All posts

Free Microsoft CVE and Patch Lookup Tables

June 16, 2026 · Mark Shavlik

Two cross-linked Microsoft lookup tables: a patch tracker with KBs, CVEs fixed, and KEV flags, and a CVE reference, built from MSRC and CISA KEV feeds

We have published two free, searchable lookup tables for the Microsoft world: a Microsoft patch tracker and a Microsoft CVE reference. No sign-up, no tenant access, just the data, built from the same Microsoft and CISA feeds Siemserva uses inside customer tenants.

The Microsoft patch tracker

The patch tracker is a searchable catalog of recent Microsoft security updates, newest first. Each row is a KB article with the CVEs it fixes, the highest CVSS among them, and flags for whether any are actively exploited (CISA KEV) or used by ransomware. Search by KB number, product, CVE, or severity. Every CVE listed links straight to its entry in the CVE reference, so you can go from a patch to the vulnerabilities it closes in one click.

The Microsoft CVE reference

The CVE reference covers Microsoft CVEs plus every actively-exploited CVE in the CISA KEV catalog across all vendors. Each entry carries its CVSS severity, exploited and ransomware status, the products it affects, and a plain-language summary. A Patches link on each row jumps to the patch tracker filtered to that CVE, so the two tables reference each other both ways.

Where the data comes from

Both tables are generated from authoritative sources, the same ones Siemserva uses to rank risk in a real tenant: MSRC for Microsoft's own KB-to-CVE mapping and severity, CISA KEV for what is actually being exploited, EPSS for exploit probability, and NVD for CVSS detail. They refresh on a schedule, so the picture stays current.

This is patch and CVE work at its root. Senserva is built by Mark Shavlik and his team, and Mark is the original creator of Shavlik patch management (HfNetChk, NetChk Protect, MBSA).

From a lookup to your own tenant

The tables are a public reference. When you want the same enrichment and ranking applied to your own estate, every missing patch and CVE across your Microsoft 365, Intune, and Entra ID environment scored by real-world risk, that is what Siemserva by Senserva does on every scan. See CVE, patch and vulnerability management.

Start looking things up: the Microsoft patch tracker and the Microsoft CVE reference. Or run Siemserva against a free demo tenant.

All posts