microsoft security advisories

41 threat alerts tracking vulnerabilities and security advisories that affect microsoft products.

Vulnios monitors microsoft CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent microsoft security news in one place, or click into an individual alert for full detail.

Critical Vulnerability: CVE-2016-7277 — microsoft — office
Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
criticalCVE-2016-7277
Critical Vulnerability: CVE-2016-7182 — microsoft — live_meeting, lync
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607;
criticalCVE-2016-7182
Critical Vulnerability: CVE-2016-3312 — microsoft — windows_10
ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Infor
criticalCVE-2016-3312
Critical Vulnerability: CVE-2016-3236 — microsoft — windows_10, windows_7
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT
criticalCVE-2016-3236
Critical Vulnerability: CVE-2016-3227 — microsoft — windows_server_2012
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Us
criticalCVE-2016-3227
Critical Vulnerability: CVE-2016-0088 — microsoft — windows_10, windows_8.1
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Exe
criticalCVE-2016-0088
Critical Vulnerability: CVE-2016-0132 — microsoft — .net_framework
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 mishandles signature validation for unspecified elements of XML documents, which allows remote attackers to spoof signature
criticalCVE-2016-0132
Critical Vulnerability: CVE-2016-0003 — microsoft — edge
Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Microsoft Edge Memory Corruption Vulnerability."
criticalCVE-2016-0003
Critical Vulnerability: CVE-2013-0022 — microsoft — internet_explorer, windows_7
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Internet Explorer
criticalCVE-2013-0022
Critical Vulnerability: CVE-2012-4787 — microsoft — internet_explorer, windows_7
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properl
criticalCVE-2012-4787
Critical Vulnerability: CVE-2012-1891 — microsoft — data_access_components, windows_xp
Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML da
criticalCVE-2012-1891
Critical Vulnerability: CVE-2011-2013 — microsoft — windows_7, windows_server_2008
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by s
criticalCVE-2011-2013
Critical Vulnerability: CVE-2011-0657 — microsoft — windows_2003_server, windows_7
DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not
criticalCVE-2011-0657
Critical Vulnerability: CVE-2009-2512 — microsoft — windows_server_2008, windows_vista
The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execut
criticalCVE-2009-2512
Critical Vulnerability: CVE-2009-2494 — microsoft — windows_2000, windows_server_2003
The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary co
criticalCVE-2009-2494
Critical Vulnerability: CVE-2008-4835 — microsoft — windows_2000, windows_server_2003
SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed va
criticalCVE-2008-4835
Critical Vulnerability: CVE-2008-3465 — microsoft — windows_2000, windows_2003_server
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a de
criticalCVE-2008-3465
Critical Vulnerability: CVE-2008-0081 — microsoft — excel, excel_viewer
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Ma
criticalCVE-2008-0081
Critical Vulnerability: CVE-2004-0847 — microsoft — asp.net
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash)
criticalCVE-2004-0847
Critical Vulnerability: CVE-2017-11899 — microsoft — windows_10, windows_server_2016
Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way untrusted files are handled, ak
criticalCVE-2017-11899
Critical Vulnerability: CVE-2017-11767 — microsoft — chakracore
ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption V
criticalCVE-2017-11767
Critical Vulnerability: CVE-2017-11771 — microsoft — windows_10, windows_7
The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 17
criticalCVE-2017-11771
Critical Vulnerability: CVE-2017-8686 — microsoft — windows_server_2012, windows_server_2016
The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failover server or cause the DHCP service to bec
criticalCVE-2017-8686
Critical Vulnerability: CVE-2017-8658 — microsoft — chakracore
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
criticalCVE-2017-8658
Critical Vulnerability: CVE-2017-0028 — microsoft — edge
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute
criticalCVE-2017-0028
Critical Vulnerability: CVE-2017-8589 — microsoft — windows_10, windows_7
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code
criticalCVE-2017-8589
Critical Vulnerability: CVE-2017-0252 — microsoft — edge
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This
criticalCVE-2017-0252
Critical Vulnerability: CVE-2017-0223 — microsoft — edge
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This
criticalCVE-2017-0223
Critical Vulnerability: CVE-2017-6517 — microsoft — skype
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system. This vulnerability exists due to the way .dll
criticalCVE-2017-6517
Critical Vulnerability: CVE-2017-0021 — microsoft — windows_10, windows_server_2016
Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Stru
criticalCVE-2017-0021
High Vulnerability: CVE-2004-0210 — microsoft — interix, windows_2000
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overf
highCVE-2004-0210
High Vulnerability: CVE-2002-0367 — microsoft — windows_2000, windows_nt
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges
highCVE-2002-0367
Critical Vulnerability: CVE-2000-1218 — microsoft — windows_2000, windows_98
The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts tha
criticalCVE-2000-1218
High Vulnerability: CVE-2009-0238 — microsoft — excel, excel_viewer
Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in
highCVE-2009-0238
Critical Vulnerability: CVE-2026-32169 — microsoft — azure_cloud_shell
Server-side request forgery (ssrf) in Azure Cloud Shell allows an unauthorized attacker to elevate privileges over a network.
criticalCVE-2026-32169
Critical Vulnerability: CVE-2026-32191 — microsoft — bing_images
Improper neutralization of special elements used in an os command ('os command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
criticalCVE-2026-32191
Critical Vulnerability: CVE-2026-32194 — microsoft — bing_images
Improper neutralization of special elements used in a command ('command injection') in Microsoft Bing Images allows an unauthorized attacker to execute code over a network.
criticalCVE-2026-32194
High Vulnerability: CVE-2012-1854 — microsoft — office, visual_basic_for_applications
Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Microsoft Visual Basic for Applications (VBA); and Summit Microsoft Visual Basic
highCVE-2012-1854
High Vulnerability: CVE-2023-21529 — microsoft — exchange_server
Microsoft Exchange Server Remote Code Execution Vulnerability
highCVE-2023-21529
High Vulnerability: CVE-2023-36424 — microsoft — windows_10_1507, windows_10_1607
Windows Common Log File System Driver Elevation of Privilege Vulnerability
highCVE-2023-36424
High Vulnerability: CVE-2025-60710 — microsoft — windows_11_25h2
Improper link resolution before file access ('link following') in Host Process for Windows Tasks allows an authorized attacker to elevate privileges locally.
highCVE-2025-60710

Track microsoft exposure across your environment

Vulnios automatically cross-references your asset inventory against new microsoft CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.

Start a free scan

microsoft security advisories

Critical Vulnerability: CVE-2016-7277 — microsoft — office

Critical Vulnerability: CVE-2016-7182 — microsoft — live_meeting, lync

Critical Vulnerability: CVE-2016-3312 — microsoft — windows_10

Critical Vulnerability: CVE-2016-3236 — microsoft — windows_10, windows_7

Critical Vulnerability: CVE-2016-3227 — microsoft — windows_server_2012

Critical Vulnerability: CVE-2016-0088 — microsoft — windows_10, windows_8.1

Critical Vulnerability: CVE-2016-0132 — microsoft — .net_framework

Critical Vulnerability: CVE-2016-0003 — microsoft — edge

Critical Vulnerability: CVE-2013-0022 — microsoft — internet_explorer, windows_7

Critical Vulnerability: CVE-2012-4787 — microsoft — internet_explorer, windows_7

Critical Vulnerability: CVE-2012-1891 — microsoft — data_access_components, windows_xp

Critical Vulnerability: CVE-2011-2013 — microsoft — windows_7, windows_server_2008

Critical Vulnerability: CVE-2011-0657 — microsoft — windows_2003_server, windows_7

Critical Vulnerability: CVE-2009-2512 — microsoft — windows_server_2008, windows_vista

Critical Vulnerability: CVE-2009-2494 — microsoft — windows_2000, windows_server_2003

Critical Vulnerability: CVE-2008-4835 — microsoft — windows_2000, windows_server_2003

Critical Vulnerability: CVE-2008-3465 — microsoft — windows_2000, windows_2003_server

Critical Vulnerability: CVE-2008-0081 — microsoft — excel, excel_viewer

Critical Vulnerability: CVE-2004-0847 — microsoft — asp.net

Critical Vulnerability: CVE-2017-11899 — microsoft — windows_10, windows_server_2016

Critical Vulnerability: CVE-2017-11767 — microsoft — chakracore

Critical Vulnerability: CVE-2017-11771 — microsoft — windows_10, windows_7

Critical Vulnerability: CVE-2017-8686 — microsoft — windows_server_2012, windows_server_2016

Critical Vulnerability: CVE-2017-8658 — microsoft — chakracore

Critical Vulnerability: CVE-2017-0028 — microsoft — edge

Critical Vulnerability: CVE-2017-8589 — microsoft — windows_10, windows_7

Critical Vulnerability: CVE-2017-0252 — microsoft — edge

Critical Vulnerability: CVE-2017-0223 — microsoft — edge

Critical Vulnerability: CVE-2017-6517 — microsoft — skype

Critical Vulnerability: CVE-2017-0021 — microsoft — windows_10, windows_server_2016

High Vulnerability: CVE-2004-0210 — microsoft — interix, windows_2000

High Vulnerability: CVE-2002-0367 — microsoft — windows_2000, windows_nt

Critical Vulnerability: CVE-2000-1218 — microsoft — windows_2000, windows_98

High Vulnerability: CVE-2009-0238 — microsoft — excel, excel_viewer

Critical Vulnerability: CVE-2026-32169 — microsoft — azure_cloud_shell

Critical Vulnerability: CVE-2026-32191 — microsoft — bing_images

Critical Vulnerability: CVE-2026-32194 — microsoft — bing_images

High Vulnerability: CVE-2012-1854 — microsoft — office, visual_basic_for_applications

High Vulnerability: CVE-2023-21529 — microsoft — exchange_server

High Vulnerability: CVE-2023-36424 — microsoft — windows_10_1507, windows_10_1607

High Vulnerability: CVE-2025-60710 — microsoft — windows_11_25h2

Track microsoft exposure across your environment