Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

microsoft — Vulnerabilities & Security Advisories 8284

Browse all 8284 CVE security advisories affecting microsoft. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Microsoft operates as a global technology corporation primarily providing enterprise software, cloud computing services, and consumer electronics. Its extensive software portfolio, including Windows operating systems and Office suites, has historically been associated with a high volume of Common Vulnerabilities and Exposures (CVEs), currently totaling 8,272. Common vulnerability classes affecting these products include remote code execution, cross-site scripting, and privilege escalation, often stemming from complex legacy codebases and extensive feature sets. Notable security incidents include the 2021 SolarWinds supply chain compromise, which impacted Microsoft’s Orion platform, and various critical zero-day exploits in Internet Explorer and Edge browsers. The company maintains a dedicated security response team and regularly issues patches through Windows Update to mitigate these risks, though the sheer scale of its ecosystem continues to present significant attack surfaces for threat actors seeking unauthorized access or data exfiltration.

Top products by microsoft: Windows 10 Version 1809 Windows Windows 10 Version 1507 Windows 10 Version 1803 Windows 10 Version 1607 Windows Server 2019 Microsoft 365 Apps for Enterprise Microsoft SharePoint Enterprise Server 2016 Microsoft Edge (Chromium-based) Microsoft Office 2019 Microsoft Edge Windows 7 Windows 10 Version 2004 Windows 10 Version 20H2 Windows 11 Version 24H2 Windows 10 Version 2004 for 32-bit Systems Azure Site Recovery VMWare to Azure Windows 10 Version 1703 Microsoft SQL Server 2017 (GDR) Microsoft Office Windows Server 2022 Windows Server 2016 Microsoft SharePoint Enterprise Server Internet Explorer 9 Windows 11 version 22H2 ChakraCore Internet Explorer 11 Windows Server 2008 R2 Service Pack 1 Windows 10 Version 21H2 Visual Studio Code
CVE IDTitleCVSSSeverityPublished
CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability — Windows 10 Version 1607CWE-822 5.7 Medium2026-04-14
CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability — Windows 11 version 22H3CWE-362 7.0 High2026-04-14
CVE-2026-20945 Microsoft SharePoint Server Spoofing Vulnerability — Microsoft SharePoint Enterprise Server 2016CWE-79 4.6 Medium2026-04-14
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability — Microsoft Visual Studio Code CoPilot Chat ExtensionCWE-77 5.7 Medium2026-04-14
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability — Windows 10 Version 1809CWE-362 7.8 High2026-04-14
CVE-2026-33118 Microsoft Edge (Chromium-based) Spoofing Vulnerability — Microsoft Edge (Chromium-based)CWE-451 4.3 Medium2026-04-10
CVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge for AndroidCWE-451 5.4 Medium2026-04-10
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation — SymCryptCWE-122 6.1 Medium2026-04-06
CVE-2026-32186 Microsoft Bing Elevation of Privilege Vulnerability — Microsoft BingCWE-918 10.0 Critical2026-04-03
CVE-2026-32211 Azure MCP Server Information Disclosure Vulnerability — Azure Web AppsCWE-306 9.1 Critical2026-04-02
CVE-2026-32173 Azure SRE Agent Information Disclosure Vulnerability — Azure SRE Agent Gateway - SignalR HubCWE-287 8.6 High2026-04-02
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability — Azure Custom Locations Resource ProviderCWE-918 9.6 Critical2026-04-02
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability — Azure Kubernetes ServiceCWE-285 10.0 Critical2026-04-02
CVE-2026-33107 Azure Databricks Elevation of Privilege Vulnerability — Azure DatabricksCWE-918 10.0 Critical2026-04-02
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability — Azure AI FoundryCWE-285 10.0 Critical2026-04-02
CVE-2026-34401 XML Notepad: XML External Entity (XXE) Injection via Unsafe XmlTextReader in XML Diff and Schema Loading — XmlNotepadCWE-611 6.5 Medium2026-03-31
CVE-2026-34054 openssl on Windows built with openssldir set from the build machine (Uncontrolled Search Path Element) — vcpkgCWE-427 7.8 High2026-03-31
CVE-2026-32194 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-77 9.8 Critical2026-03-19
CVE-2026-26137 Microsoft Exchange Elevation of Privilege Vulnerability — Microsoft Exchange OnlineCWE-918 9.9 Critical2026-03-19
CVE-2026-26136 Microsoft Copilot Information Disclosure Vulnerability — Microsoft CopilotCWE-77 6.5 Medium2026-03-19
CVE-2026-24299 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 CopilotCWE-77 5.3 Medium2026-03-19
CVE-2026-26120 Microsoft Bing Tampering Vulnerability — Microsoft BingCWE-918 6.5 Medium2026-03-19
CVE-2026-23659 Azure Data Factory Information Disclosure Vulnerability — Azure Data FactoryCWE-200 8.6 High2026-03-19
CVE-2026-23658 Azure DevOps: msazure Elevation of Privilege Vulnerability — Azure DevOps: msazureCWE-522 8.6 High2026-03-19
CVE-2026-26138 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-32191 Microsoft Bing Images Remote Code Execution Vulnerability — Microsoft Bing ImagesCWE-78 9.8 Critical2026-03-19
CVE-2026-26139 Microsoft Purview Elevation of Privilege Vulnerability — Microsoft PurviewCWE-918 8.6 High2026-03-19
CVE-2026-32169 Azure Cloud Shell Elevation of Privilege Vulnerability — Azure Cloud ShellCWE-918 10.0 Critical2026-03-19
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability — Microsoft Edge for AndroidCWE-451 5.0 Medium2026-03-13
CVE-2026-26133 M365 Copilot Information Disclosure Vulnerability — Microsoft 365 Copilot for AndroidCWE-77 7.1 High2026-03-13

This page lists every published CVE security advisory associated with microsoft. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.