All patch & vulnerability trackers

Patch the Microsoft CVEs attackers are actually exploiting

What to patch first is Exploited this week; the updates themselves are on the Microsoft patch tracker; the whole picture is Senserva Live.

A free, searchable reference of Microsoft vulnerabilities: every Microsoft CVE and the update (KB) that fixes it. No registration, refreshed three times a day (5 AM, 12:30 PM, and 7 PM US Central). We rank 12,000+ Microsoft and CISA KEV CVEs by the Senserva CVE Ranking, what attackers are actually exploiting (CISA KEV, EPSS) on top of severity, each tied to its fix. Jump to the hottest right now, or search below.

Senserva is a Microsoft Intelligent Security Association member

The hottest Microsoft CVEs right now

The ten Microsoft CVEs attackers are hitting hardest right now, ranked by the Senserva CVE Ranking: CISA KEV confirmed exploitation, ransomware, EPSS, severity, and recency. See the hottest CVEs and KBs together on the What's Hot page.

Loading the hottest CVEs...
Show the full top 100 hottest Microsoft CVEs
Loading the full list...

Looking for Microsoft updates and KBs ranked by risk? Open the Patch Tracker

Microsoft CVE list and lookup, cross-referenced to patches

Patch data refreshed from MSRC + CISA KEV. Last updated .

Microsoft CVE and patch risk
Microsoft updates released per month, stacked by Severity, with a running total of unpatched CVE risk. The CVEs each update fixes are in the table below.
12 months

A short reference of historically significant Microsoft CVEs, all in the CISA Known Exploited Vulnerabilities (KEV) catalog. Use the live search below for the full, filterable list of Microsoft and all-vendor KEV CVEs.

CVE Vulnerability CVSS Status
CVE-2020-1472Netlogon elevation of privilege (Zerologon)10.0KEVRansomware
CVE-2021-26855Exchange Server SSRF leading to RCE (ProxyLogon)9.8KEV
CVE-2021-34473Exchange Server remote code execution (ProxyShell)9.8KEV
CVE-2023-23397Outlook elevation of privilege (NTLM credential leak)9.8KEV
CVE-2021-34527Windows Print Spooler remote code execution (PrintNightmare)8.8KEV
CVE-2024-30040Windows MSHTML platform security feature bypass8.8KEV
CVE-2017-0144Windows SMBv1 remote code execution (EternalBlue)8.1KEVRansomware
CVE-2024-21412Windows SmartScreen Internet Shortcut security feature bypass8.1KEV
CVE-2022-30190Windows Support Diagnostic Tool (MSDT) remote code execution (Follina)7.8KEV
CVE-2025-29824Windows CLFS driver elevation of privilege7.8KEVRansomware
CVE-2024-38112Windows MSHTML platform spoofing7.5KEV
CVE-2023-36884Office and Windows HTML remote code execution (Storm-0978)7.5KEV
CVE-2019-0708Windows Remote Desktop Services remote code execution (BlueKeep)9.8KEV
CVE-2021-34523Exchange Server elevation of privilege (ProxyShell chain)9.8KEV
CVE-2021-42287Active Directory privilege escalation (noPac, sAMAccountName spoofing)8.8KEV
CVE-2022-41040Exchange Server server-side request forgery (ProxyNotShell)8.8KEV
CVE-2022-41082Exchange Server remote code execution (ProxyNotShell)8.8KEV
CVE-2023-21674Windows ALPC elevation of privilege8.8KEV
CVE-2023-28252Windows CLFS driver elevation of privilege7.8KEVRansomware
CVE-2024-38080Windows Hyper-V elevation of privilege7.8KEV
CVE-2024-43451Windows MSHTML NTLM hash disclosure spoofing6.5KEV
CVE-2017-11882Microsoft Office Equation Editor remote code execution7.8KEV
CVE-2018-8174Windows VBScript engine remote code execution (Double Kill)7.5KEV
CVE-2025-21391Windows Storage elevation of privilege7.1KEV
CVE trends
Microsoft CVEs added per month, actively exploited highlighted, with a weighted risk and an active-attacks trend line.
12 months
Export:

This page shows what Microsoft shipped. Siemserva by Senserva shows what is still missing on your devices.

One scan ranks your open updates by what attackers actually exploit, the same CISA KEV and EPSS ranking as this page, run against your own tenant. First scan in minutes; the demo needs no registration.

Find my missing patches
Take the hottest exploited CVEs to your AI

Generated from the live ranking: the actively exploited Microsoft CVEs carrying the most risk right now, each with the update that fixes it where tracked. Refreshed three times a day (5 AM, 12:30 PM, and 7 PM US Central). Copy it into Claude, ChatGPT, or Copilot. Free, no sign-in.

CVE coverage is part of the same scan that checks your configuration and reads your logs. Patch and vulnerability work is in Senserva's roots: Mark Shavlik is the original creator of Shavlik patch management (HfNetChk, NetChk Protect), the basis for Microsoft's Baseline Security Analyzer (MBSA). See the full product, or the Microsoft security landscape.

See your security gaps, free   Buy Now (See Summer Special)

Where the CVE data comes from

Senserva does not rely on a single feed. For every vulnerability it finds, it pulls the details together from multiple authoritative sources, so each CVE is enriched and current.

SourceWhat it adds
NVD (NIST)The definitive national vulnerability database: official CVE metadata, CVSS v3 scores and vectors, and CWE weakness classifications.
CIRCLA free, generous-rate alternative to NVD for the same core CVE data, used so enrichment keeps working without an API key.
CISA KEVThe Known Exploited Vulnerabilities catalog: the CVEs confirmed to be exploited in the real world, including ransomware associations.
EPSS (FIRST.org)The Exploit Prediction Scoring System: a daily-updated probability that a CVE will be exploited in the next 30 days, plus its percentile rank.
MSRCMicrosoft Security Response Center Patch Tuesday data: KB-to-CVE mappings, Microsoft severity, and disclosure and exploitation status.
Microsoft Defender TVMPer-device missing-patch signals from Defender Threat and Vulnerability Management, where you have it licensed.
Shavlik patch management heritage runs deep here. Senserva is founded by Mark Shavlik, the original creator of Shavlik patch management (HfNetChk, NetChk Protect, MBSA, SCUPdates), the patch tools a generation of Windows admins relied on. Now that Siemserva by Senserva tracks patch and CVE data too, it is the modern Shavlik patch state tracker from the same people. The Shavlik story.

What every CVE is scored on

Each CVE carries the full risk picture, not just one number. That is what makes prioritization defensible.

SignalWhat it tells you
CVSS v3 score and vectorStandardized severity (Critical, High, Medium, Low) and the full attack-surface vector: attack vector, complexity, privileges, and impact.
CISA KEV flagWhether the CVE is actively exploited in the wild right now. The strongest signal to fix first.
EPSS probability and percentileHow likely the CVE is to be exploited soon, and where it ranks against every other scored CVE.
CWE weakness typeThe underlying class of flaw, for root-cause understanding and pattern spotting.
Microsoft (MSRC) severityMicrosoft's own rating and exploitation or public-disclosure status from Patch Tuesday.
Ransomware associationWhether the vulnerability is tied to known ransomware activity.

How Senserva reports on CVEs

Vulnerabilities and missing patches show up as ranked findings in the same dashboard and reports as the rest of your security posture, with the evidence attached.

  • One finding per missing patch per device, with the patch and KB article, the CVEs it fixes, and a CISA KEV badge when any of them are actively exploited.
  • A deterministic triage order you can defend: actively exploited (KEV) first, then by severity, then by how long the exposure has been open.
  • A multi-signal risk tier (Critical-Immediate, High, Medium, Low) that blends KEV status, CVSS severity, EPSS probability, exploit age, and how much of your fleet is affected.
  • Everything in self-contained HTML reports and the live dashboard, sortable and audit-ready, mapped to severity alongside your configuration and log findings.

See how Senserva's reports work  |  Watch a dashboard walkthrough

How Senserva's AI uses your CVE data

Because every CVE is enriched and stored in the Senserva graph, your AI answers from real data, not a live lookup, so it is fast, cheap, and grounded.

  • Ask in plain language through the market-leading Senserva MCP: "Which missing patches fix CISA KEV CVEs?", "What is the CVSS vector for CVE-2024-38226?", or "Build me a remediation plan for the top exploited vulnerabilities on my fleet."
  • The AI returns a risk-tiered action plan that already combines EPSS, CISA KEV, CVSS, and fleet impact, so the answer is a plan, not a data dump.
  • The full CVE detail (CVSS vector, CWE, EPSS, references, affected products) lives in the local graph, so follow-up questions need no extra API calls. You bring your own model, so there is no AI markup, and rich local data keeps token cost low.
  • Deterministic where it counts, AI where it helps: the ranking is repeatable, and the AI explains and plans on top of it.

See Claude and the Senserva MCP  |  How AI remediation works

CVEs are one part of the whole picture

A vulnerability matters more when the configuration around it is weak and the logs show it being probed. Senserva models all of it together: configurations, logs, identities, devices, and CVEs in one graph, so a missing patch on an exposed, actively-targeted device rises to the top, and a remediation step comes with it. This is Senserva's unified security model.

Legacy system vulnerabilities are a common source of this risk: unsupported or out-of-date software accumulates known CVEs that no longer get patched. Surfacing that exposure is part of the picture, and removing legacy software closes a large share of it. Why removing legacy software is crucial for security.

Search the Microsoft CVE reference  |  The full product  |  Microsoft security and patching landscape  |  Compare with the tools you run

Frequently asked questions

What is a CVE?

Senserva ranks every Microsoft CVE by what attackers are actually exploiting (CISA KEV) and how likely it is to be exploited next (EPSS), then ties each one to the patch (KB) that fixes it, so you know what to fix first. A CVE (Common Vulnerabilities and Exposures) is a unique identifier for a publicly known security vulnerability, such as CVE-2024-38226.

Does Senserva scan for CVEs and missing patches?

Yes. Senserva reports on vulnerabilities and missing patches across your devices, mapping each missing patch to the CVEs it fixes, and surfaces them as ranked findings in the dashboard and reports.

What is CISA KEV?

CISA KEV is the Known Exploited Vulnerabilities catalog, the list of CVEs confirmed to be actively exploited in the wild. Senserva flags any CVE in the KEV catalog and ranks those first, because they are the vulnerabilities attackers are using right now.

What is an EPSS score?

EPSS, the Exploit Prediction Scoring System, is a daily-updated probability (0 to 1) that a CVE will be exploited within the next 30 days, with a percentile rank. Senserva uses EPSS alongside CVSS and CISA KEV so you can focus on the vulnerabilities most likely to be exploited, not just the highest CVSS.

How does Senserva decide which CVEs to fix first?

It blends multiple signals: CISA KEV status, CVSS severity, EPSS exploitation probability, how long the exposure has been open, and how much of your fleet is affected. Actively exploited vulnerabilities rise to the top, in a repeatable, defensible order.

Where does the CVE data come from?

From the authoritative public sources: NVD (NIST), CIRCL, CISA KEV, EPSS (FIRST.org), and Microsoft MSRC, plus per-device signals from Microsoft Defender Threat and Vulnerability Management where licensed.

Can AI help with CVE remediation?

Yes. Through the Senserva MCP you can ask your AI, such as Claude, for a risk-tiered remediation plan that already accounts for EPSS, CISA KEV, CVSS, and fleet impact. Because the enriched CVE data is stored locally, answers are fast and grounded, with no per-CVE API lookups.

How do I manage high-severity CVEs in Windows?

Senserva surfaces the high-severity CVEs and missing patches on your Windows fleet, then ranks them by what is actually exploited: CISA KEV status first, then CVSS severity, EPSS probability, and how much of your fleet is affected. You work the top of the list instead of chasing every Critical, and each finding carries the patch, the KB, and a validated fix to apply.

What is CVE remediation, and how does Senserva do it?

CVE remediation is closing the exposure a vulnerability creates, usually by applying the patch or a configuration change. Senserva does not stop at the finding: it generates a validated, ready-to-run fix for each issue, ranked by real-world risk, that you review and apply from the Senserva UI or from Claude through the MCP. The next scan proves it worked.

What vulnerabilities affect Microsoft or enterprise software?

Microsoft and other enterprise software ships a steady stream of CVEs every month, spanning Windows, Exchange, SharePoint, Office, Edge, and the broader Microsoft 365 stack, with categories like remote code execution, elevation of privilege, information disclosure, and spoofing. The list and lookup on this page rank the notable ones by real-world signals, CISA KEV (known exploited) and EPSS (exploitation probability) on top of CVSS severity, each tied to the patch (KB) that fixes it, so you see which ones can actually hurt you, not just the full feed.

Patch and vulnerability tools Senserva complements

Senserva does not deploy patches. It reports and ranks the missing patches and CVEs across your Microsoft 365, Intune, Defender, and Entra ID estate by real-world risk (CISA KEV and EPSS), and works alongside the patch, RMM, and vulnerability tools you already run. See how Senserva compares with, and complements, each:

PatchMyPCSolarWinds Patch ManagerAction1AutomoxIvantiManageEngine Patch Manager PlusHCL BigFixNinjaOneConnectWiseKaseya and DattoN-ableAteraSyncroInforcerTenableQualys

All comparisons and integrations

Phased rollout

CVE and patch capabilities are rolling out in phases, with more arriving in the next release. Contact us for what is available today and what is coming next.

Related guides

Fixing what this tracker finds

This reference shows the public picture. The short walkthrough below shows the same ranking applied to your own tenant: which of these CVEs are actually unpatched on your devices, fixed with approval.

Senserva patching for Microsoft 365

Open the watch page for this video, or read about Senserva patching.

Sponsored by Senserva

Siemserva by Senserva reports patch status for your own devices: which ones are missing the updates on this page, ranked by what attackers actually exploit.

Please link to this page to stay current.

  • Patch status in one scan: which devices are affected, which are not
  • Missing updates ranked by CISA KEV and EPSS, so you fix the right things first
  • Data from Intune, Microsoft Defender, Windows Autopatch, and Azure Update Manager, with more sources on the way
  • Third-party app patching too: updates published to Intune by PatchMyPC, Scappman, Robopack, or any vendor, read vendor-neutrally
  • Optional AI Enhanced Reporting: plain-language summaries and recommended next steps written into your reports
  • Then go further: 650+ security checks find the drift management gaps across Microsoft 365, Intune, Defender, and Entra ID, with compliance evidence and Senserva Trustworthy AI remediation
Senserva patching for Microsoft 365
Two minutes, click to play

Patching in action in two minutes. Watch page · All videos.

3 actively exploited CVEs are unmitigated on devices in this tenant, per CISA KEV.View fix-first list ↓
312
Devices scanned
Intune + Autopatch + Defender
3
Exploited updates missing
CISA KEV, unmitigated
905
Microsoft updates tracked
Refreshed daily, MSRC + NVD
650+
Security checks in scan
Patch, config, identity, logs

Triage order for this list

Same order in the dashboard, the report, and every AI answer
1st · overrides everything
Actively exploited (KEV)
e.g. KB5040219, CVE-2026-31210
2nd · tiebreaker
Severity (Critical → Low)
MSRC + EPSS probability
3rd · tiebreaker
Days waiting
Oldest unresolved first

Ranked missing updates, fix-first order

27 findings · showing top 2
#UpdateCVESeveritySourceDevicesWaiting
1KB5040219
Windows 11 23H2 cumulative
CVE-2026-31210
KEV EPSS 0.94
CriticalDefender4119 daysAdd to fix-first
2KB5040088
.NET Framework security update
CVE-2026-29981
KEV
CriticalIntune1712 daysAdd to fix-first
Estimated dashboard, sample data for illustration

Ask Senserva

via Claude + MCP
Which devices are still missing the fix for CVE-2026-31210?
41 devices are missing KB5040219, which resolves CVE-2026-31210. This CVE is on CISA KEV, so CISA BOD 22-01 calls for remediation within 14 days. You are at 19 days and counting.
source: scan_db · defender_posture · kev_join, not model memory
Get Devices Found Get Devices Missing
Senserva is a Microsoft Intelligent Security Association member. Get Going with Senserva Senserva patching Built for IT admins and security teams, with audit-ready data for compliance.

Reference: the Microsoft patching guide, how Intune, Windows Autopatch, Defender, and Azure Update Manager fit together, and where third-party patch vendors fit in.

Data notice: the trackers, feeds, and API are provided as is, for informational purposes only, without warranty of any kind. Senserva, LLC does not guarantee the accuracy, completeness, or timeliness of third-party data and accepts no liability for actions taken based on it; verify against the primary source before acting. All use of this data is subject to the Senserva EULA.