Microsoft 365 security data: patches, CVEs, and active exploits

A live overview of the Microsoft security data Senserva tracks: every recent Microsoft update, the CVEs each one fixes, which vulnerabilities are actively exploited in the CISA Known Exploited Vulnerabilities (KEV) catalog, and a running total of unpatched risk. Refreshed daily.

Use it as a free reference, or open any tracker below for the searchable detail. The raw figures are published at /data/overview.json.

--

Microsoft updates tracked

--

actively exploited (CISA KEV)

--

CVEs fixed by tracked updates

--

Microsoft CVEs in the reference

--

Critical CVEs

--

non-Microsoft KEV CVEs

Unpatched Risk, running total (last 12 months)

What this data covers

Recent Microsoft security updates, each with the KB number, release date, highest Severity, and the CVEs it remediates.
Active exploitation status from the CISA KEV catalog, and ransomware association where CISA records it.
Exploit probability (EPSS) and CVSS base severity, so risk reflects what attackers are actually using.
A running total of unpatched risk, weighted by Severity and tripled for actively-exploited issues.

Open the full trackers

Each view is free and searchable. For your own tenant, this is scored against what you are actually missing.

Microsoft patch tracker · Microsoft CVE reference · Non-Microsoft CVE tracker · Compliance risk · Security Center

Sources

Microsoft MSRC	Authoritative Microsoft update-to-CVE mapping and Severity.
CISA KEV	Known Exploited Vulnerabilities, the actively-exploited and ransomware flags.
FIRST.org EPSS	Probability a CVE is exploited in the next 30 days.
NVD, then CIRCL	CVSS base scores and descriptions.