Vulnerabilidades em Microsoft Corporation

865 resultados

Análise Vexday

Com 30 CVEs confirmadas em exploração ativa no catálogo CISA KEV, a Microsoft Corporation apresenta uma taxa de exploração 7,7 vezes acima da média geral do catálogo, o que indica exposição operacional significativamente elevada em relação ao universo de vendors monitorados. O tipo de falha mais recorrente é CWE-119 (corrupção de memória por escrita ou leitura fora dos limites), padrão historicamente associado a impacto elevado e exploração confiável em ambientes reais. A CVE mais perigosa atualmente ativa é CVE-2017-11882, com EPSS de 0,9995 — praticamente a probabilidade máxima de exploração —, sinalizando que esta vulnerabilidade específica deve ser tratada como prioridade imediata em qualquer programa de gestão de patches. A presença de 216 CVEs com prova de conceito pública, num universo total de 865 registros, amplia a superfície de risco para organizações que ainda não tenham aplicado as correções disponíveis.

CVE-2018-0750—The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the EPSS 1.7%CVE-2017-0218—Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass EPSS 1.7%CVE-2017-8703—The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles oEPSS 1.7%CVE-2017-0184—A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged EPSS 1.7%CVE-2017-0255—Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially craftEPSS 1.7%CVE-2017-8715—The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by tEPSS 1.7%CVE-2017-8530—Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading aEPSS 1.7%CVE-2017-8720—The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 GoEPSS 1.6%CVE-2017-0178—A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, WindowEPSS 1.6%CVE-2018-0757—The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 GoldEPSS 1.6%CVE-2018-0810—The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability EPSS 1.6%CVE-2017-0076—Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; WindowsEPSS 1.6%CVE-2017-8627—Windows Subsystem for Linux in Windows 10 1703, allows a denial of service vulnerability due to the way it handles objects in memory, aka "WEPSS 1.6%CVE-2017-8675—The Windows Kernel-Mode Drivers component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 GEPSS 1.6%CVE-2017-0169—An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2EPSS 1.6%CVE-2017-8557—Windows System Information Console in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, WindoEPSS 1.5%CVE-2017-0077—The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, EPSS 1.5%CVE-2017-0098—Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause aEPSS 1.5%CVE-2017-8704—The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails toEPSS 1.5%CVE-2018-0888—The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, WindowsEPSS 1.5%

← anteriorpágina 40 / 44próxima →