Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | HTTP.sys

CVE-2015-1635

Microsoft HTTP.sys Remote Code Execution Vulnerability: Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | Win32k

CVE-2022-21882

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-04
Due Date: 2022-02-18

Additional Notes

Microsoft | Windows

CVE-2020-0787

Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability: Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.

Related CWEs: CWE-269| CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

Microsoft | Internet Explorer

CVE-2014-1776

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

Microsoft | Win32k

CVE-2018-8453

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-21
Due Date: 2022-07-21

Additional Notes

Microsoft | Exchange Server

CVE-2021-33766

Microsoft Exchange Server Information Disclosure: Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-02-01

Additional Notes

Microsoft | Win32k

CVE-2019-1458

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-07-10

Additional Notes

Microsoft | WinVerifyTrust function

CVE-2013-3900

Microsoft WinVerifyTrust function Remote Code Execution: A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-07-10

Additional Notes

Microsoft | Windows

CVE-2021-43890

Microsoft Windows AppX Installer Spoofing Vulnerability: Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-15
Due Date: 2021-12-29

Additional Notes

Microsoft | Windows

CVE-2021-40449

Microsoft Windows Win32k Privilege Escalation Vulnerability: Unspecified vulnerability allows for an authenticated user to escalate privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-17
Due Date: 2021-12-01

Additional Notes

Microsoft | Exchange

CVE-2021-42321

Microsoft Exchange Server Remote Code Execution Vulnerability: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Related CWEs: CWE-184| CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-17
Due Date: 2021-12-01

Additional Notes

Microsoft | Office

CVE-2021-42292

Microsoft Excel Security Feature Bypass: A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.

Related CWE: CWE-357

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-17
Due Date: 2021-12-01

Additional Notes

Microsoft | Windows

CVE-2014-1812

Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability: Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

Related CWE: CWE-255

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Open Management Infrastructure (OMI)

CVE-2021-38647

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

Related CWE: CWE-1390

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Win32k

CVE-2016-0167

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Edge and Internet Explorer

CVE-2020-0878

Microsoft Edge and Internet Explorer Memory Corruption Vulnerability: Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2021-31955

Microsoft Windows Kernel Information Disclosure Vulnerability: Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.

Related CWE: CWE-497

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Defender

CVE-2021-1647

Microsoft Defender Remote Code Execution Vulnerability: Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

Related CWEs: CWE-122| CWE-1285

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2021-33739

Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability: Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2016-0185

Microsoft Windows Media Center Remote Code Execution Vulnerability: Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates