Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Windows

CVE-2018-8414

Microsoft Windows Shell Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Internet Explorer Scripting Engine

CVE-2018-8373

Microsoft Scripting Engine Memory Corruption Vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Windows

CVE-2017-0146

Microsoft Windows SMB Remote Code Execution Vulnerability: The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Windows

CVE-2014-6332

Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability: OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Kerberos Key Distribution Center (KDC)

CVE-2014-6324

Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability: The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Windows

CVE-2019-1405

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1322

Microsoft Windows Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1315

Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1253

Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2019-1132

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1129

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Task Scheduler

CVE-2019-1069

Microsoft Task Scheduler Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1064

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-0841

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-0543

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2018-8120

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2017-0101

Microsoft Windows Transaction Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2016-3309

Microsoft Windows Kernel Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2015-2546

Microsoft Win32k Memory Corruption Vulnerability: The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2021-41379

Microsoft Windows Installer Privilege Escalation Vulnerability: Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-1386

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-17

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates