Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8406

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8405

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2017-0213

Microsoft Windows Privilege Escalation Vulnerability: Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2017-0059

Microsoft Internet Explorer Information Disclosure Vulnerability: Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Edge and Internet Explorer

CVE-2017-0037

Microsoft Edge and Internet Explorer Type Confusion Vulnerability: Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

Related CWE: CWE-704

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Edge

CVE-2016-7201

Microsoft Edge Memory Corruption Vulnerability: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Edge

CVE-2016-7200

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2016-0189

Microsoft Internet Explorer Memory Corruption Vulnerability: The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Client-Server Run-time Subsystem (CSRSS)

CVE-2016-0151

Microsoft Windows CSRSS Security Feature Bypass Vulnerability: The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2016-0040

Microsoft Windows Kernel Privilege Escalation Vulnerability: The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2015-2426

Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2015-2419

Microsoft Internet Explorer Memory Corruption Vulnerability: JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Office

CVE-2015-1770

Microsoft Office Uninitialized Memory Use Vulnerability: Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

Related CWE: CWE-19

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Win32k

CVE-2013-3660

Microsoft Win32k Privilege Escalation Vulnerability: The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2013-2551

Microsoft Internet Explorer Use-After-Free Vulnerability: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Word

CVE-2012-2539

Microsoft Word Remote Code Execution Vulnerability: Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Ancillary Function Driver (afd.sys)

CVE-2011-2005

Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability: afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2010-4398

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-21

Additional Notes

Microsoft | Windows

CVE-2022-21999

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

Related CWEs: CWE-40| CWE-1386

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Graphics Device Interface (GDI)

CVE-2019-0903

Microsoft GDI Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates