Microsoft CVE list and lookup, cross-referenced to patches
A free, searchable reference of notable Microsoft CVEs plus every actively-exploited CVE in the CISA KEV catalog (all vendors), with CVSS severity, KEV and ransomware flags, and vulnerability type. Filter any column, or search by product, name, or CVE ID. Every CVE cross-references the patch (KB) that fixes it. No sign-up.
Patch data refreshed from MSRC + CISA KEV. Last updated .
A short reference of historically significant Microsoft CVEs, all in the CISA Known Exploited Vulnerabilities (KEV) catalog. Use the live search below for the full, filterable list of Microsoft and all-vendor KEV CVEs.
| CVE | Vulnerability | CVSS | Status |
|---|---|---|---|
| CVE-2020-1472 | Netlogon elevation of privilege (Zerologon) | 10.0 | KEVRansomware |
| CVE-2021-26855 | Exchange Server SSRF leading to RCE (ProxyLogon) | 9.8 | KEV |
| CVE-2021-34473 | Exchange Server remote code execution (ProxyShell) | 9.8 | KEV |
| CVE-2023-23397 | Outlook elevation of privilege (NTLM credential leak) | 9.8 | KEV |
| CVE-2021-34527 | Windows Print Spooler remote code execution (PrintNightmare) | 8.8 | KEV |
| CVE-2024-30040 | Windows MSHTML platform security feature bypass | 8.8 | KEV |
| CVE-2017-0144 | Windows SMBv1 remote code execution (EternalBlue) | 8.1 | KEVRansomware |
| CVE-2024-21412 | Windows SmartScreen Internet Shortcut security feature bypass | 8.1 | KEV |
| CVE-2022-30190 | Windows Support Diagnostic Tool (MSDT) remote code execution (Follina) | 7.8 | KEV |
| CVE-2025-29824 | Windows CLFS driver elevation of privilege | 7.8 | KEVRansomware |
| CVE-2024-38112 | Windows MSHTML platform spoofing | 7.5 | KEV |
| CVE-2023-36884 | Office and Windows HTML remote code execution (Storm-0978) | 7.5 | KEV |
| CVE-2019-0708 | Windows Remote Desktop Services remote code execution (BlueKeep) | 9.8 | KEV |
| CVE-2021-34523 | Exchange Server elevation of privilege (ProxyShell chain) | 9.8 | KEV |
| CVE-2021-42287 | Active Directory privilege escalation (noPac, sAMAccountName spoofing) | 8.8 | KEV |
| CVE-2022-41040 | Exchange Server server-side request forgery (ProxyNotShell) | 8.8 | KEV |
| CVE-2022-41082 | Exchange Server remote code execution (ProxyNotShell) | 8.8 | KEV |
| CVE-2023-21674 | Windows ALPC elevation of privilege | 8.8 | KEV |
| CVE-2023-28252 | Windows CLFS driver elevation of privilege | 7.8 | KEVRansomware |
| CVE-2024-38080 | Windows Hyper-V elevation of privilege | 7.8 | KEV |
| CVE-2024-43451 | Windows MSHTML NTLM hash disclosure spoofing | 6.5 | KEV |
| CVE-2017-11882 | Microsoft Office Equation Editor remote code execution | 7.8 | KEV |
| CVE-2018-8174 | Windows VBScript engine remote code execution (Double Kill) | 7.5 | KEV |
| CVE-2025-21391 | Windows Storage elevation of privilege | 7.1 | KEV |
CVE coverage is part of the same scan that checks your configuration and reads your logs. Patch and vulnerability work is in Senserva's roots: Mark Shavlik is the original creator of Shavlik patch management (HfNetChk, NetChk Protect), the basis for Microsoft's Baseline Security Analyzer (MBSA). See the full product, or the Microsoft security landscape.
Where the CVE data comes from
Senserva does not rely on a single feed. For every vulnerability it finds, it pulls the details together from multiple authoritative sources, so each CVE is enriched and current.
| Source | What it adds |
|---|---|
| NVD (NIST) | The definitive national vulnerability database: official CVE metadata, CVSS v3 scores and vectors, and CWE weakness classifications. |
| CIRCL | A free, generous-rate alternative to NVD for the same core CVE data, used so enrichment keeps working without an API key. |
| CISA KEV | The Known Exploited Vulnerabilities catalog: the CVEs confirmed to be exploited in the real world, including ransomware associations. |
| EPSS (FIRST.org) | The Exploit Prediction Scoring System: a daily-updated probability that a CVE will be exploited in the next 30 days, plus its percentile rank. |
| MSRC | Microsoft Security Response Center Patch Tuesday data: KB-to-CVE mappings, Microsoft severity, and disclosure and exploitation status. |
| Microsoft Defender TVM | Per-device missing-patch signals from Defender Threat and Vulnerability Management, where you have it licensed. |
What the patch and CVE coverage includes
This is broader than a missing-KB list. Senserva audits the whole Microsoft patching pipeline, from the update policies that decide what deploys, to the devices that actually received it, to the third-party software Windows Update never touches.
Core coverage
The newest additions
What every CVE is scored on
Each CVE carries the full risk picture, not just one number. That is what makes prioritization defensible.
| Signal | What it tells you |
|---|---|
| CVSS v3 score and vector | Standardized severity (Critical, High, Medium, Low) and the full attack-surface vector: attack vector, complexity, privileges, and impact. |
| CISA KEV flag | Whether the CVE is actively exploited in the wild right now. The strongest signal to fix first. |
| EPSS probability and percentile | How likely the CVE is to be exploited soon, and where it ranks against every other scored CVE. |
| CWE weakness type | The underlying class of flaw, for root-cause understanding and pattern spotting. |
| Microsoft (MSRC) severity | Microsoft's own rating and exploitation or public-disclosure status from Patch Tuesday. |
| Ransomware association | Whether the vulnerability is tied to known ransomware activity. |
How Senserva reports on CVEs
Vulnerabilities and missing patches show up as ranked findings in the same dashboard and reports as the rest of your security posture, with the evidence attached.
- One finding per missing patch per device, with the patch and KB article, the CVEs it fixes, and a CISA KEV badge when any of them are actively exploited.
- A deterministic triage order you can defend: actively exploited (KEV) first, then by severity, then by how long the exposure has been open.
- A multi-signal risk tier (Critical-Immediate, High, Medium, Low) that blends KEV status, CVSS severity, EPSS probability, exploit age, and how much of your fleet is affected.
- Everything in self-contained HTML reports and the live dashboard, sortable and audit-ready, mapped to severity alongside your configuration and log findings.
How AI uses your CVE data
Because every CVE is enriched and stored in the Senserva graph, your AI answers from real data, not a live lookup, so it is fast, cheap, and grounded.
- Ask in plain language through the market-leading Senserva MCP: "Which missing patches fix CISA KEV CVEs?", "What is the CVSS vector for CVE-2024-38226?", or "Build me a remediation plan for the top exploited vulnerabilities on my fleet."
- The AI returns a risk-tiered action plan that already combines EPSS, CISA KEV, CVSS, and fleet impact, so the answer is a plan, not a data dump.
- The full CVE detail (CVSS vector, CWE, EPSS, references, affected products) lives in the local graph, so follow-up questions need no extra API calls. You bring your own model, so there is no AI markup, and rich local data keeps token cost low.
- Deterministic where it counts, AI where it helps: the ranking is repeatable, and the AI explains and plans on top of it.
CVEs are one part of the whole picture
A vulnerability matters more when the configuration around it is weak and the logs show it being probed. Senserva models all of it together: configurations, logs, identities, devices, and CVEs in one graph, so a missing patch on an exposed, actively-targeted device rises to the top, and a remediation step comes with it. This is Senserva's unified security model.
Legacy system vulnerabilities are a common source of this risk: unsupported or out-of-date software accumulates known CVEs that no longer get patched. Surfacing that exposure is part of the picture, and removing legacy software closes a large share of it. Why removing legacy software is crucial for security.
Search the Microsoft CVE reference | The full product | Microsoft security and patching landscape | Compare with the tools you run
Frequently asked questions
A CVE (Common Vulnerabilities and Exposures) is a unique identifier for a publicly known security vulnerability, such as CVE-2024-38226. Senserva reports the CVEs affecting your Microsoft estate and enriches each one with severity and exploitation data so you know which to fix first.
Yes. Senserva reports on vulnerabilities and missing patches across your devices, mapping each missing patch to the CVEs it fixes, and surfaces them as ranked findings in the dashboard and reports.
CISA KEV is the Known Exploited Vulnerabilities catalog, the list of CVEs confirmed to be actively exploited in the wild. Senserva flags any CVE in the KEV catalog and ranks those first, because they are the vulnerabilities attackers are using right now.
EPSS, the Exploit Prediction Scoring System, is a daily-updated probability (0 to 1) that a CVE will be exploited within the next 30 days, with a percentile rank. Senserva uses EPSS alongside CVSS and CISA KEV so you can focus on the vulnerabilities most likely to be exploited, not just the highest CVSS.
It blends multiple signals: CISA KEV status, CVSS severity, EPSS exploitation probability, how long the exposure has been open, and how much of your fleet is affected. Actively exploited vulnerabilities rise to the top, in a repeatable, defensible order.
From the authoritative public sources: NVD (NIST), CIRCL, CISA KEV, EPSS (FIRST.org), and Microsoft MSRC, plus per-device signals from Microsoft Defender Threat and Vulnerability Management where licensed.
Yes. Through the Senserva MCP you can ask your AI, such as Claude, for a risk-tiered remediation plan that already accounts for EPSS, CISA KEV, CVSS, and fleet impact. Because the enriched CVE data is stored locally, answers are fast and grounded, with no per-CVE API lookups.
Senserva surfaces the high-severity CVEs and missing patches on your Windows fleet, then ranks them by what is actually exploited: CISA KEV status first, then CVSS severity, EPSS probability, and how much of your fleet is affected. You work the top of the list instead of chasing every Critical, and each finding carries the patch, the KB, and a validated fix to apply.
CVE remediation is closing the exposure a vulnerability creates, usually by applying the patch or a configuration change. Senserva does not stop at the finding: it generates a validated, ready-to-run fix for each issue, ranked by real-world risk, that you review and apply from the Senserva UI or from Claude through the MCP. The next scan proves it worked.
Patch and vulnerability tools Senserva complements
Senserva does not deploy patches. It reports and ranks the missing patches and CVEs across your Microsoft 365, Intune, Defender, and Entra ID estate by real-world risk (CISA KEV and EPSS), and works alongside the patch, RMM, and vulnerability tools you already run. See how Senserva compares with, and complements, each:
CVE and patch capabilities are rolling out in phases, with more arriving in the next release. Contact us for what is available today and what is coming next.
Helpful links
The authoritative vulnerability and patch intelligence sources behind Senserva's CVE prioritization. Each opens in a new tab.
- NIST National Vulnerability Database (NVD): the U.S. government repository of standards-based vulnerability data
- CISA KEV Catalog: cISA's catalog of known exploited vulnerabilities
- FIRST EPSS: the Exploit Prediction Scoring System: the probability a CVE will be exploited
- CVSS (FIRST): the Common Vulnerability Scoring System for rating severity
- Microsoft Security Update Guide (MSRC): microsoft's authoritative source for security updates and CVEs