Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Known Exploited Vulnerabilities Catalog
Share:

Filters

  • Accellion
  • Qlik
  • Craft CMS
  • TeleMessage
  • ConnectWise
  • CrushFTP
  • OSGeo
  • ServiceNow
  • Dahua
  • PTZOptics
  • CyberPersons
  • Cleo
  • Reolink
  • NUUO
  • BeyondTrust
  • Paessler
  • Hitachi Vantara
  • Advantive
  • Commvault
  • GeoVision
  • ASUS
  • Unitronics
  • FXC
  • Spreadsheet::ParseExcel
  • Joomla!
  • Sunhillo
  • Nice
  • NextGen Healthcare
  • Justice AV Solutions
  • Check Point
  • PHP Group
  • Twilio
  • Acronis
  • Versa
  • Kingsoft
  • ScienceLogic
  • Nostromo
  • Metabase
  • Array Networks
  • North Grid
  • ProjectSend
  • Acclaim Systems
  • JQuery
  • Audinate
  • 7-Zip
  • Trimble
  • SimpleHelp
  • tj-actions
  • NAKIVO
  • Edimax
  • reviewdog
  • Gladinet
  • Broadcom
  • Qualitia
  • Yiiframework
  • Langflow
  • FreeType
  • ZKTeco
  • Srimax
  • MDaemon
  • Erlang
  • Wazuh
  • AMI
  • ownCloud
  • Adobe
  • Alcatel
  • Amcrest
  • Android
  • Apache
  • Apple
  • Arcadyan
  • Arcserve
  • Arm
  • Artifex
  • Atlassian
  • Aviatrix
  • Barracuda Networks
  • BQE
  • Cacti
  • ChakraCore
  • Checkbox
  • Cisco
  • Citrix
  • Code Aurora
  • Crestron
  • CWP
  • D-Link
  • D-Link and TRENDnet
  • Dasan
  • Dell
  • Delta Electronics
  • Docker
  • dotCMS
  • DotNetNuke (DNN)
  • DrayTek
  • Drupal
  • Elastic
  • Embedthis
  • Exim
  • EyesOfNetwork
  • F5
  • FatPipe
  • ForgeRock
  • Fortinet
  • Fortra
  • Fuel CMS
  • GIGABYTE
  • GitLab
  • GNU
  • Google
  • Grafana Labs
  • Grandstream
  • Hewlett Packard (HP)
  • Hikvision
  • IBM
  • IETF
  • Ignite Realtime
  • ImageMagick
  • InduSoft
  • Intel
  • Ivanti
  • Jenkins
  • JetBrains
  • Juniper
  • Kaseya
  • Kentico
  • Laravel
  • LG
  • Liferay
  • Linux
  • McAfee
  • MediaTek
  • Meta Platforms
  • Micro Focus
  • (-) Remove filterMicrosoft
  • MikroTik
  • MinIO
  • Mitel
  • MongoDB
  • Mozilla
  • Nagios
  • NETGEAR
  • Netis
  • Netwrix
  • Novi Survey
  • Npm package
  • October CMS
  • OpenBSD
  • OpenSSL
  • Oracle
  • Palo Alto Networks
  • PaperCut
  • PEAR
  • Perl
  • PHP
  • phpMyAdmin
  • PHPUnit
  • Pi-hole
  • PlaySMS
  • Plex
  • Primetek
  • Progress
  • Pulse Secure
  • QNAP
  • QNAP Systems
  • Qualcomm
  • Quest
  • Rails
  • RARLAB
  • rConfig
  • Realtek
  • Red Hat
  • Redis
  • Rejetto
  • Roundcube
  • Ruckus Wireless
  • SaltStack
  • Samba
  • Samsung
  • SAP
  • Schneider Electric
  • Siemens
  • SIMalliance
  • Sitecore
  • SolarView
  • SolarWinds
  • Sonatype
  • SonicWall
  • Sophos
  • Sudo
  • SugarCRM
  • Sumavision
  • Symantec
  • Synacor
  • SysAid
  • TeamViewer
  • Teclib
  • Telerik
  • Tenda
  • TerraMaster
  • ThinkPHP
  • TIBCO
  • TP-Link
  • Treck TCP/IP stack
  • Trend Micro
  • Trihedral
  • TVT
  • Ubiquiti
  • Unraid
  • vBulletin
  • Veeam
  • Veritas
  • VMware
  • VMware Tanzu
  • WatchGuard
  • WebKitGTK
  • Webmin
  • WebRTC
  • WordPress
  • WSO2
  • XStream
  • Yealink
  • Zabbix
  • ZK Framework
  • Zoho
  • Zyxel
No result
Reset

Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License


Showing 1 - 335 of 335
Filters:
  • (-) Remove filterMicrosoft
  • Clear all filters
Microsoft | Windows

CVE-2025-33053

Microsoft Windows External Control of File Name or Path Vulnerability: Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-06-10
  • Due Date: 2025-07-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33053
Microsoft | Windows

CVE-2025-32709

Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-05-13
  • Due Date: 2025-06-03
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32709 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32709
Microsoft | Windows

CVE-2025-30397

Microsoft Windows Scripting Engine Type Confusion Vulnerability: Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-05-13
  • Due Date: 2025-06-03
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30397
Microsoft | Windows

CVE-2025-32706

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability: Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-05-13
  • Due Date: 2025-06-03
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32706 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32706
Microsoft | Windows

CVE-2025-32701

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability: Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-05-13
  • Due Date: 2025-06-03
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32701 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32701
Microsoft | Windows

CVE-2025-30400

Microsoft Windows DWM Core Library Use-After-Free Vulnerability: Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-05-13
  • Due Date: 2025-06-03
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30400 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30400
Microsoft | Windows

CVE-2025-24054

Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability: Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-04-17
  • Due Date: 2025-05-08
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24054
Microsoft | Windows

CVE-2025-29824

Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability: Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-04-08
  • Due Date: 2025-04-29
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29824
Microsoft | Windows

CVE-2025-24993

Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability: Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-11
  • Due Date: 2025-04-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24993
Microsoft | Windows

CVE-2025-24991

Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability: Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally.

Related CWE: CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-11
  • Due Date: 2025-04-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24991
Microsoft | Windows

CVE-2025-24985

Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability: Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.

Related CWEs: CWE-190| CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-11
  • Due Date: 2025-04-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24985
Microsoft | Windows

CVE-2025-24984

Microsoft Windows NTFS Information Disclosure Vulnerability: Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory.

Related CWE: CWE-532

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-11
  • Due Date: 2025-04-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24984
Microsoft | Windows

CVE-2025-24983

Microsoft Windows Win32k Use-After-Free Vulnerability: Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-11
  • Due Date: 2025-04-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24983
Microsoft | Windows

CVE-2025-26633

Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability: Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.

Related CWE: CWE-707

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-11
  • Due Date: 2025-04-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633 ; https://nvd.nist.gov/vuln/detail/CVE-2025-26633
Microsoft | Windows

CVE-2018-8639

Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability: Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-8639 ; https://nvd.nist.gov/vuln/detail/CVE-2018-8639
Microsoft | Partner Center

CVE-2024-49035

Microsoft Partner Center Improper Access Control Vulnerability: Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-25
  • Due Date: 2025-03-18
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49035
Microsoft | Power Pages

CVE-2025-24989

Microsoft Power Pages Improper Access Control Vulnerability: Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-21
  • Due Date: 2025-03-14
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24989 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24989
Microsoft | Windows

CVE-2025-21418

Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21418
Microsoft | Windows

CVE-2025-21391

Microsoft Windows Storage Link Following Vulnerability: Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21391
Microsoft | Office Outlook

CVE-2024-21413

Microsoft Outlook Improper Input Validation Vulnerability: Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-06
  • Due Date: 2025-02-27
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21413
Microsoft | .NET Framework

CVE-2024-29059

Microsoft .NET Framework Information Disclosure Vulnerability: Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.

Related CWE: CWE-209

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-04
  • Due Date: 2025-02-25
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29059
Microsoft | Windows

CVE-2025-21335

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-14
  • Due Date: 2025-02-04
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21335
Microsoft | Windows

CVE-2025-21334

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-14
  • Due Date: 2025-02-04
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21334
Microsoft | Windows

CVE-2025-21333

Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-14
  • Due Date: 2025-02-04
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21333
Microsoft | Windows

CVE-2024-35250

Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability : Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-12-16
  • Due Date: 2025-01-06
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 ; https://nvd.nist.gov/vuln/detail/CVE-2024-35250
Microsoft | Windows

CVE-2024-49138

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-12-10
  • Due Date: 2024-12-31
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49138
Microsoft | Windows

CVE-2024-43451

Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability: Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-12
  • Due Date: 2024-12-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43451
Microsoft | Windows

CVE-2024-49039

Microsoft Windows Task Scheduler Privilege Escalation Vulnerability: Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-12
  • Due Date: 2024-12-03
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49039
Microsoft | SharePoint

CVE-2024-38094

Microsoft SharePoint Deserialization Vulnerability: Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-10-22
  • Due Date: 2024-11-12
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094
Microsoft | Windows

CVE-2024-30088

Microsoft Windows Kernel TOCTOU Race Condition Vulnerability: Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-10-15
  • Due Date: 2024-11-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-30088
Microsoft | Windows

CVE-2024-43573

Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-10-08
  • Due Date: 2024-10-29
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43573
Microsoft | Windows

CVE-2024-43572

Microsoft Windows Management Console Remote Code Execution Vulnerability: Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-707

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-10-08
  • Due Date: 2024-10-29
Additional Notes
https://msrc.microsoft.com/update-guide/advisory/CVE-2024-43572 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43572
Microsoft | SQL Server

CVE-2020-0618

Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability: Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-18
  • Due Date: 2024-10-09
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2020-0618 ; https://nvd.nist.gov/vuln/detail/CVE-2020-0618
Microsoft | Windows

CVE-2024-43461

Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.

Related CWE: CWE-451

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-16
  • Due Date: 2024-10-07
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43461
Microsoft | Windows

CVE-2024-38217

Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-10
  • Due Date: 2024-10-01
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217; https://nvd.nist.gov/vuln/detail/CVE-2024-38217
Microsoft | Windows

CVE-2024-38014

Microsoft Windows Installer Improper Privilege Management Vulnerability: Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-10
  • Due Date: 2024-10-01
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014
Microsoft | Publisher

CVE-2024-38226

Microsoft Publisher Protection Mechanism Failure Vulnerability: Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-10
  • Due Date: 2024-10-01
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226
Microsoft | Exchange Server

CVE-2021-31196

Microsoft Exchange Server Information Disclosure Vulnerability: Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-21
  • Due Date: 2024-09-11
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-31196; https://nvd.nist.gov/vuln/detail/CVE-2021-31196
Microsoft | Windows

CVE-2024-38107

Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability: Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107; https://nvd.nist.gov/vuln/detail/CVE-2024-38107
Microsoft | Windows

CVE-2024-38106

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.

Related CWE: CWE-591

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106; https://nvd.nist.gov/vuln/detail/CVE-2024-38106
Microsoft | Windows

CVE-2024-38193

Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193; https://nvd.nist.gov/vuln/detail/CVE-2024-38193
Microsoft | Windows

CVE-2024-38213

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213; https://nvd.nist.gov/vuln/detail/CVE-2024-38213
Microsoft | Windows

CVE-2024-38178

Microsoft Windows Scripting Engine Memory Corruption Vulnerability: Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178; https://nvd.nist.gov/vuln/detail/CVE-2024-38178
Microsoft | Project

CVE-2024-38189

Microsoft Project Remote Code Execution Vulnerability : Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189; https://nvd.nist.gov/vuln/detail/CVE-2024-38189
Microsoft | Windows

CVE-2018-0824

Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability: Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-05
  • Due Date: 2024-08-26
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-0824; https://nvd.nist.gov/vuln/detail/CVE-2018-0824
Microsoft | Internet Explorer

CVE-2012-4792

Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2024-07-23
  • Due Date: 2024-08-13
Additional Notes
https://learn.microsoft.com/en-us/lifecycle/products/internet-explorer-11; https://nvd.nist.gov/vuln/detail/CVE-2012-4792
Microsoft | Windows

CVE-2024-38080

Microsoft Windows Hyper-V Privilege Escalation Vulnerability: Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-09
  • Due Date: 2024-07-30
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080; https://nvd.nist.gov/vuln/detail/CVE-2024-38080
Microsoft | Windows

CVE-2024-38112

Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

Related CWE: CWE-451

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-09
  • Due Date: 2024-07-30
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112; https://nvd.nist.gov/vuln/detail/CVE-2024-38112
Microsoft | Windows

CVE-2024-26169

Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability: Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2024-06-13
  • Due Date: 2024-07-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169; https://nvd.nist.gov/vuln/detail/CVE-2024-26169
Microsoft | Windows

CVE-2024-30040

Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-05-14
  • Due Date: 2024-06-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040; https://nvd.nist.gov/vuln/detail/CVE-2024-30040
Microsoft | DWM Core Library

CVE-2024-30051

Microsoft DWM Core Library Privilege Escalation Vulnerability: Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-05-14
  • Due Date: 2024-06-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051; https://nvd.nist.gov/vuln/detail/CVE-2024-30051
Microsoft | SmartScreen Prompt

CVE-2024-29988

Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability: Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-30
  • Due Date: 2024-05-21
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988; https://nvd.nist.gov/vuln/detail/CVE-2024-29988
Microsoft | Windows

CVE-2022-38028

Microsoft Windows Print Spooler Privilege Escalation Vulnerability : Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-23
  • Due Date: 2024-05-14
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028; https://nvd.nist.gov/vuln/detail/CVE-2022-38028
Microsoft | SharePoint Server

CVE-2023-24955

Microsoft SharePoint Server Code Injection Vulnerability: Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-26
  • Due Date: 2024-04-16
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955; https://nvd.nist.gov/vuln/detail/CVE-2023-24955
Microsoft | Windows

CVE-2024-21338

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability: Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-04
  • Due Date: 2024-03-25
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338; https://nvd.nist.gov/vuln/detail/CVE-2024-21338
Microsoft | Streaming Service

CVE-2023-29360

Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability: Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-29
  • Due Date: 2024-03-21
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 ;https://nvd.nist.gov/vuln/detail/CVE-2023-29360
Microsoft | Exchange Server

CVE-2024-21410

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-15
  • Due Date: 2024-03-07
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410
Microsoft | Windows

CVE-2024-21412

Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability: Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-13
  • Due Date: 2024-03-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412; https://nvd.nist.gov/vuln/detail/CVE-2024-21412
Microsoft | Windows

CVE-2024-21351

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-13
  • Due Date: 2024-03-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351
Microsoft | SharePoint Server

CVE-2023-29357

Microsoft SharePoint Server Privilege Escalation Vulnerability: Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

Related CWE: CWE-303

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-10
  • Due Date: 2024-01-31
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357; https://nvd.nist.gov/vuln/detail/CVE-2023-29357
Microsoft | Windows

CVE-2023-36584

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-16
  • Due Date: 2023-12-07
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36584
Microsoft | Windows

CVE-2023-36033

Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability: Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-14
  • Due Date: 2023-12-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36033 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36033
Microsoft | Windows

CVE-2023-36025

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-14
  • Due Date: 2023-12-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36025; https://nvd.nist.gov/vuln/detail/CVE-2023-36025
Microsoft | Windows

CVE-2023-36036

Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability: Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-14
  • Due Date: 2023-12-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36036 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36036
Microsoft | Skype for Business

CVE-2023-41763

Microsoft Skype for Business Privilege Escalation Vulnerability: Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-10
  • Due Date: 2023-10-31
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-41763; https://nvd.nist.gov/vuln/detail/CVE-2023-41763
Microsoft | WordPad

CVE-2023-36563

Microsoft WordPad Information Disclosure Vulnerability: Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-10
  • Due Date: 2023-10-31
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36563; https://nvd.nist.gov/vuln/detail/CVE-2023-36563
Microsoft | Windows CNG Key Isolation Service

CVE-2023-28229

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.

Related CWE: CWE-591

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-04
  • Due Date: 2023-10-25
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28229; https://nvd.nist.gov/vuln/detail/CVE-2023-28229
Microsoft | Word

CVE-2023-36761

Microsoft Word Information Disclosure Vulnerability: Microsoft Word contains an unspecified vulnerability that allows for information disclosure.

Related CWE: CWE-668

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-12
  • Due Date: 2023-10-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761; https://nvd.nist.gov/vuln/detail/CVE-2023-36761
Microsoft | Streaming Service Proxy

CVE-2023-36802

Microsoft Streaming Service Proxy Privilege Escalation Vulnerability: Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-12
  • Due Date: 2023-10-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802; https://nvd.nist.gov/vuln/detail/CVE-2023-36802
Microsoft | .NET Core and Visual Studio

CVE-2023-38180

Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability: Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-08-09
  • Due Date: 2023-08-30
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180; https://nvd.nist.gov/vuln/detail/CVE-2023-38180
Microsoft | Windows

CVE-2023-36884

Microsoft Windows Search Remote Code Execution Vulnerability: Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-07-17
  • Due Date: 2023-08-29
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884; https://nvd.nist.gov/vuln/detail/CVE-2023-36884
Microsoft | Windows

CVE-2023-32046

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046; https://nvd.nist.gov/vuln/detail/CVE-2023-32046
Microsoft | Windows

CVE-2023-32049

Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049; https://nvd.nist.gov/vuln/detail/CVE-2023-32049
Microsoft | Outlook

CVE-2023-35311

Microsoft Outlook Security Feature Bypass Vulnerability: Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311; https://nvd.nist.gov/vuln/detail/CVE-2023-35311
Microsoft | Windows

CVE-2023-36874

Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability: Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-11
  • Due Date: 2023-08-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874; https://nvd.nist.gov/vuln/detail/CVE-2023-36874
Microsoft | Win32k

CVE-2016-0165

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-22
  • Due Date: 2023-07-13
Additional Notes
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039; https://nvd.nist.gov/vuln/detail/CVE-2016-0165
Microsoft | Win32k

CVE-2023-29336

Microsoft Win32K Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-09
  • Due Date: 2023-05-30
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336; https://nvd.nist.gov/vuln/detail/CVE-2023-29336
Microsoft | Windows

CVE-2023-28252

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-11
  • Due Date: 2023-05-02
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252; https://nvd.nist.gov/vuln/detail/CVE-2023-28252
Microsoft | Windows

CVE-2019-1388

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability: Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-07
  • Due Date: 2023-04-28
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388; https://nvd.nist.gov/vuln/detail/CVE-2019-1388
Microsoft | Internet Explorer

CVE-2013-3163

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2023-03-30
  • Due Date: 2023-04-20
Additional Notes
https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163
Microsoft | Office

CVE-2023-23397

Microsoft Office Outlook Privilege Escalation Vulnerability: Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Related CWE: CWE-294

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-03-14
  • Due Date: 2023-04-04
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397
Microsoft | Windows

CVE-2023-24880

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-03-14
  • Due Date: 2023-04-04
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880; https://nvd.nist.gov/vuln/detail/CVE-2023-24880
Microsoft | Office

CVE-2023-21715

Microsoft Office Publisher Security Feature Bypass Vulnerability: Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-14
  • Due Date: 2023-03-07
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715; https://nvd.nist.gov/vuln/detail/CVE-2023-21715
Microsoft | Windows

CVE-2023-23376

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-14
  • Due Date: 2023-03-07
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376; https://nvd.nist.gov/vuln/detail/CVE-2023-23376
Microsoft | Windows

CVE-2023-21823

Microsoft Windows Graphic Component Privilege Escalation Vulnerability: Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-14
  • Due Date: 2023-03-07
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823; https://nvd.nist.gov/vuln/detail/CVE-2023-21823
Microsoft | Exchange Server

CVE-2022-41080

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-01-10
  • Due Date: 2023-01-31
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080; https://nvd.nist.gov/vuln/detail/CVE-2022-41080
Microsoft | Windows

CVE-2023-21674

Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability: Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-01-10
  • Due Date: 2023-01-31
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21674; https://nvd.nist.gov/vuln/detail/CVE-2023-21674
Microsoft | Defender

CVE-2022-44698

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Related CWE: CWE-755

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-12-13
  • Due Date: 2023-01-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698; https://nvd.nist.gov/vuln/detail/CVE-2022-44698
Microsoft | Windows

CVE-2022-41049

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Related CWE: CWE-274

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-14
  • Due Date: 2022-12-09
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41049; https://nvd.nist.gov/vuln/detail/CVE-2022-41049
Microsoft | Windows

CVE-2022-41091

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091; https://nvd.nist.gov/vuln/detail/CVE-2022-41091
Microsoft | Windows

CVE-2022-41073

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073; https://nvd.nist.gov/vuln/detail/CVE-2022-41073
Microsoft | Windows

CVE-2022-41125

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125; https://nvd.nist.gov/vuln/detail/CVE-2022-41125
Microsoft | Windows

CVE-2022-41128

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability: Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128; https://nvd.nist.gov/vuln/detail/CVE-2022-41128
Microsoft | Windows COM+ Event System Service

CVE-2022-41033

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability: Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-11
  • Due Date: 2022-11-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033; https://nvd.nist.gov/vuln/detail/CVE-2022-41033
Microsoft | Exchange Server

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082
Microsoft | Exchange Server

CVE-2022-41040

Microsoft Exchange Server Server-Side Request Forgery Vulnerability: Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41040
Microsoft | Windows

CVE-2010-2568

Microsoft Windows Remote Code Execution Vulnerability: Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568
Microsoft | Windows

CVE-2022-37969

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-14
  • Due Date: 2022-10-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969; https://nvd.nist.gov/vuln/detail/CVE-2022-37969
Microsoft | Active Directory

CVE-2022-26923

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-18
  • Due Date: 2022-09-08
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923
Microsoft | Windows

CVE-2022-21971

Microsoft Windows Runtime Remote Code Execution Vulnerability: Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-824

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-18
  • Due Date: 2022-09-08
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971; https://nvd.nist.gov/vuln/detail/CVE-2022-21971
Microsoft | Windows

CVE-2022-34713

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-09
  • Due Date: 2022-08-30
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713; https://nvd.nist.gov/vuln/detail/CVE-2022-34713
Microsoft | Windows

CVE-2022-22047

Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability: Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.

Related CWE: CWE-426

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-07-12
  • Due Date: 2022-08-02
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047; https://nvd.nist.gov/vuln/detail/CVE-2022-22047
Microsoft | Windows

CVE-2022-26925

Microsoft Windows LSA Spoofing Vulnerability: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch].
  • Date Added: 2022-07-01
  • Due Date: 2022-07-22
Additional Notes
WARNING: This update is required on all Microsoft Windows endpoints but if deployed to domain controllers without additional configuration changes the update breaks PIV/CAC authentication. Read CISA implementation guidance carefully before deploying to domain controllers.; https://nvd.nist.gov/vuln/detail/CVE-2022-26925
Microsoft | Windows

CVE-2022-30190

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Related CWE: CWE-610

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-14
  • Due Date: 2022-07-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-30190
Microsoft | Office

CVE-2013-1331

Microsoft Office Buffer Overflow Vulnerability: Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-1331
Microsoft | Internet Explorer

CVE-2012-4969

Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-4969
Microsoft | XML Core Services

CVE-2012-1889

Microsoft XML Core Services Memory Corruption Vulnerability: Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-1889
Microsoft | Windows

CVE-2012-0151

Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability: The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-0151
Microsoft | PowerPoint

CVE-2010-2572

Microsoft PowerPoint Buffer Overflow Vulnerability: Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-2572
Microsoft | Office

CVE-2009-0563

Microsoft Office Buffer Overflow Vulnerability: Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2009-0563
Microsoft | Office

CVE-2009-0557

Microsoft Office Object Record Corruption Vulnerability: Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2009-0557
Microsoft | Word

CVE-2006-2492

Microsoft Word Malformed Object Pointer Vulnerability: Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2006-2492
Microsoft | Windows

CVE-2016-3393

Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability: A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3393
Microsoft | Windows

CVE-2016-7256

Microsoft Windows Open Type Font Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7256
Microsoft | Silverlight

CVE-2016-0034

Microsoft Silverlight Runtime Remote Code Execution Vulnerability: Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted products are end-of-life and should be disconnected if still in use.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0034
Microsoft | Windows

CVE-2015-0016

Microsoft Windows TS WebProxy Directory Traversal Vulnerability: Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-0016
Microsoft | Internet Explorer

CVE-2015-0071

Microsoft Internet Explorer ASLR Bypass Vulnerability: Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-0071
Microsoft | Win32k

CVE-2015-2360

Microsoft Win32k Privilege Escalation Vulnerability: Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2360
Microsoft | Internet Explorer

CVE-2015-2425

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2425
Microsoft | Windows

CVE-2015-1769

Microsoft Windows Mount Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1769
Microsoft | Windows

CVE-2015-6175

Microsoft Windows Kernel Privilege Escalation Vulnerability: The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-6175
Microsoft | Windows

CVE-2015-1671

Microsoft Windows Remote Code Execution Vulnerability: A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.

Related CWE: CWE-19

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1671
Microsoft | Windows

CVE-2014-4148

Microsoft Windows Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-4148
Microsoft | Internet Explorer

CVE-2014-4123

Microsoft Internet Explorer Privilege Escalation Vulnerability: Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-4123
Microsoft | Internet Explorer

CVE-2014-2817

Microsoft Internet Explorer Privilege Escalation Vulnerability: Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-2817
Microsoft | Input Method Editor (IME) Japanese

CVE-2014-4077

Microsoft IME Japanese Privilege Escalation Vulnerability: Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-4077
Microsoft | Internet Explorer

CVE-2013-7331

Microsoft Internet Explorer Information Disclosure Vulnerability: An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-7331
Microsoft | Silverlight

CVE-2013-3896

Microsoft Silverlight Information Disclosure Vulnerability: Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-3896
Microsoft | Silverlight

CVE-2013-0074

Microsoft Silverlight Double Dereference Vulnerability: Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-0074
Microsoft | Windows

CVE-2018-8611

Microsoft Windows Kernel Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8611
Microsoft | SMBv1 server

CVE-2017-0147

Microsoft Windows SMBv1 Information Disclosure Vulnerability: The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0147
Microsoft | XML Core Services

CVE-2017-0022

Microsoft XML Core Services Information Disclosure Vulnerability: Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0022
Microsoft | Windows

CVE-2017-0005

Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability: The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0005
Microsoft | Internet Explorer

CVE-2017-0149

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0149
Microsoft | Internet Explorer

CVE-2017-0210

Microsoft Internet Explorer Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0210
Microsoft | Windows

CVE-2017-8543

Microsoft Windows Search Remote Code Execution Vulnerability: Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.

Related CWE: CWE-281

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-8543
Microsoft | Internet Explorer

CVE-2016-0162

Microsoft Internet Explorer Information Disclosure Vulnerability: An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0162
Microsoft | Internet Explorer and Edge

CVE-2016-3351

Microsoft Internet Explorer and Edge Information Disclosure Vulnerability: An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3351
Microsoft | Internet Explorer

CVE-2016-3298

Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability: An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3298
Microsoft | Windows

CVE-2020-1027

Microsoft Windows Kernel Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1027
Microsoft | Update Notification Manager

CVE-2020-0638

Microsoft Update Notification Manager Privilege Escalation Vulnerability: Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0638
Microsoft | Internet Explorer

CVE-2019-0676

Microsoft Internet Explorer Information Disclosure Vulnerability: An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0676
Microsoft | Windows

CVE-2019-0703

Microsoft Windows SMB Information Disclosure Vulnerability: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0703
Microsoft | Windows

CVE-2019-0880

Microsoft Windows Privilege Escalation Vulnerability: A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0880
Microsoft | Windows

CVE-2019-1385

Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1385
Microsoft | Windows

CVE-2019-1130

Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1130
Microsoft | Win32k

CVE-2018-8589

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8589
Microsoft | Win32k

CVE-2014-4113

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-04
  • Due Date: 2022-05-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-4113
Microsoft | Internet Explorer

CVE-2014-0322

Microsoft Internet Explorer Use-After-Free Vulnerability: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-04
  • Due Date: 2022-05-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-0322
Microsoft | Windows

CVE-2022-26904

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-25
  • Due Date: 2022-05-16
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-26904
Microsoft | Windows

CVE-2022-21919

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-1386

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-25
  • Due Date: 2022-05-16
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-21919
Microsoft | Win32k

CVE-2021-41357

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-25
  • Due Date: 2022-05-16
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-41357
Microsoft | Win32k

CVE-2021-40450

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-25
  • Due Date: 2022-05-16
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-40450
Microsoft | Windows

CVE-2022-22718

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-19
  • Due Date: 2022-05-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22718
Microsoft | Windows

CVE-2022-24521

Microsoft Windows CLFS Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWEs: CWE-787| CWE-1285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-13
  • Due Date: 2022-05-04
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-24521
Microsoft | Internet Explorer

CVE-2015-2502

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-13
  • Due Date: 2022-05-04
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2502
Microsoft | Active Directory

CVE-2021-42287

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-11
  • Due Date: 2022-05-02
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-42287
Microsoft | Active Directory

CVE-2021-42278

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-11
  • Due Date: 2022-05-02
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-42278
Microsoft | HTTP Protocol Stack

CVE-2021-31166

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability: Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-06
  • Due Date: 2022-04-27
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31166
Microsoft | SMBv1 server

CVE-2017-0148

Microsoft SMBv1 Server Remote Code Execution Vulnerability: The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-06
  • Due Date: 2022-04-27
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0148
Microsoft | Windows

CVE-2021-34484

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-31
  • Due Date: 2022-04-21
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-34484
Microsoft | Office

CVE-2021-38646

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability: Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38646
Microsoft | Windows

CVE-2021-34486

Microsoft Windows Event Tracing Privilege Escalation Vulnerability: Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-34486
Microsoft | Windows

CVE-2018-8440

Microsoft Windows Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8440
Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8406

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8406
Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8405

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8405
Microsoft | Windows

CVE-2017-0213

Microsoft Windows Privilege Escalation Vulnerability: Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0213
Microsoft | Internet Explorer

CVE-2017-0059

Microsoft Internet Explorer Information Disclosure Vulnerability: Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0059
Microsoft | Edge and Internet Explorer

CVE-2017-0037

Microsoft Edge and Internet Explorer Type Confusion Vulnerability: Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

Related CWE: CWE-704

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0037
Microsoft | Edge

CVE-2016-7201

Microsoft Edge Memory Corruption Vulnerability: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7201
Microsoft | Edge

CVE-2016-7200

Microsoft Edge Memory Corruption Vulnerability: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7200
Microsoft | Internet Explorer

CVE-2016-0189

Microsoft Internet Explorer Memory Corruption Vulnerability: The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0189
Microsoft | Client-Server Run-time Subsystem (CSRSS)

CVE-2016-0151

Microsoft Windows CSRSS Security Feature Bypass Vulnerability: The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0151
Microsoft | Windows

CVE-2016-0040

Microsoft Windows Kernel Privilege Escalation Vulnerability: The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0040
Microsoft | Windows

CVE-2015-2426

Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2426
Microsoft | Internet Explorer

CVE-2015-2419

Microsoft Internet Explorer Memory Corruption Vulnerability: JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2419
Microsoft | Office

CVE-2015-1770

Microsoft Office Uninitialized Memory Use Vulnerability: Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

Related CWE: CWE-19

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1770
Microsoft | Win32k

CVE-2013-3660

Microsoft Win32k Privilege Escalation Vulnerability: The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-3660
Microsoft | Internet Explorer

CVE-2013-2551

Microsoft Internet Explorer Use-After-Free Vulnerability: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-2551
Microsoft | Word

CVE-2012-2539

Microsoft Word Remote Code Execution Vulnerability: Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-2539
Microsoft | Ancillary Function Driver (afd.sys)

CVE-2011-2005

Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability: afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2011-2005
Microsoft | Windows

CVE-2010-4398

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-21
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-4398
Microsoft | Windows

CVE-2022-21999

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

Related CWEs: CWE-40| CWE-1386

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-21999
Microsoft | Graphics Device Interface (GDI)

CVE-2019-0903

Microsoft GDI Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0903
Microsoft | Windows

CVE-2018-8414

Microsoft Windows Shell Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8414
Microsoft | Internet Explorer Scripting Engine

CVE-2018-8373

Microsoft Scripting Engine Memory Corruption Vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8373
Microsoft | Windows

CVE-2017-0146

Microsoft Windows SMB Remote Code Execution Vulnerability: The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0146
Microsoft | Windows

CVE-2014-6332

Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability: OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-6332
Microsoft | Kerberos Key Distribution Center (KDC)

CVE-2014-6324

Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability: The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-6324
Microsoft | Windows

CVE-2019-1405

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1405
Microsoft | Windows

CVE-2019-1322

Microsoft Windows Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1322
Microsoft | Windows

CVE-2019-1315

Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1315
Microsoft | Windows

CVE-2019-1253

Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1253
Microsoft | Win32k

CVE-2019-1132

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1132
Microsoft | Windows

CVE-2019-1129

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1129
Microsoft | Task Scheduler

CVE-2019-1069

Microsoft Task Scheduler Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1069
Microsoft | Windows

CVE-2019-1064

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1064
Microsoft | Windows

CVE-2019-0841

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0841
Microsoft | Windows

CVE-2019-0543

Microsoft Windows Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0543
Microsoft | Win32k

CVE-2018-8120

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8120
Microsoft | Windows

CVE-2017-0101

Microsoft Windows Transaction Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0101
Microsoft | Windows

CVE-2016-3309

Microsoft Windows Kernel Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3309
Microsoft | Win32k

CVE-2015-2546

Microsoft Win32k Memory Corruption Vulnerability: The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2546
Microsoft | Windows

CVE-2021-41379

Microsoft Windows Installer Privilege Escalation Vulnerability: Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-1386

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-41379
Microsoft | Excel

CVE-2019-1297

Microsoft Excel Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1297
Microsoft | Exchange Server

CVE-2018-8581

Microsoft Exchange Server Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8581
Microsoft | Malware Protection Engine

CVE-2017-8540

Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Microsoft | Office

CVE-2017-11826

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-11826
Microsoft | Office

CVE-2017-0261

Microsoft Office Use-After-Free Vulnerability: Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0261
Microsoft | Graphics Device Interface (GDI)

CVE-2017-0001

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0001
Microsoft | Excel

CVE-2016-7262

Microsoft Office Security Feature Bypass Vulnerability: A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7262
Microsoft | Office

CVE-2016-7193

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7193
Microsoft | Windows

CVE-2016-0099

Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0099
Microsoft | Office

CVE-2015-2545

Microsoft Office Malformed EPS File Vulnerability: Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2545
Microsoft | PowerPoint

CVE-2015-2424

Microsoft PowerPoint Memory Corruption Vulnerability: Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2424
Microsoft | ATM Font Driver

CVE-2015-2387

Microsoft ATM Font Driver Privilege Escalation Vulnerability: ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-2387
Microsoft | Win32k

CVE-2015-1701

Microsoft Win32k Privilege Escalation Vulnerability: An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1701
Microsoft | Office

CVE-2015-1642

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1642
Microsoft | Windows

CVE-2014-4114

Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability: A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-4114
Microsoft | Windows

CVE-2013-5065

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-5065
Microsoft | Internet Explorer

CVE-2013-3897

Microsoft Internet Explorer Use-After-Free Vulnerability: A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-3897
Microsoft | Internet Explorer

CVE-2013-1347

Microsoft Internet Explorer Remote Code Execution Vulnerability: This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-1347
Microsoft | Office

CVE-2012-1856

Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability: The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-1856
Microsoft | Forefront Threat Management Gateway (TMG)

CVE-2011-1889

Microsoft Forefront TMG Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2011-1889
Microsoft | Office

CVE-2010-3333

Microsoft Office Stack-based Buffer Overflow Vulnerability: A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-3333
Microsoft | Windows

CVE-2010-0232

Microsoft Windows Kernel Exception Handler Vulnerability: The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-0232
Microsoft | Excel

CVE-2009-3129

Microsoft Excel Featheader Record Memory Corruption Vulnerability: Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2009-3129
Microsoft | Windows

CVE-2009-1123

Microsoft Windows Improper Input Validation Vulnerability: The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2009-1123
Microsoft | Windows

CVE-2004-0210

Microsoft Windows Privilege Escalation Vulnerability: A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2004-0210
Microsoft | Windows

CVE-2002-0367

Microsoft Windows Privilege Escalation Vulnerability: smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2002-0367
Microsoft | Office

CVE-2017-8570

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-25
  • Due Date: 2022-08-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-8570
Microsoft | Internet Explorer

CVE-2017-0222

Microsoft Internet Explorer Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-25
  • Due Date: 2022-08-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0222
Microsoft | Windows

CVE-2014-6352

Microsoft Windows Code Injection Vulnerability: Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-25
  • Due Date: 2022-08-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-6352
Microsoft | Internet Explorer

CVE-2019-0752

Microsoft Internet Explorer Type Confusion Vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-15
  • Due Date: 2022-08-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0752
Microsoft | Windows

CVE-2018-8174

Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-15
  • Due Date: 2022-08-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8174
Microsoft | Word

CVE-2014-1761

Microsoft Word Memory Corruption Vulnerability: Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-15
  • Due Date: 2022-08-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-1761
Microsoft | Graphics Component

CVE-2013-3906

Microsoft Graphics Component Memory Corruption Vulnerability: Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-15
  • Due Date: 2022-08-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-3906
Microsoft | Windows

CVE-2021-36934

Microsoft Windows SAM Local Privilege Escalation Vulnerability: If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.

Related CWE: CWE-1220

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-02-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-36934
Microsoft | SMBv3

CVE-2020-0796

Microsoft SMBv3 Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0796
Microsoft | Windows

CVE-2017-8464

Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability: Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-8464
Microsoft | Win32k

CVE-2017-0263

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0263
Microsoft | Office

CVE-2017-0262

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0262
Microsoft | SMBv1

CVE-2017-0145

Microsoft SMBv1 Remote Code Execution Vulnerability: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0145
Microsoft | SMBv1

CVE-2017-0144

Microsoft SMBv1 Remote Code Execution Vulnerability: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0144
Microsoft | HTTP.sys

CVE-2015-1635

Microsoft HTTP.sys Remote Code Execution Vulnerability: Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1635
Microsoft | Win32k

CVE-2022-21882

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-04
  • Due Date: 2022-02-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-21882
Microsoft | Windows

CVE-2020-0787

Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability: Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.

Related CWEs: CWE-269| CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-28
  • Due Date: 2022-07-28
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0787
Microsoft | Internet Explorer

CVE-2014-1776

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-28
  • Due Date: 2022-07-28
Additional Notes
https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-021?redirectedfrom=MSDN; https://nvd.nist.gov/vuln/detail/CVE-2014-1776
Microsoft | Win32k

CVE-2018-8453

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-21
  • Due Date: 2022-07-21
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8453
Microsoft | Exchange Server

CVE-2021-33766

Microsoft Exchange Server Information Disclosure: Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-18
  • Due Date: 2022-02-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-33766
Microsoft | Win32k

CVE-2019-1458

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-10
  • Due Date: 2022-07-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1458
Microsoft | WinVerifyTrust function

CVE-2013-3900

Microsoft WinVerifyTrust function Remote Code Execution: A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-10
  • Due Date: 2022-07-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-3900
Microsoft | Windows

CVE-2021-43890

Microsoft Windows AppX Installer Spoofing Vulnerability: Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-12-15
  • Due Date: 2021-12-29
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-43890
Microsoft | Windows

CVE-2021-40449

Microsoft Windows Win32k Privilege Escalation Vulnerability: Unspecified vulnerability allows for an authenticated user to escalate privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-17
  • Due Date: 2021-12-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-40449
Microsoft | Exchange

CVE-2021-42321

Microsoft Exchange Server Remote Code Execution Vulnerability: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.

Related CWEs: CWE-184| CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-17
  • Due Date: 2021-12-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-42321
Microsoft | Office

CVE-2021-42292

Microsoft Excel Security Feature Bypass: A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.

Related CWE: CWE-357

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-17
  • Due Date: 2021-12-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-42292
Microsoft | Windows

CVE-2014-1812

Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability: Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

Related CWE: CWE-255

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-1812
Microsoft | Open Management Infrastructure (OMI)

CVE-2021-38647

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

Related CWE: CWE-1390

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38647
Microsoft | Win32k

CVE-2016-0167

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0167
Microsoft | Edge and Internet Explorer

CVE-2020-0878

Microsoft Edge and Internet Explorer Memory Corruption Vulnerability: Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0878
Microsoft | Windows

CVE-2021-31955

Microsoft Windows Kernel Information Disclosure Vulnerability: Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.

Related CWE: CWE-497

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31955
Microsoft | Defender

CVE-2021-1647

Microsoft Defender Remote Code Execution Vulnerability: Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

Related CWEs: CWE-122| CWE-1285

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1647
Microsoft | Windows

CVE-2021-33739

Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability: Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-33739
Microsoft | Windows

CVE-2016-0185

Microsoft Windows Media Center Remote Code Execution Vulnerability: Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-0185
Microsoft | Windows

CVE-2020-0683

Microsoft Windows Installer Privilege Escalation Vulnerability: Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0683
Microsoft | Windows

CVE-2020-17087

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-131

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-17087
Microsoft | Windows

CVE-2021-33742

Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

Related CWEs: CWE-787| CWE-823

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-33742
Microsoft | Enhanced Cryptographic Provider

CVE-2021-31199

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31199
Microsoft | Windows

CVE-2021-33771

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-33771
Microsoft | Windows

CVE-2021-31956

Microsoft Windows NTFS Privilege Escalation Vulnerability: Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.

Related CWEs: CWE-191| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31956
Microsoft | Enhanced Cryptographic Provider

CVE-2021-31201

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31201
Microsoft | Windows

CVE-2021-31979

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31979
Microsoft | Windows

CVE-2020-0938

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability: Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0938
Microsoft | Exchange Server

CVE-2020-17144

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-17144
Microsoft | Windows

CVE-2020-0986

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0986
Microsoft | Windows

CVE-2020-1020

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability: Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1020
Microsoft | Open Management Infrastructure (OMI)

CVE-2021-38645

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38645
Microsoft | Exchange Server

CVE-2021-34523

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-34523
Microsoft | Internet Information Services (IIS)

CVE-2017-7269

Microsoft Windows Server Buffer Overflow Vulnerability: Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-7269
Microsoft | Windows

CVE-2021-36948

Microsoft Windows Update Medic Service Privilege Escalation Vulnerability: Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-36948
Microsoft | Open Management Infrastructure (OMI)

CVE-2021-38649

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38649
Microsoft | Exchange Server

CVE-2020-0688

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability: Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0688
Microsoft | Windows

CVE-2017-0143

Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability: Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0143
Microsoft | Win32k

CVE-2016-7255

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-7255
Microsoft | Remote Desktop Services

CVE-2019-0708

Microsoft Remote Desktop Services Remote Code Execution Vulnerability: Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0708
Microsoft | Exchange Server

CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-34473
Microsoft | Windows

CVE-2020-1464

Microsoft Windows Spoofing Vulnerability: Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files.

Related CWE: CWE-347

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1464
Microsoft | Win32k

CVE-2021-1732

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1732
Microsoft | Windows

CVE-2021-34527

Microsoft Windows Print Spooler Remote Code Execution Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-07-20
Additional Notes
Reference CISA's ED 21-04 (https://www.cisa.gov/news-events/directives/ed-21-04-mitigate-windows-print-spooler-service-vulnerability) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-04. https://nvd.nist.gov/vuln/detail/CVE-2021-34527
Microsoft | Exchange Server

CVE-2021-31207

Microsoft Exchange Server Security Feature Bypass Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

Related CWEs: CWE-20| CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-31207
Microsoft | Win32k

CVE-2019-0803

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0803
Microsoft | Hyper-V RemoteFX

CVE-2020-1040

Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability: Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1040
Microsoft | Win32k

CVE-2021-28310

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-28310
Microsoft | Windows

CVE-2020-1350

Microsoft Windows DNS Server Remote Code Execution Vulnerability: Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2020-07-24
Additional Notes
Reference CISA's ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350
Microsoft | Internet Explorer

CVE-2021-26411

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-26411
Microsoft | Win32k

CVE-2019-0859

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0859
Microsoft | MSHTML

CVE-2021-40444

Microsoft MSHTML Remote Code Execution Vulnerability: Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-40444
Microsoft | .NET Framework

CVE-2017-8759

Microsoft .NET Framework Remote Code Execution Vulnerability: Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-8759
Microsoft | Internet Explorer

CVE-2018-8653

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-8653
Microsoft | Win32k

CVE-2019-0797

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0797
Microsoft | Windows

CVE-2021-36942

Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

Related CWE: CWE-749

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-36942
Microsoft | Windows

CVE-2019-1215

Microsoft Windows Privilege Escalation Vulnerability: Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1215
Microsoft | Office

CVE-2018-0798

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-0798
Microsoft | Office

CVE-2018-0802

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-0802
Microsoft | MSCOMCTL.OCX

CVE-2012-0158

Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability: Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2012-0158
Microsoft | Office

CVE-2015-1641

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1641
Microsoft | Internet Explorer

CVE-2021-27085

Microsoft Internet Explorer Remote Code Execution Vulnerability: Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27085
Microsoft | MSHTML

CVE-2019-0541

Microsoft MSHTML Remote Code Execution Vulnerability: Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0541
Microsoft | Office

CVE-2017-11882

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-11882
Microsoft | Internet Explorer

CVE-2020-0674

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0674
Microsoft | Office

CVE-2021-27059

Microsoft Office Remote Code Execution Vulnerability: Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27059
Microsoft | Internet Explorer

CVE-2019-1367

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1367
Microsoft | Office and WordPad

CVE-2017-0199

Microsoft Office and WordPad Remote Code Execution Vulnerability: Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-0199
Microsoft | Internet Explorer

CVE-2020-1380

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1380
Microsoft | Internet Explorer

CVE-2019-1429

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

Related CWEs: CWE-416| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1429
Microsoft | Office

CVE-2017-11774

Microsoft Office Outlook Security Feature Bypass Vulnerability: Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2017-11774
Microsoft | Internet Explorer

CVE-2020-0968

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0968
Microsoft | Netlogon

CVE-2020-1472

Microsoft Netlogon Privilege Escalation Vulnerability: Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Related CWE: CWE-330

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2020-09-21
Additional Notes
Reference CISA's ED 20-04 (https://www.cisa.gov/news-events/directives/ed-20-04-mitigate-netlogon-elevation-privilege-vulnerability-august-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-04. https://nvd.nist.gov/vuln/detail/CVE-2020-1472
Microsoft | Exchange Server

CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26855
Microsoft | Exchange Server

CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858
Microsoft | Exchange Server

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Related CWE: CWE-39

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-27065
Microsoft | Win32k

CVE-2020-1054

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1054
Microsoft | Windows

CVE-2021-1675

Microsoft Windows Print Spooler Remote Code Execution Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1675
Microsoft | Windows

CVE-2021-34448

Microsoft Windows Scripting Engine Memory Corruption Vulnerability: Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-34448
Microsoft | Windows

CVE-2020-0601

Microsoft Windows CryptoAPI Spoofing Vulnerability: Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2020-01-29
Additional Notes
Reference CISA's ED 20-02 (https://www.cisa.gov/news-events/directives/ed-20-02-mitigate-windows-vulnerabilities-january-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-02. https://nvd.nist.gov/vuln/detail/CVE-2020-0601
Microsoft | SharePoint

CVE-2019-0604

Microsoft SharePoint Remote Code Execution Vulnerability: Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0604
Microsoft | .NET Framework

CVE-2020-0646

Microsoft .NET Framework Remote Code Execution Vulnerability: Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.

Related CWE: CWE-91

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0646
Microsoft | Win32k

CVE-2019-0808

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0808
Microsoft | Exchange Server

CVE-2021-26857

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-04-16
Additional Notes
Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26857
Microsoft | .NET Framework, SharePoint, Visual Studio

CVE-2020-1147

Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability: Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-1147
Microsoft | Windows

CVE-2019-1214

Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-1214
Microsoft | Office

CVE-2016-3235

Microsoft Office OLE DLL Side Loading Vulnerability: Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3235
Microsoft | Windows

CVE-2019-0863

Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability: Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-0863
Microsoft | Windows

CVE-2021-36955

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-36955
Microsoft | Open Management Infrastructure (OMI)

CVE-2021-38648

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

Related CWE: CWE-1390

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38648

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback