Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

Microsoft — Vulnerabilities & Security Advisories 8424

Browse all 8424 CVE security advisories affecting Microsoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Microsoft operates as a global technology corporation primarily providing enterprise software, cloud computing services, and consumer electronics. Its extensive software portfolio, including Windows operating systems and Office suites, has historically been associated with a high volume of Common Vulnerabilities and Exposures (CVEs), currently totaling 8,272. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex legacy codebases and extensive feature sets. Notable security incidents include the 2021 SolarWinds supply chain compromise, which impacted Microsoft’s Orion platform, and various critical zero-day exploits in Internet Explorer and Edge browsers. The company maintains a dedicated security response team and regularly issues patches through Windows Update to mitigate these risks, though the sheer scale of its ecosystem continues to present significant attack surfaces for threat actors seeking unauthorized access or data exfiltration.

Top products by Microsoft: Windows 10 Version 1809 Windows Windows 10 Version 1507 Windows 10 Version 1607 Windows 10 Version 1803 Windows Server 2019 Microsoft 365 Apps for Enterprise Microsoft SharePoint Enterprise Server 2016 Microsoft Edge (Chromium-based) Microsoft Office 2019 Microsoft Edge Windows 7 Windows 11 Version 24H2 Windows 10 Version 2004 Windows 10 Version 20H2 Windows 10 Version 2004 for 32-bit Systems Azure Site Recovery VMWare to Azure Windows 10 Version 1703 Microsoft SQL Server 2017 (GDR) Windows Server 2022 Microsoft Office Windows Server 2016 Microsoft SharePoint Enterprise Server Internet Explorer 9 Windows 11 version 22H2 ChakraCore Internet Explorer 11 Windows Server 2008 R2 Service Pack 1 Windows 10 Version 21H2 Visual Studio Code
CVE IDTitleCVSSSeverityPublished
CVE-2026-23672 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability — Windows 10 Version 1607CWE-125 7.8 High2026-03-10
CVE-2026-23669 RPC Runtime Library Remote Code Execution Vulnerability — Windows 10 Version 1607CWE-416 8.8 High2026-03-10
CVE-2026-23671 Windows Bluetooth RFCOM Protocol Driver Elevation of Privilege Vulnerability — Windows 10 Version 1607CWE-362 7.0 High2026-03-10
CVE-2026-23668 Windows Graphics Component Elevation of Privilege Vulnerability — Windows 10 Version 1607CWE-362 7.0 High2026-03-10
CVE-2026-23667 Broadcast DVR Elevation of Privilege Vulnerability — Windows 10 Version 1809CWE-416 7.0 High2026-03-10
CVE-2026-23664 Azure IoT Explorer Information Disclosure Vulnerability — Azure IoT ExplorerCWE-923 7.5 High2026-03-10
CVE-2026-23660 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability — Windows Admin Center in Azure PortalCWE-284 7.8 High2026-03-10
CVE-2026-21262 SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2016 Service Pack 3 (GDR)CWE-284 8.8 High2026-03-10
CVE-2026-26125 Payment Orchestrator Service Elevation of Privilege Vulnerability — Payment Orchestrator ServiceCWE-306 8.6 High2026-03-05
CVE-2026-26122 Microsoft ACI Confidential Containers Information Disclosure Vulnerability — Microsoft ACI Confidential ContainersCWE-1188 6.5 Medium2026-03-05
CVE-2026-26124 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability — Microsoft ACI Confidential ContainersCWE-35 6.7 Medium2026-03-05
CVE-2026-21536 Microsoft Devices Pricing Program Remote Code Execution Vulnerability — Microsoft Devices Pricing ProgramCWE-434 9.8 Critical2026-03-05
CVE-2026-23651 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability — Microsoft ACI Confidential ContainersCWE-625 6.7 Medium2026-03-05
CVE-2026-2636 Denial of Service in Microsoft OS — Windows OSCWE-159 5.5 Medium2026-02-25
CVE-2026-21535 Microsoft Teams Information Disclosure Vulnerability — Microsoft TeamsCWE-284 8.2 High2026-02-19
CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution — semantic-kernelCWE-94 10.0 Critical2026-02-19
CVE-2026-26119 Windows Admin Center Elevation of Privilege Vulnerability — Windows Admin CenterCWE-287 8.8 High2026-02-17
CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability — Microsoft Edge (Chromium-based)CWE-359 3.1 Low2026-02-17
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability — Windows NotepadCWE-77 7.8 High2026-02-10
CVE-2026-20846 GDI+ Denial of Service Vulnerability — Microsoft Office for AndroidCWE-126 7.5 High2026-02-10
CVE-2026-21222 Windows Kernel Information Disclosure Vulnerability — Windows 10 Version 1607CWE-532 5.5 Medium2026-02-10
CVE-2026-21228 Azure Local Remote Code Execution Vulnerability — Azure LocalCWE-295 8.1 High2026-02-10
CVE-2026-21232 Windows HTTP.sys Elevation of Privilege Vulnerability — Windows 11 version 22H3CWE-822 7.8 High2026-02-10
CVE-2026-21231 Windows Kernel Elevation of Privilege Vulnerability — Windows 10 Version 1607CWE-362 7.8 High2026-02-10
CVE-2026-21237 Windows Subsystem for Linux Elevation of Privilege Vulnerability — Windows 10 Version 21H2CWE-362 7.0 High2026-02-10
CVE-2026-21238 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability — Windows 10 Version 1607CWE-284 7.8 High2026-02-10
CVE-2026-21239 Windows Kernel Elevation of Privilege Vulnerability — Windows 10 Version 1607CWE-122 7.8 High2026-02-10
CVE-2026-21241 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability — Windows 11 version 22H3CWE-416 7.0 High2026-02-10
CVE-2026-21240 Windows HTTP.sys Elevation of Privilege Vulnerability — Windows 10 Version 1809CWE-367 7.8 High2026-02-10
CVE-2026-21243 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability — Windows Server 2019CWE-476 7.5 High2026-02-10

This page lists every published CVE security advisory associated with Microsoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.