Exploited CVEs / By vendor / Microsoft
Microsoft vulnerabilities actively exploited
378 Microsoft CVEs on the CISA Known Exploited Vulnerabilities catalog, newest first. Refreshed daily.
Every CVE below is confirmed exploited in the wild, not just theoretically severe. The newest addition is CVE-2026-45659 (SharePoint Server, added 2026-07-01). 104 of the 378 are used in ransomware campaigns. New CISA KEV entries appear here the day they are cataloged; the freshest across all vendors are on exploited this week.
Ask your own AI about Microsoft exploited CVEs
Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.
Windows: 172 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2008-4250 | Windows | 2026-05-20 | - |
| CVE-2026-32202 | Windows | 2026-04-28 | - |
| CVE-2023-36424 | Windows | 2026-04-13 | - |
| CVE-2025-60710 | Windows | 2026-04-13 | - |
| CVE-2008-0015 | Windows | 2026-02-17 | - |
| CVE-2026-21510 | Windows | 2026-02-10 | - |
| CVE-2026-21513 | Windows | 2026-02-10 | - |
| CVE-2026-21519 | Windows | 2026-02-10 | - |
| CVE-2026-21525 | Windows | 2026-02-10 | - |
| CVE-2026-21533 | Windows | 2026-02-10 | - |
| CVE-2026-20805 | Windows | 2026-01-13 | - |
| CVE-2025-62221 | Windows | 2025-12-09 | - |
| CVE-2025-62215 | Windows | 2025-11-12 | - |
| CVE-2025-59287 | Windows | 2025-10-24 | - |
| CVE-2025-33073 | Windows | 2025-10-20 | - |
| CVE-2025-24990 | Windows | 2025-10-14 | - |
| CVE-2025-59230 | Windows | 2025-10-14 | - |
| CVE-2011-3402 | Windows | 2025-10-06 | - |
| CVE-2013-3918 | Windows | 2025-10-06 | - |
| CVE-2021-43226 | Windows | 2025-10-06 | - |
| CVE-2025-33053 | Windows | 2025-06-10 | - |
| CVE-2025-30397 | Windows | 2025-05-13 | - |
| CVE-2025-30400 | Windows | 2025-05-13 | - |
| CVE-2025-32701 | Windows | 2025-05-13 | - |
| CVE-2025-32706 | Windows | 2025-05-13 | - |
| CVE-2025-32709 | Windows | 2025-05-13 | - |
| CVE-2025-24054 | Windows | 2025-04-17 | - |
| CVE-2025-29824 | Windows | 2025-04-08 | ransomware |
| CVE-2025-24983 | Windows | 2025-03-11 | - |
| CVE-2025-24984 | Windows | 2025-03-11 | - |
| CVE-2025-24985 | Windows | 2025-03-11 | - |
| CVE-2025-24991 | Windows | 2025-03-11 | - |
| CVE-2025-24993 | Windows | 2025-03-11 | - |
| CVE-2025-26633 | Windows | 2025-03-11 | ransomware |
| CVE-2018-8639 | Windows | 2025-03-03 | ransomware |
| CVE-2025-21391 | Windows | 2025-02-11 | - |
| CVE-2025-21418 | Windows | 2025-02-11 | - |
| CVE-2025-21333 | Windows | 2025-01-14 | - |
| CVE-2025-21334 | Windows | 2025-01-14 | - |
| CVE-2025-21335 | Windows | 2025-01-14 | - |
| CVE-2024-35250 | Windows | 2024-12-16 | - |
| CVE-2024-49138 | Windows | 2024-12-10 | - |
| CVE-2024-43451 | Windows | 2024-11-12 | - |
| CVE-2024-49039 | Windows | 2024-11-12 | ransomware |
| CVE-2024-30088 | Windows | 2024-10-15 | ransomware |
| CVE-2024-43572 | Windows | 2024-10-08 | - |
| CVE-2024-43573 | Windows | 2024-10-08 | - |
| CVE-2024-43461 | Windows | 2024-09-16 | - |
| CVE-2024-38014 | Windows | 2024-09-10 | - |
| CVE-2024-38217 | Windows | 2024-09-10 | - |
| CVE-2024-38106 | Windows | 2024-08-13 | - |
| CVE-2024-38107 | Windows | 2024-08-13 | - |
| CVE-2024-38178 | Windows | 2024-08-13 | - |
| CVE-2024-38193 | Windows | 2024-08-13 | - |
| CVE-2024-38213 | Windows | 2024-08-13 | - |
| CVE-2018-0824 | Windows | 2024-08-05 | - |
| CVE-2024-38080 | Windows | 2024-07-09 | - |
| CVE-2024-38112 | Windows | 2024-07-09 | - |
| CVE-2024-26169 | Windows | 2024-06-13 | ransomware |
| CVE-2024-30040 | Windows | 2024-05-14 | - |
| CVE-2022-38028 | Windows | 2024-04-23 | - |
| CVE-2024-21338 | Windows | 2024-03-04 | ransomware |
| CVE-2024-21351 | Windows | 2024-02-13 | - |
| CVE-2024-21412 | Windows | 2024-02-13 | ransomware |
| CVE-2023-36584 | Windows | 2023-11-16 | - |
| CVE-2023-36025 | Windows | 2023-11-14 | - |
| CVE-2023-36033 | Windows | 2023-11-14 | - |
| CVE-2023-36036 | Windows | 2023-11-14 | - |
| CVE-2023-36884 | Windows | 2023-07-17 | ransomware |
| CVE-2023-32046 | Windows | 2023-07-11 | - |
| CVE-2023-32049 | Windows | 2023-07-11 | - |
| CVE-2023-36874 | Windows | 2023-07-11 | - |
| CVE-2023-28252 | Windows | 2023-04-11 | ransomware |
| CVE-2019-1388 | Windows | 2023-04-07 | ransomware |
| CVE-2023-24880 | Windows | 2023-03-14 | ransomware |
| CVE-2023-21823 | Windows | 2023-02-14 | - |
| CVE-2023-23376 | Windows | 2023-02-14 | ransomware |
| CVE-2023-21674 | Windows | 2023-01-10 | - |
| CVE-2022-41049 | Windows | 2022-11-14 | - |
| CVE-2022-41073 | Windows | 2022-11-08 | ransomware |
| CVE-2022-41091 | Windows | 2022-11-08 | ransomware |
| CVE-2022-41125 | Windows | 2022-11-08 | - |
| CVE-2022-41128 | Windows | 2022-11-08 | - |
| CVE-2010-2568 | Windows | 2022-09-15 | - |
| CVE-2022-37969 | Windows | 2022-09-14 | - |
| CVE-2022-21971 | Windows | 2022-08-18 | - |
| CVE-2022-34713 | Windows | 2022-08-09 | - |
| CVE-2022-22047 | Windows | 2022-07-12 | - |
| CVE-2022-26925 | Windows | 2022-07-01 | - |
| CVE-2022-30190 | Windows | 2022-06-14 | ransomware |
| CVE-2012-0151 | Windows | 2022-06-08 | - |
| CVE-2014-4148 | Windows | 2022-05-25 | - |
| CVE-2015-0016 | Windows | 2022-05-25 | - |
| CVE-2015-1671 | Windows | 2022-05-25 | - |
| CVE-2015-1769 | Windows | 2022-05-25 | - |
| CVE-2015-6175 | Windows | 2022-05-25 | - |
| CVE-2016-3393 | Windows | 2022-05-25 | - |
| CVE-2016-7256 | Windows | 2022-05-25 | - |
| CVE-2017-0005 | Windows | 2022-05-24 | - |
| CVE-2017-8543 | Windows | 2022-05-24 | - |
| CVE-2018-8611 | Windows | 2022-05-24 | - |
| CVE-2019-0703 | Windows | 2022-05-23 | - |
| CVE-2019-0880 | Windows | 2022-05-23 | - |
| CVE-2019-1130 | Windows | 2022-05-23 | ransomware |
| CVE-2019-1385 | Windows | 2022-05-23 | ransomware |
| CVE-2020-1027 | Windows | 2022-05-23 | - |
| CVE-2022-21919 | Windows | 2022-04-25 | - |
| CVE-2022-26904 | Windows | 2022-04-25 | - |
| CVE-2022-22718 | Windows | 2022-04-19 | - |
| CVE-2022-24521 | Windows | 2022-04-13 | ransomware |
| CVE-2021-34484 | Windows | 2022-03-31 | - |
| CVE-2010-4398 | Windows | 2022-03-28 | - |
| CVE-2015-2426 | Windows | 2022-03-28 | - |
| CVE-2016-0040 | Windows | 2022-03-28 | - |
| CVE-2017-0213 | Windows | 2022-03-28 | ransomware |
| CVE-2018-8440 | Windows | 2022-03-28 | ransomware |
| CVE-2021-34486 | Windows | 2022-03-28 | - |
| CVE-2014-6332 | Windows | 2022-03-25 | - |
| CVE-2017-0146 | Windows | 2022-03-25 | ransomware |
| CVE-2018-8414 | Windows | 2022-03-25 | - |
| CVE-2022-21999 | Windows | 2022-03-25 | ransomware |
| CVE-2016-3309 | Windows | 2022-03-15 | ransomware |
| CVE-2017-0101 | Windows | 2022-03-15 | ransomware |
| CVE-2019-0543 | Windows | 2022-03-15 | ransomware |
| CVE-2019-0841 | Windows | 2022-03-15 | ransomware |
| CVE-2019-1064 | Windows | 2022-03-15 | ransomware |
| CVE-2019-1129 | Windows | 2022-03-15 | ransomware |
| CVE-2019-1253 | Windows | 2022-03-15 | ransomware |
| CVE-2019-1315 | Windows | 2022-03-15 | ransomware |
| CVE-2019-1322 | Windows | 2022-03-15 | ransomware |
| CVE-2019-1405 | Windows | 2022-03-15 | ransomware |
| CVE-2002-0367 | Windows | 2022-03-03 | - |
| CVE-2004-0210 | Windows | 2022-03-03 | - |
| CVE-2009-1123 | Windows | 2022-03-03 | - |
| CVE-2010-0232 | Windows | 2022-03-03 | - |
| CVE-2013-5065 | Windows | 2022-03-03 | - |
| CVE-2014-4114 | Windows | 2022-03-03 | - |
| CVE-2016-0099 | Windows | 2022-03-03 | ransomware |
| CVE-2021-41379 | Windows | 2022-03-03 | ransomware |
| CVE-2014-6352 | Windows | 2022-02-25 | - |
| CVE-2018-8174 | Windows | 2022-02-15 | ransomware |
| CVE-2017-8464 | Windows | 2022-02-10 | - |
| CVE-2021-36934 | Windows | 2022-02-10 | - |
| CVE-2020-0787 | Windows | 2022-01-28 | ransomware |
| CVE-2021-43890 | Windows | 2021-12-15 | ransomware |
| CVE-2021-40449 | Windows | 2021-11-17 | ransomware |
| CVE-2014-1812 | Windows | 2021-11-03 | ransomware |
| CVE-2016-0185 | Windows | 2021-11-03 | - |
| CVE-2017-0143 | Windows | 2021-11-03 | ransomware |
| CVE-2019-0863 | Windows | 2021-11-03 | - |
| CVE-2019-1214 | Windows | 2021-11-03 | - |
| CVE-2019-1215 | Windows | 2021-11-03 | ransomware |
| CVE-2020-0601 | Windows | 2021-11-03 | - |
| CVE-2020-0683 | Windows | 2021-11-03 | - |
| CVE-2020-0938 | Windows | 2021-11-03 | - |
| CVE-2020-0986 | Windows | 2021-11-03 | - |
| CVE-2020-1020 | Windows | 2021-11-03 | - |
| CVE-2020-1350 | Windows | 2021-11-03 | - |
| CVE-2020-1464 | Windows | 2021-11-03 | - |
| CVE-2020-17087 | Windows | 2021-11-03 | - |
| CVE-2021-1675 | Windows | 2021-11-03 | ransomware |
| CVE-2021-31955 | Windows | 2021-11-03 | - |
| CVE-2021-31956 | Windows | 2021-11-03 | - |
| CVE-2021-31979 | Windows | 2021-11-03 | - |
| CVE-2021-33739 | Windows | 2021-11-03 | - |
| CVE-2021-33742 | Windows | 2021-11-03 | - |
| CVE-2021-33771 | Windows | 2021-11-03 | - |
| CVE-2021-34448 | Windows | 2021-11-03 | - |
| CVE-2021-34527 | Windows | 2021-11-03 | ransomware |
| CVE-2021-36942 | Windows | 2021-11-03 | ransomware |
| CVE-2021-36948 | Windows | 2021-11-03 | - |
| CVE-2021-36955 | Windows | 2021-11-03 | ransomware |
Internet Explorer: 36 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2010-0249 | Internet Explorer | 2026-05-20 | - |
| CVE-2010-0806 | Internet Explorer | 2026-05-20 | - |
| CVE-2010-3962 | Internet Explorer | 2025-10-06 | - |
| CVE-2013-3893 | Internet Explorer | 2025-08-12 | - |
| CVE-2012-4792 | Internet Explorer | 2024-07-23 | - |
| CVE-2013-3163 | Internet Explorer | 2023-03-30 | - |
| CVE-2012-4969 | Internet Explorer | 2022-06-08 | - |
| CVE-2013-7331 | Internet Explorer | 2022-05-25 | - |
| CVE-2014-2817 | Internet Explorer | 2022-05-25 | - |
| CVE-2014-4123 | Internet Explorer | 2022-05-25 | - |
| CVE-2015-0071 | Internet Explorer | 2022-05-25 | - |
| CVE-2015-2425 | Internet Explorer | 2022-05-25 | - |
| CVE-2016-0162 | Internet Explorer | 2022-05-24 | - |
| CVE-2016-3298 | Internet Explorer | 2022-05-24 | - |
| CVE-2017-0149 | Internet Explorer | 2022-05-24 | - |
| CVE-2017-0210 | Internet Explorer | 2022-05-24 | - |
| CVE-2019-0676 | Internet Explorer | 2022-05-23 | - |
| CVE-2014-0322 | Internet Explorer | 2022-05-04 | - |
| CVE-2015-2502 | Internet Explorer | 2022-04-13 | - |
| CVE-2013-2551 | Internet Explorer | 2022-03-28 | ransomware |
| CVE-2015-2419 | Internet Explorer | 2022-03-28 | - |
| CVE-2016-0189 | Internet Explorer | 2022-03-28 | - |
| CVE-2017-0059 | Internet Explorer | 2022-03-28 | - |
| CVE-2013-1347 | Internet Explorer | 2022-03-03 | - |
| CVE-2013-3897 | Internet Explorer | 2022-03-03 | - |
| CVE-2017-0222 | Internet Explorer | 2022-02-25 | - |
| CVE-2019-0752 | Internet Explorer | 2022-02-15 | ransomware |
| CVE-2014-1776 | Internet Explorer | 2022-01-28 | - |
| CVE-2018-8653 | Internet Explorer | 2021-11-03 | - |
| CVE-2019-1367 | Internet Explorer | 2021-11-03 | ransomware |
| CVE-2019-1429 | Internet Explorer | 2021-11-03 | - |
| CVE-2020-0674 | Internet Explorer | 2021-11-03 | - |
| CVE-2020-0968 | Internet Explorer | 2021-11-03 | - |
| CVE-2020-1380 | Internet Explorer | 2021-11-03 | - |
| CVE-2021-26411 | Internet Explorer | 2021-11-03 | ransomware |
| CVE-2021-27085 | Internet Explorer | 2021-11-03 | - |
Office: 29 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2009-0238 | Office | 2026-04-14 | - |
| CVE-2026-21514 | Office | 2026-02-10 | - |
| CVE-2026-21509 | Office | 2026-01-26 | - |
| CVE-2009-0556 | Office | 2026-01-07 | - |
| CVE-2007-0671 | Office | 2025-08-12 | - |
| CVE-2023-23397 | Office | 2023-03-14 | - |
| CVE-2023-21715 | Office | 2023-02-14 | - |
| CVE-2009-0557 | Office | 2022-06-08 | - |
| CVE-2009-0563 | Office | 2022-06-08 | - |
| CVE-2013-1331 | Office | 2022-06-08 | - |
| CVE-2015-1770 | Office | 2022-03-28 | - |
| CVE-2021-38646 | Office | 2022-03-28 | ransomware |
| CVE-2010-3333 | Office | 2022-03-03 | - |
| CVE-2012-1856 | Office | 2022-03-03 | - |
| CVE-2015-1642 | Office | 2022-03-03 | - |
| CVE-2015-2545 | Office | 2022-03-03 | - |
| CVE-2016-7193 | Office | 2022-03-03 | - |
| CVE-2017-0261 | Office | 2022-03-03 | - |
| CVE-2017-11826 | Office | 2022-03-03 | - |
| CVE-2017-8570 | Office | 2022-02-25 | - |
| CVE-2017-0262 | Office | 2022-02-10 | - |
| CVE-2021-42292 | Office | 2021-11-17 | - |
| CVE-2015-1641 | Office | 2021-11-03 | - |
| CVE-2016-3235 | Office | 2021-11-03 | - |
| CVE-2017-11774 | Office | 2021-11-03 | - |
| CVE-2017-11882 | Office | 2021-11-03 | ransomware |
| CVE-2018-0798 | Office | 2021-11-03 | - |
| CVE-2018-0802 | Office | 2021-11-03 | - |
| CVE-2021-27059 | Office | 2021-11-03 | - |
Win32k: 25 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2016-0165 | Win32k | 2023-06-22 | - |
| CVE-2023-29336 | Win32k | 2023-05-09 | - |
| CVE-2015-2360 | Win32k | 2022-05-25 | - |
| CVE-2018-8589 | Win32k | 2022-05-23 | - |
| CVE-2014-4113 | Win32k | 2022-05-04 | - |
| CVE-2021-40450 | Win32k | 2022-04-25 | - |
| CVE-2021-41357 | Win32k | 2022-04-25 | - |
| CVE-2013-3660 | Win32k | 2022-03-28 | - |
| CVE-2015-2546 | Win32k | 2022-03-15 | ransomware |
| CVE-2018-8120 | Win32k | 2022-03-15 | ransomware |
| CVE-2019-1132 | Win32k | 2022-03-15 | - |
| CVE-2015-1701 | Win32k | 2022-03-03 | ransomware |
| CVE-2017-0263 | Win32k | 2022-02-10 | - |
| CVE-2022-21882 | Win32k | 2022-02-04 | - |
| CVE-2018-8453 | Win32k | 2022-01-21 | ransomware |
| CVE-2019-1458 | Win32k | 2022-01-10 | ransomware |
| CVE-2016-0167 | Win32k | 2021-11-03 | ransomware |
| CVE-2016-7255 | Win32k | 2021-11-03 | - |
| CVE-2019-0797 | Win32k | 2021-11-03 | - |
| CVE-2019-0803 | Win32k | 2021-11-03 | - |
| CVE-2019-0808 | Win32k | 2021-11-03 | - |
| CVE-2019-0859 | Win32k | 2021-11-03 | - |
| CVE-2020-1054 | Win32k | 2021-11-03 | - |
| CVE-2021-1732 | Win32k | 2021-11-03 | ransomware |
| CVE-2021-28310 | Win32k | 2021-11-03 | - |
Exchange Server: 17 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2023-21529 | Exchange Server | 2026-04-13 | ransomware |
| CVE-2021-31196 | Exchange Server | 2024-08-21 | - |
| CVE-2024-21410 | Exchange Server | 2024-02-15 | - |
| CVE-2022-41080 | Exchange Server | 2023-01-10 | ransomware |
| CVE-2022-41040 | Exchange Server | 2022-09-30 | ransomware |
| CVE-2022-41082 | Exchange Server | 2022-09-30 | ransomware |
| CVE-2018-8581 | Exchange Server | 2022-03-03 | ransomware |
| CVE-2021-33766 | Exchange Server | 2022-01-18 | - |
| CVE-2020-0688 | Exchange Server | 2021-11-03 | ransomware |
| CVE-2020-17144 | Exchange Server | 2021-11-03 | - |
| CVE-2021-26855 | Exchange Server | 2021-11-03 | ransomware |
| CVE-2021-26857 | Exchange Server | 2021-11-03 | ransomware |
| CVE-2021-26858 | Exchange Server | 2021-11-03 | ransomware |
| CVE-2021-27065 | Exchange Server | 2021-11-03 | ransomware |
| CVE-2021-31207 | Exchange Server | 2021-11-03 | ransomware |
| CVE-2021-34473 | Exchange Server | 2021-11-03 | ransomware |
| CVE-2021-34523 | Exchange Server | 2021-11-03 | ransomware |
SharePoint: 6 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2026-20963 | SharePoint | 2026-03-18 | - |
| CVE-2025-49704 | SharePoint | 2025-07-22 | ransomware |
| CVE-2025-49706 | SharePoint | 2025-07-22 | ransomware |
| CVE-2025-53770 | SharePoint | 2025-07-20 | ransomware |
| CVE-2024-38094 | SharePoint | 2024-10-22 | ransomware |
| CVE-2019-0604 | SharePoint | 2021-11-03 | ransomware |
Defender: 5 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2026-41091 | Defender | 2026-05-20 | - |
| CVE-2026-45498 | Defender | 2026-05-20 | - |
| CVE-2026-33825 | Defender | 2026-04-22 | ransomware |
| CVE-2022-44698 | Defender | 2022-12-13 | ransomware |
| CVE-2021-1647 | Defender | 2021-11-03 | - |
SharePoint Server: 4 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2026-45659 | SharePoint Server | 2026-07-01 | - |
| CVE-2026-32201 | SharePoint Server | 2026-04-14 | - |
| CVE-2023-24955 | SharePoint Server | 2024-03-26 | ransomware |
| CVE-2023-29357 | SharePoint Server | 2024-01-10 | ransomware |
Word: 4 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2023-36761 | Word | 2023-09-12 | - |
| CVE-2006-2492 | Word | 2022-06-08 | - |
| CVE-2012-2539 | Word | 2022-03-28 | - |
| CVE-2014-1761 | Word | 2022-02-15 | - |
Open Management Infrastructure (OMI): 4 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2021-38645 | Open Management Infrastructure (OMI) | 2021-11-03 | - |
| CVE-2021-38647 | Open Management Infrastructure (OMI) | 2021-11-03 | ransomware |
| CVE-2021-38648 | Open Management Infrastructure (OMI) | 2021-11-03 | - |
| CVE-2021-38649 | Open Management Infrastructure (OMI) | 2021-11-03 | - |
.NET Framework: 3 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2024-29059 | .NET Framework | 2025-02-04 | - |
| CVE-2017-8759 | .NET Framework | 2021-11-03 | - |
| CVE-2020-0646 | .NET Framework | 2021-11-03 | - |
Active Directory: 3 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2022-26923 | Active Directory | 2022-08-18 | - |
| CVE-2021-42278 | Active Directory | 2022-04-11 | ransomware |
| CVE-2021-42287 | Active Directory | 2022-04-11 | ransomware |
Silverlight: 3 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2013-0074 | Silverlight | 2022-05-25 | ransomware |
| CVE-2013-3896 | Silverlight | 2022-05-25 | - |
| CVE-2016-0034 | Silverlight | 2022-05-25 | ransomware |
Excel: 3 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2009-3129 | Excel | 2022-03-03 | - |
| CVE-2016-7262 | Excel | 2022-03-03 | - |
| CVE-2019-1297 | Excel | 2022-03-03 | - |
Other Microsoft products
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2009-1537 | DirectX | 2026-05-20 | - |
| CVE-2026-42897 | Microsoft | 2026-05-15 | - |
| CVE-2012-1854 | Visual Basic for Applications (VBA) | 2026-04-13 | - |
| CVE-2024-43468 | Configuration Manager | 2026-02-12 | - |
| CVE-2024-49035 | Partner Center | 2025-02-25 | - |
| CVE-2025-24989 | Power Pages | 2025-02-21 | - |
| CVE-2024-21413 | Office Outlook | 2025-02-06 | - |
| CVE-2020-0618 | SQL Server | 2024-09-18 | - |
| CVE-2024-38226 | Publisher | 2024-09-10 | - |
| CVE-2024-38189 | Project | 2024-08-13 | - |
| CVE-2024-30051 | DWM Core Library | 2024-05-14 | ransomware |
| CVE-2024-29988 | SmartScreen Prompt | 2024-04-30 | - |
| CVE-2023-29360 | Streaming Service | 2024-02-29 | - |
| CVE-2023-36563 | WordPad | 2023-10-10 | - |
| CVE-2023-41763 | Skype for Business | 2023-10-10 | - |
| CVE-2023-28229 | Windows CNG Key Isolation Service | 2023-10-04 | - |
| CVE-2023-36802 | Streaming Service Proxy | 2023-09-12 | - |
| CVE-2023-38180 | .NET Core and Visual Studio | 2023-08-09 | - |
| CVE-2023-35311 | Outlook | 2023-07-11 | - |
| CVE-2022-41033 | Windows COM+ Event System Service | 2022-10-11 | - |
| CVE-2010-2572 | PowerPoint | 2022-06-08 | - |
| CVE-2012-1889 | XML Core Services | 2022-06-08 | - |
| CVE-2014-4077 | Input Method Editor (IME) Japanese | 2022-05-25 | - |
| CVE-2016-3351 | Internet Explorer and Edge | 2022-05-24 | ransomware |
| CVE-2017-0022 | XML Core Services | 2022-05-24 | - |
| CVE-2017-0147 | SMBv1 server | 2022-05-24 | ransomware |
| CVE-2020-0638 | Update Notification Manager | 2022-05-23 | ransomware |
| CVE-2017-0148 | SMBv1 server | 2022-04-06 | ransomware |
| CVE-2021-31166 | HTTP Protocol Stack | 2022-04-06 | - |
| CVE-2011-2005 | Ancillary Function Driver (afd.sys) | 2022-03-28 | - |
| CVE-2016-0151 | Client-Server Run-time Subsystem (CSRSS) | 2022-03-28 | ransomware |
| CVE-2016-7200 | Edge | 2022-03-28 | - |
| CVE-2016-7201 | Edge | 2022-03-28 | - |
| CVE-2017-0037 | Edge and Internet Explorer | 2022-03-28 | - |
| CVE-2018-8405 | DirectX Graphics Kernel (DXGKRNL) | 2022-03-28 | ransomware |
| CVE-2018-8406 | DirectX Graphics Kernel (DXGKRNL) | 2022-03-28 | ransomware |
| CVE-2014-6324 | Kerberos Key Distribution Center (KDC) | 2022-03-25 | - |
| CVE-2018-8373 | Internet Explorer Scripting Engine | 2022-03-25 | - |
| CVE-2019-0903 | Graphics Device Interface (GDI) | 2022-03-25 | - |
| CVE-2019-1069 | Task Scheduler | 2022-03-15 | ransomware |
| CVE-2011-1889 | Forefront Threat Management Gateway (TMG) | 2022-03-03 | - |
| CVE-2015-2387 | ATM Font Driver | 2022-03-03 | - |
| CVE-2015-2424 | PowerPoint | 2022-03-03 | - |
| CVE-2017-0001 | Graphics Device Interface (GDI) | 2022-03-03 | - |
| CVE-2017-8540 | Malware Protection Engine | 2022-03-03 | - |
| CVE-2013-3906 | Graphics Component | 2022-02-15 | - |
| CVE-2015-1635 | HTTP.sys | 2022-02-10 | - |
| CVE-2017-0144 | SMBv1 | 2022-02-10 | ransomware |
| CVE-2017-0145 | SMBv1 | 2022-02-10 | ransomware |
| CVE-2020-0796 | SMBv3 | 2022-02-10 | ransomware |
| CVE-2013-3900 | WinVerifyTrust function | 2022-01-10 | - |
| CVE-2021-42321 | Exchange | 2021-11-17 | ransomware |
| CVE-2012-0158 | MSCOMCTL.OCX | 2021-11-03 | - |
| CVE-2017-0199 | Office and WordPad | 2021-11-03 | ransomware |
| CVE-2017-7269 | Internet Information Services (IIS) | 2021-11-03 | - |
| CVE-2019-0541 | MSHTML | 2021-11-03 | - |
| CVE-2019-0708 | Remote Desktop Services | 2021-11-03 | ransomware |
| CVE-2020-0878 | Edge and Internet Explorer | 2021-11-03 | ransomware |
| CVE-2020-1040 | Hyper-V RemoteFX | 2021-11-03 | - |
| CVE-2020-1147 | .NET Framework, SharePoint, Visual Studio | 2021-11-03 | - |
| CVE-2020-1472 | Netlogon | 2021-11-03 | ransomware |
| CVE-2021-31199 | Enhanced Cryptographic Provider | 2021-11-03 | - |
| CVE-2021-31201 | Enhanced Cryptographic Provider | 2021-11-03 | - |
| CVE-2021-40444 | MSHTML | 2021-11-03 | ransomware |
Common questions about exploited Microsoft CVEs
Which Microsoft vulnerabilities are actively exploited?
As of July 2026, 378 Microsoft CVEs are on the CISA Known Exploited Vulnerabilities catalog, meaning exploitation in the wild is confirmed. The most-listed products are Windows (172), Internet Explorer (36), Office (29), Win32k (25). 104 are linked to ransomware campaigns.
What is the newest exploited Microsoft CVE?
CVE-2026-45659, affecting SharePoint Server, added to the CISA KEV catalog on 2026-07-01. This page refreshes daily, so the newest entry is always first in the table.
How urgent are these Microsoft CVEs?
KEV listing is the strongest fix-first signal there is: it means confirmed exploitation, not a prediction. Patch these ahead of higher-CVSS issues that nobody is exploiting. For Microsoft entries, each CVE links to its page with the fixing KB, and Senserva can report which of them are actually missing on your own devices.
Can I ask my own AI about exploited Microsoft CVEs?
Yes. This page includes a free copy-paste AI prompt carrying the newest Microsoft KEV entries, with CVSS, EPSS, and ransomware context, into Claude, ChatGPT, or Copilot. The data is refreshed daily.
Authoritative references
All vendors, searchable with due dates and CSV export: the exploited-CVE tracker. Every vendor with a page: exploited by vendor.