Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Edge and Internet Explorer

CVE-2020-0878

Microsoft Edge and Internet Explorer Memory Corruption Vulnerability: Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2021-31955

Microsoft Windows Kernel Information Disclosure Vulnerability: Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.

Related CWE: CWE-497

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Defender

CVE-2021-1647

Microsoft Defender Remote Code Execution Vulnerability: Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

Related CWEs: CWE-122| CWE-1285

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2021-33739

Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability: Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2016-0185

Microsoft Windows Media Center Remote Code Execution Vulnerability: Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2020-0683

Microsoft Windows Installer Privilege Escalation Vulnerability: Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2020-17087

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-131

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2021-33742

Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

Related CWEs: CWE-787| CWE-823

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Enhanced Cryptographic Provider

CVE-2021-31199

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2021-33771

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2021-31956

Microsoft Windows NTFS Privilege Escalation Vulnerability: Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.

Related CWEs: CWE-191| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Enhanced Cryptographic Provider

CVE-2021-31201

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2021-31979

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2020-0938

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability: Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Exchange Server

CVE-2020-17144

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2020-0986

Microsoft Windows Kernel Privilege Escalation Vulnerability: Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2020-1020

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Open Management Infrastructure (OMI)

CVE-2021-38645

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Exchange Server

CVE-2021-34523

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Internet Information Services (IIS)

CVE-2017-7269

Microsoft Windows Server Buffer Overflow Vulnerability: Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates