Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Excel

CVE-2019-1297

Microsoft Excel Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-17

Additional Notes

Microsoft | Exchange Server

CVE-2018-8581

Microsoft Exchange Server Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-17

Additional Notes

Microsoft | Malware Protection Engine

CVE-2017-8540

Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2017-11826

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2017-0261

Microsoft Office Use-After-Free Vulnerability: Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Graphics Device Interface (GDI)

CVE-2017-0001

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Excel

CVE-2016-7262

Microsoft Office Security Feature Bypass Vulnerability: A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2016-7193

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2016-0099

Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2015-2545

Microsoft Office Malformed EPS File Vulnerability: Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | PowerPoint

CVE-2015-2424

Microsoft PowerPoint Memory Corruption Vulnerability: Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | ATM Font Driver

CVE-2015-2387

Microsoft ATM Font Driver Privilege Escalation Vulnerability: ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Win32k

CVE-2015-1701

Microsoft Win32k Privilege Escalation Vulnerability: An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2015-1642

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2014-4114

Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability: A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Windows

CVE-2013-5065

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Internet Explorer

CVE-2013-3897

Microsoft Internet Explorer Use-After-Free Vulnerability: A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Internet Explorer

CVE-2013-1347

Microsoft Internet Explorer Remote Code Execution Vulnerability: This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Office

CVE-2012-1856

Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability: The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Microsoft | Forefront Threat Management Gateway (TMG)

CVE-2011-1889

Microsoft Forefront TMG Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates