilities

Microsoft ASP.NET Core31 vulnerabilities

Microsoft Excel Viewer29 vulnerabilities

Microsoft Azure Sphere27 vulnerabilities

Microsoft 3d Builder20 vulnerabilities

Microsoft Windows Server 20h219 vulnerabilities

Microsoft Powershell Core18 vulnerabilities

Microsoft Office Word Viewer17 vulnerabilities

Microsoft Windows Server 23h216 vulnerabilities

Microsoft Project Server16 vulnerabilities

Microsoft Defender For Iot16 vulnerabilities

Microsoft Visio16 vulnerabilities

Microsoft Powershell15 vulnerabilities

Microsoft Remote Desktop14 vulnerabilities

Microsoft Onedrive13 vulnerabilities

Microsoft Windows 9812 vulnerabilities

Microsoft Project11 vulnerabilities

Microsoft Lync11 vulnerabilities

Microsoft Skype For Business11 vulnerabilities

Microsoft 3d Viewer10 vulnerabilities

Microsoft Raw Image Extension10 vulnerabilities

Microsoft Word Viewer10 vulnerabilities

Microsoft Azure Rtos Usbx10 vulnerabilities

Microsoft Powerpoint9 vulnerabilities

Microsoft Dynamics Nav9 vulnerabilities

Microsoft Teams9 vulnerabilities

Recent Microsoft Security Advisories

Advisory Title Published
CVE-2024-4060 Chromium: CVE-2024-4060 Use after free in Dawn April 26, 2024
CVE-2024-4059 Chromium: CVE-2024-4059 Out of bounds read in V8 API April 26, 2024
CVE-2024-4058 Chromium: CVE-2024-4058 Type Confusion in ANGLE April 26, 2024
CVE-2024-29991 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability April 19, 2024
CVE-2024-3847 Chromium: CVE-2024-3847 Insufficient policy enforcement in WebUI April 18, 2024
CVE-2024-3846 Chromium: CVE-2024-3846 Inappropriate implementation in Prompts April 18, 2024
CVE-2024-3845 Chromium: CVE-2024-3845 Inappropriate implementation in Network April 18, 2024
CVE-2024-3844 Chromium: CVE-2024-3844 Inappropriate implementation in Extensions April 18, 2024
CVE-2024-3843 Chromium: CVE-2024-3843 Insufficient data validation in Downloads April 18, 2024
CVE-2024-3841 Chromium: CVE-2024-3841 Insufficient data validation in Browser Switcher April 18, 2024

Known Exploited Microsoft Vulnerabilities

The following Microsoft vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. CVE-2024-26169 June 13, 2024
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-30040 May 14, 2024
Microsoft DWM Core Library Privilege Escalation Vulnerability Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. CVE-2024-30051 May 14, 2024
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. CVE-2024-29988 April 30, 2024
Microsoft Windows Print Spooler Privilege Escalation Vulnerability Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions. CVE-2022-38028 April 23, 2024
Microsoft SharePoint Server Code Injection Vulnerability Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. CVE-2023-24955 March 26, 2024
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. CVE-2024-21338 March 4, 2024
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. CVE-2023-29360 February 29, 2024
Microsoft Exchange Server Privilege Escalation Vulnerability Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. CVE-2024-21410 February 15, 2024
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. CVE-2024-21351 February 13, 2024
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. CVE-2024-21412 February 13, 2024
Microsoft SharePoint Server Privilege Escalation Vulnerability Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges. CVE-2023-29357 January 10, 2024
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. CVE-2023-36584 November 16, 2023
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36033 November 14, 2023
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. CVE-2023-36036 November 14, 2023
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. CVE-2023-36025 November 14, 2023
Microsoft WordPad Information Disclosure Vulnerability Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. CVE-2023-36563 October 10, 2023
Microsoft Skype for Business Privilege Escalation Vulnerability Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-41763 October 10, 2023
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. CVE-2023-28229 October 4, 2023
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. CVE-2023-36802 September 12, 2023

By the Year

In 2024 there have been 455 vulnerabilities in Microsoft with an average score of 7.4 out of ten. Last year Microsoft had 1464 security vulnerabilities published. Right now, Microsoft is on track to have less security vulnerabilities in 2024 than it did last year. However, the average CVE base score of the vulnerabilities in 2024 is greater by 0.15.

Year Vulnerabilities Average Score
2024 455 7.42
2023 1464 7.27
2022 1297 7.44
2021 1111 7.45
2020 1207 7.26
2019 761 7.21
2018 580 6.89

It may take a day or so for new Microsoft vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Security Vulnerabilities

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-30080 9.8 - Critical - June 11, 2024

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Dangling pointer

Win32k Elevation of Privilege Vulnerability

CVE-2024-30030 7.8 - High - May 14, 2024

Win32k Elevation of Privilege Vulnerability

NULL Pointer Dereference

Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2024-30051 7.8 - High - May 14, 2024

Windows DWM Core Library Elevation of Privilege Vulnerability

Memory Corruption

Windows MSHTML Platform Security Feature Bypass Vulnerability

CVE-2024-30040 8.8 - High - May 14, 2024

Windows MSHTML Platform Security Feature Bypass Vulnerability

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-29997 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-29998 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-29999 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-30000 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-30001 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-30002 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-30003 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-30004 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

CVE-2024-30005 6.8 - Medium - May 14, 2024

Windows Mobile Broadband Driver Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78

CVE-2024-4059 - May 01, 2024

Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High)

Use after free in Dawn in Google Chrome prior to 124.0.6367.78

CVE-2024-4060 - May 01, 2024

Use after free in Dawn in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78

CVE-2024-4058 8.8 - High - May 01, 2024

Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)

Object Type Confusion

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE-2024-29991 5 - Medium - April 19, 2024

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

CVE-2024-29987 - April 18, 2024

Microsoft Edge (Chromium-based) Information Disclosure Vulnerability

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

CVE-2024-29986 5.4 - Medium - April 18, 2024

Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

Use after free in V8 in Google Chrome prior to 124.0.6367.60

CVE-2024-3914 - April 17, 2024

Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60

CVE-2024-3847 - April 17, 2024

Insufficient policy enforcement in WebUI in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60

CVE-2024-3846 - April 17, 2024

Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60

CVE-2024-3845 - April 17, 2024

Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low)

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60

CVE-2024-3844 - April 17, 2024

Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low)

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60

CVE-2024-3843 - April 17, 2024

Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60

CVE-2024-3841 - April 17, 2024

Insufficient data validation in Browser Switcher in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to inject scripts or HTML into a privileged page via a malicious file. (Chromium security severity: Medium)

Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60

CVE-2024-3840 - April 17, 2024

Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)

Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60

CVE-2024-3839 6.5 - Medium - April 17, 2024

Out of bounds read in Fonts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium)

Out-of-bounds Read

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60

CVE-2024-3838 5.5 - Medium - April 17, 2024

Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium)

Use after free in QUIC in Google Chrome prior to 124.0.6367.60

CVE-2024-3837 8.8 - High - April 17, 2024

Use after free in QUIC in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)

Dangling pointer

Use after free in Downloads in Google Chrome prior to 124.0.6367.60

CVE-2024-3834 8.8 - High - April 17, 2024

Use after free in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Dangling pointer

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60

CVE-2024-3833 - April 17, 2024

Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

Object corruption in V8 in Google Chrome prior to 124.0.6367.60

CVE-2024-3832 - April 17, 2024

Object corruption in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)

A vulnerability was reported in a system recovery bootloader

CVE-2024-23593 6.7 - Medium - April 15, 2024

A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.

A buffer overflow vulnerability was reported in a system recovery bootloader

CVE-2024-23594 6.4 - Medium - April 15, 2024

A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code.

Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122

CVE-2024-3157 - April 10, 2024

Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High)

Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122

CVE-2024-3516 - April 10, 2024

Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Use after free in Dawn in Google Chrome prior to 123.0.6312.122

CVE-2024-3515 - April 10, 2024

Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Azure CycleCloud Elevation of Privilege Vulnerability

CVE-2024-29993 8.8 - High - April 09, 2024

Azure CycleCloud Elevation of Privilege Vulnerability

Azure Identity Library for .NET Information Disclosure Vulnerability

CVE-2024-29992 5.5 - Medium - April 09, 2024

Azure Identity Library for .NET Information Disclosure Vulnerability

Azure Monitor Agent Elevation of Privilege Vulnerability

CVE-2024-29989 8.4 - High - April 09, 2024

Azure Monitor Agent Elevation of Privilege Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-29985 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-29984 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-29983 - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-29982 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Azure AI Search Information Disclosure Vulnerability

CVE-2024-29063 7.3 - High - April 09, 2024

Azure AI Search Information Disclosure Vulnerability

Windows Hyper-V Denial of Service Vulnerability

CVE-2024-29064 - April 09, 2024

Windows Hyper-V Denial of Service Vulnerability

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

CVE-2024-29066 7.2 - High - April 09, 2024

Windows Distributed File System (DFS) Remote Code Execution Vulnerability

SmartScreen Prompt Security Feature Bypass Vulnerability

CVE-2024-29988 8.8 - High - April 09, 2024

SmartScreen Prompt Security Feature Bypass Vulnerability

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

CVE-2024-29990 9 - Critical - April 09, 2024

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Windows USB Print Driver Elevation of Privilege Vulnerability

CVE-2024-26243 7 - High - April 09, 2024

Windows USB Print Driver Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

CVE-2024-26248 7.5 - High - April 09, 2024

Windows Kerberos Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-26210 8.8 - High - April 09, 2024

Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2024-26229 7.8 - High - April 09, 2024

Windows CSC Service Elevation of Privilege Vulnerability

Proxy Driver Spoofing Vulnerability

CVE-2024-26234 6.7 - Medium - April 09, 2024

Proxy Driver Spoofing Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2024-26235 7.8 - High - April 09, 2024

Windows Update Stack Elevation of Privilege Vulnerability

Windows Update Stack Elevation of Privilege Vulnerability

CVE-2024-26236 7 - High - April 09, 2024

Windows Update Stack Elevation of Privilege Vulnerability

Windows Defender Credential Guard Elevation of Privilege Vulnerability

CVE-2024-26237 7.8 - High - April 09, 2024

Windows Defender Credential Guard Elevation of Privilege Vulnerability

Windows Telephony Server Elevation of Privilege Vulnerability

CVE-2024-26242 7 - High - April 09, 2024

Windows Telephony Server Elevation of Privilege Vulnerability

Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

CVE-2024-26244 - April 09, 2024

Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability

Windows SMB Elevation of Privilege Vulnerability

CVE-2024-26245 7.8 - High - April 09, 2024

Windows SMB Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2024-26207 5.5 - Medium - April 09, 2024

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

CVE-2024-26208 7.2 - High - April 09, 2024

Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

CVE-2024-26211 - April 09, 2024

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

DHCP Server Service Denial of Service Vulnerability

CVE-2024-26212 7.5 - High - April 09, 2024

DHCP Server Service Denial of Service Vulnerability

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2024-26213 7 - High - April 09, 2024

Microsoft Brokering File System Elevation of Privilege Vulnerability

Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

CVE-2024-26214 8.8 - High - April 09, 2024

Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability

DHCP Server Service Denial of Service Vulnerability

CVE-2024-26215 7.5 - High - April 09, 2024

DHCP Server Service Denial of Service Vulnerability

Windows File Server Resource Management Service Elevation of Privilege Vulnerability

CVE-2024-26216 7.3 - High - April 09, 2024

Windows File Server Resource Management Service Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2024-26217 5.5 - Medium - April 09, 2024

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Windows Distributed File System (DFS) Information Disclosure Vulnerability

CVE-2024-26226 6.5 - Medium - April 09, 2024

Windows Distributed File System (DFS) Information Disclosure Vulnerability

Windows Cryptographic Services Security Feature Bypass Vulnerability

CVE-2024-26228 7.8 - High - April 09, 2024

Windows Cryptographic Services Security Feature Bypass Vulnerability

Windows Telephony Server Elevation of Privilege Vulnerability

CVE-2024-26230 7.8 - High - April 09, 2024

Windows Telephony Server Elevation of Privilege Vulnerability

Windows Telephony Server Elevation of Privilege Vulnerability

CVE-2024-26239 7.8 - High - April 09, 2024

Windows Telephony Server Elevation of Privilege Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-26240 8 - High - April 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Microsoft SharePoint Server Spoofing Vulnerability

CVE-2024-26251 6.8 - Medium - April 09, 2024

Microsoft SharePoint Server Spoofing Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

CVE-2024-26257 7.8 - High - April 09, 2024

Microsoft Excel Remote Code Execution Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-28924 6.7 - Medium - April 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-28925 8 - High - April 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-28941 8.8 - High - April 09, 2024

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Outlook for Windows Spoofing Vulnerability

CVE-2024-20670 8.1 - High - April 09, 2024

Outlook for Windows Spoofing Vulnerability

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-29062 7.1 - High - April 09, 2024

Secure Boot Security Feature Bypass Vulnerability

TOCTTOU

Secure Boot Security Feature Bypass Vulnerability

CVE-2024-29061 7.8 - High - April 09, 2024

Secure Boot Security Feature Bypass Vulnerability

Memory Corruption

Windows Authentication Elevation of Privilege Vulnerability

CVE-2024-29056 4.3 - Medium - April 09, 2024

Windows Authentication Elevation of Privilege Vulnerability

Use of a Broken or Risky Cryptographic Algorithm

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVE-2024-29054 7.2 - High - April 09, 2024

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Elevation of Privilege Vulnerability

CVE-2024-29055 7.2 - High - April 09, 2024

Microsoft Defender for IoT Elevation of Privilege Vulnerability

Microsoft Defender for IoT Remote Code Execution Vulnerability

CVE-2024-29053 8.8 - High - April 09, 2024

Microsoft Defender for IoT Remote Code Execution Vulnerability

Directory traversal

Windows Storage Elevation of Privilege Vulnerability

CVE-2024-29052 7.8 - High - April 09, 2024

Windows Storage Elevation of Privilege Vulnerability

Improper Privilege Management

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-29048 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-29046 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-29044 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-28944 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-28943 8.8 - High - April 09, 2024

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2024-28907 7.8 - High - April 09, 2024

Microsoft Brokering File System Elevation of Privilege Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-28927 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-28926 8.8 - High - April 09, 2024

Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

CVE-2024-28917 6.2 - Medium - April 09, 2024

Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

CVE-2024-28930 8.8 - High - April 09, 2024

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability

Microsoft Brokering File System Elevation of Privilege Vulnerability

CVE-2024-28904 7.8 - High - April 09, 2024

Microsoft Brokering File System Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Information Disclosure Vulnerability

CVE-2024-28900 5.5 - Medium - April 09, 2024

Windows Remote Access Connection Manager Information Disclosure Vulnerability

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.