Microsoft Vulnerabilities


The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.


The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.


Microsoft Windows5209
Microsoft Internet Explorer1828
Microsoft Edge839
Microsoft Office518
Microsoft Excel220

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.


Official Fix10081
Temporary Fix0
Not Defined600

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.


Not Defined6395

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.


Not Defined0

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base


The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp


The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.



The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.



The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.



A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.



Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.



There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day


The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today


The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (456): .NET (13), .NET Core (23), .NET Core SDK (1), .NET Education Bundle SDK Install Tool (1), .NET Framework (121), .NET Install Tool for Extension Authors (1), 3D Viewer (7), 4K Wireless Display Adapter (1), 365 Apps for Enterprise (13), @azure-ms-rest-nodeauth (1), ADAL.NET (1), ADAM (1), ASP.NET (16), ASP.NET Core (25), ASP.NET Core MVC (2), ASP.NET MVC (1), ASP .NET SignalR (1), AV1 Video Extension (4), Access (14), Accessibility Insights (1), Accessibility Insights for Web (1), Accounts (1), Active Directory Federation Services (1), Active Movie Control (1), ActiveSync (4), ActiveX (2), Agent (1), Anti-cross Site Scripting Library (1), App Installer (1), Application Inspector (1), Atlas framework (1), Authentication Library (1), AutoUpdate for Mac (1), Azure AD Connect (1), Azure ARC (1), Azure Active Directory (1), Azure Active Directory Connect (2), Azure Active Directory Passport (1), Azure App Service (2), Azure Arc-enabled Kubernetes Cluster (1), Azure Automation (2), Azure Automation State Configuration (1), Azure Automation Update Management (1), Azure Batch (1), Azure CLI (2), Azure Container Instance (1), Azure CycleCloud (3), Azure Data Explorer (1), Azure DevOps Server (27), Azure Diagnostics (1), Azure EFLOW (1), Azure Functions (1), Azure Guest Configuration (1), Azure IoT CLI Extension (1), Azure IoT Edge (2), Azure IoT SDK (1), Azure Kubernetes Service (4), Azure Linux Guest Agent (1), Azure Migrate (1), Azure Open Management Infrastructure (5), Azure Pack Rollup (1), Azure RTOS (6), Azure RTOS GUIX (1), Azure RTOS GUIX Studio (1), Azure RTOS USBX (2), Azure Real Time Operating System GUIX Studio (8), Azure SDK for .NET (1), Azure SDK for Java (1), Azure SSH Keypairs (1), Azure Security Center (1), Azure Sentinel (1), Azure Service Fabric (2), Azure Service Fabric Explorer (1), Azure Site Recovery (1), Azure Site Recovery VMWare to Azure (80), Azure Sphere (30), Azure Spring Cloud (1), Azure Stack (1), Azure Stack Edge (1), Azure Stack Hub (1), Azure StorSimple 8000 (1), Azure Storage Blobs Client Library (2), BackOffice (1), Backoffice (1), Backoffice Resource Kit (1), Baseline Security Analyzer (2), Bing (1), Bing Search (2), BizTalk ESB Toolkit (1), BizTalk Server (1), Biztalk Server (2), Bond (1), Bot Framework SDK (2), Business Productivity Servers (1), C SDK for Azure IoT (2), Cabarc (1), ChakraCore (207), Chakra Core (5), Chess Titan (1), Clarity (1), Class Package Export Tool (1), Clip Art Gallery (1), Commerce Server (6), Commercial Internet System (2), Common Utilities (1), Compiled HTML Help (1), Container Monitoring Solution (1), Content Management Server (6), Data.OData (1), Data Access Component Internet Publishing Provider (1), Data Access Components (7), Debug Diagnostic Tool (1), Defender (1), Defender Antimalware Platform (1), Defender for Endpoint (4), Defender for IoT (12), Desktop Client for Mac (1), Diagnostics Troubleshooting Wizard (1), Digital Image (1), DirectX (8), DirectX Files Viewer Control (1), DirectX Media (1), Directx (1), Dynamics (1), Dynamics 365 (32), Dynamics 365 BC On Premise (2), Dynamics 365 Business Central (8), Dynamics 365 Commerce (1), Dynamics 365 Customer Engagement (1), Dynamics 365 Field Service (1), Dynamics 365 for Finance (2), Dynamics 365 for Finance and Operations (3), Dynamics 365 on-premises (1), Dynamics AX (2), Dynamics CRM (4), Dynamics GP (9), Dynamics NAV (6), Edge (839), Endpoint Configuration Manager (1), Endpoint Protection (1), Enhanced Mitigation Experience Toolkit EMET (1), Enterprise Library (1), Entourage (2), Excel (220), Excel 2010 SP2 (1), Excel Viewer (2), Exchange (63), Exchange Server (116), Exchange Srv (1), Expression Design (1), Expression Media (1), FAST ESP (1), FSLogix (1), File Checksum Integrity Verifier (1), File Transfer Manager (2), Forefront Endpoint Protection (6), Forefront Security for Exchange Server (1), Forefront Threat Management Gateway (1), Forefront Unified Access Gateway (12), FrontPage (6), FrontPage Extensions (5), FrontPage Server Extensions (11), Frontpage (3), Frontpage Express (1), GitHub Pull Requests and Issues Extension (1), Groove (1), HEIF Image Extension (2), HEVC Video Extensions (41), HTML Help Workshop (2), Help Workshop (2), Host Integration Server (3), Hotmail (5), Hub Device Client SDK for Azure IoT (1), Hyper-V (13), Hyperlink Object Library (1), IE for Macintosh (1), IIS (190), ISA Proxy (1), ISA Server (31), Identity Manager (1), Index Server (5), Indexing Service (4), Infopath (2), Interactive Training (1), Internet Authentication Service Helper Com Component (1), Internet Explorer (1828), Internet Information Server (1), Internet Information Services (2), Internet Security And Acceleration Server (1), Intune Management Extension (2), Intune Portal (1), JET (1), JScript (1), Java SDK for Azure IoT (2), Java Virtual Machine (12), Jet (2), Jet Database Engine (4), Jupyter Extension for Visual Studio Code (1), Kubernetes Tools (1), Log Analytics Agent (1), Log Sink Class ActiveX control (1), Lync (21), Lync Server (12), Lync for Mac (1), MN-500 Wireless Base Station (2), MN-700 (1), MPEG-2 Video Extension (1), MS-DOS (1), MSDE (2), MSN (1), MSN Messenger (11), MSN Messenger Service for Exchange (1), MSRT (1), Mail Client (1), Malicious Software Removal Tool (1), Malware Protection Engine (11), Maven for Java Extension (1), Media Format Runtime (1), Media Player (5), Media Services (1), Messenger (3), Metadirectory Services (1), Microsoft (1), Microsoft .NET Framework (1), Microsoft Dynamics 365 (4), Microsoft Dynamics NAV 2015 (1), Microsoft Edge (1), Microsoft Exchange Server (6), Microsoft Photos (1), Money (2), Mono Framework (1), NET Framework (6), NetMeeting (7), Netmeeting (2), Network Monitor (2), Network Watcher Agent Virtual Machine Extension for Linux (1), Nokia Asha 501 (1), NuGet (2), Office (518), Office 365 (4), Office 365 ProPlus (1), Office App (1), Office Communicator (2), Office Compability Pack (1), Office Compatibility Pack (11), Office Converter Pack (1), Office Excel (4), Office InfoPath (1), Office Online Server (10), Office Picture Manager (1), Office Publisher (1), Office SharePoint Server (2), Office Snapshot Viewer ActiveX (1), Office Web Apps (10), Office Web Apps Server (7), Office Web Components (4), Office Word Viewer (2), Office for Mac 2011 (1), On-Premises Data Gateway (1), OneDrive (9), OneNote (4), Open Enclave SDK (3), Open XML File Format Converter (1), Operations (2), Organization Chart (1), Outlook (80), (1), Outlook Express (28), Outlook Express Book Control (1), Outlook Web Access (2), Outlook Web App (1), Package Manager Configurations (1), Paint 3D (4), Passport (1), Passport-SAML (1), Passport Manager (2), Passport SDK (6), Password SDK (1), Peachtree Accounting (1), Personal Firewall (2), Personal Web Server (1), PhoneBook Server (1), Plus! (1), Pocket Internet Explorer (1), Power Apps (1), Power Automate (1), Power BI (1), PowerBI-Client JS SDK (1), Power BI Report Server (5), PowerPoint (67), PowerPoint Viewer (5), PowerShell (1), PowerShell Core (1), PowerShell Editor Services (1), PowerShell Extension for Visual Studio Code (1), PowerShellGet (1), Powerpoint (5), Project (10), Project Server (4), Proxy Server (2), Publisher (20), Publisher 2003 (9), Quantum Development Kit for Visual Studio Code (1), RMS Sharing for Mac (1), RTOS GUIX (3), Raw Image Extension (10), Register Server (1), Remote Desktop Connection Client (1), Remote Desktop Connection Manager (1), Remote Desktop For Mac (1), Research JavaScript Cryptography Library (2), Rich Textbox Control (1), Rome SDK (2), SCS Add-on (1), SMS Console (1), SMS Server (1), SNA Server (1), SQL Server (90), SQL Server 2017 Reporting Services (1), SQL Server 2019 Reporting Services (1), SQL Server Management Studio (6), Secure Access (1), Security Essentials (9), Security Essentials Antimalware Engine (2), Service Fabric (1), Services (1), SharePoint (62), SharePoint Enterprise Server (131), SharePoint Foundation (61), SharePoint Server (179), SharePoint Services (1), SharePoint Team Services (1), Sharepoint (6), Sharepoint Portal Server (1), Silverlight (17), Site Server (11), Skype (14), Skype Extension (1), Skype for Android (1), Skype for Business (15), Skype for Business Server (9), Sterling Connect Direct (1), Surface Hub (1), Surface Pro (1), Sysinternals (1), Sysinternals PsExec (1), System Center (1), System Center Endpoint Protection (8), System Center Operations Manager (7), System Center Virtual Machine Manager (1), System Information ActiveX control (1), Systems Management (1), Systems Management Server (3), TSAC ActiveX Control (1), TSAC Activex Control (1), Team Foundation Server (23), Teams (5), Teams Admin Center (1), Tech Companion (1), Teredo (4), Terminal Server (2), URLScan (2), VBScript (1), VISIO (1), VP9 Video Extensions (6), Vfp Ole Server Activex Control (1), Virtual Machine (11), Virtual PC (4), Virtual Server (1), Visio (24), Visio Viewer (6), Visual Basic (10), Visual Basic Enterprise Edition (1), Visual C++ (1), Visual C++ Redistributable (1), Visual Database Tools Database Designer (1), Visual FoxPro (3), Visual InterDev (2), Visual Studio (92), Visual Studio .net (1), Visual Studio Code (37), Visual Studio Code Live Share Extension (1), Visual Studio Code Remote Containers Extension (1), Visual Studio Code WSL Extension (1), Visual Studio Community (1), Visual Studio Team Foundation Server (1), W3Who ISAPI (2), WMI Administrative Tools (1), WebDAV Mini-Redirector (1), Web Media Extensions (1), WebP Image Extension (1), Web Proxy (1), WebTV (2), Whale Communication IAG (1), Windows (5209), Windows-nt (1), Windows 10 Update Assistant (2), Windows Admin Center (1), Windows Azure Sdk (1), Windows Defender (8), Windows Digital Rights Management (1), Windows Embedded (1), Windows Essentials (1), Windows Event Viewer (1), Windows Explorer (2), Windows Host Compute (1), Windows Image Acquisition Logger (1), Windows Installer (1), Windows Live Messenger (7), Windows Live Movie Maker (1), Windows Live OneCare (1), Windows Live Onecare (2), Windows Mail (3), Windows Media Center (2), Windows Media Center TV Pack (1), Windows Media Encoder (1), Windows Media Format Runtime (1), Windows Media Player (38), Windows Media Rights Manager (1), Windows Media Services (6), Windows Messenger (2), Windows Mobile (7), Windows Mobile Pocket PC (1), Windows Modern Mail (1), Windows Movie Maker (2), Windows Phone (2), Windows Search (1), Windows Server (1), Windows SharePoint Services (1), Windows Subsystem for Linux (1), Windows Sysmon (1), Windows Upgrade Assistant (1), Wireless Desktop 2000 (1), Wireless Display Adapter V2 (1), Wireless Keyboard (2), Wireless Zero Configuration system (1), Word (135), Word 2003 (1), WordPad (1), WordPerfect (1), Word Viewer (4), Wordperfect Converter (1), Works (9), XML Core Services (13), Xamarin.Forms (1), Xbox 360 (2), Xbox Live (1), Xerte (1), YARP (1), Yammer (1), YourPhone App (1), Zune (1), antispyware (2), iis (2), winword (1), workspace-tools (1)

Link to Vendor Website:

11/17/20223.13.0Microsoft Power Automate/Power Apps/Power BI SAS URI information disclosureAutomation SoftwareProof-of-ConceptUnavailable0.040.00000
11/08/20228.37.3Microsoft Windows CNG Key Isolation Service Privilege EscalationOperating SystemUnprovenOfficial Fix0.480.01150CVE-2022-41125
11/08/20225.44.7Microsoft SharePoint Server information disclosureGroupware SoftwareUnprovenOfficial Fix0.030.01150CVE-2022-41122
11/08/20228.37.3Microsoft Windows Sysmon Privilege EscalationOperating SystemUnprovenOfficial Fix0.430.01150CVE-2022-41120
11/08/20227.06.1Microsoft Visual Studio Remote Code ExecutionProgramming Tool SoftwareUnprovenOfficial Fix0.110.01528CVE-2022-41119
11/08/20227.56.5Microsoft Windows Scripting Language Remote Code ExecutionOperating SystemUnprovenOfficial Fix0.110.01601CVE-2022-41118
11/08/20224.94.3Microsoft Windows GDI+ information disclosureOperating SystemUnprovenOfficial Fix0.030.02251CVE-2022-41098
11/08/20228.27.1Microsoft Windows Advanced Local Procedure Call Privilege EscalationOperating SystemUnprovenOfficial Fix0.050.01150CVE-2022-41093
11/08/20228.37.3Microsoft Windows Win32k Privilege EscalationOperating SystemUnprovenOfficial Fix0.040.01150CVE-2022-41092
11/08/20225.44.7Microsoft Windows Mark of the Web unknown vulnerabilityOperating SystemUnprovenOfficial Fix0.390.02251CVE-2022-41091
11/08/20227.56.5Microsoft Azure CycleCloud Remote Code ExecutionCloud SoftwareUnprovenOfficial Fix0.070.02251CVE-2022-41085
11/08/20223.32.9Microsoft Dynamics 365 Business Central information disclosureUnknownUnprovenOfficial Fix0.030.01150CVE-2022-41066
11/08/20227.06.1Microsoft Excel Remote Code ExecutionSpreadsheet SoftwareUnprovenOfficial Fix0.030.01528CVE-2022-41063
11/08/20228.37.3Microsoft Windows HTTP.sys Privilege EscalationOperating SystemUnprovenOfficial Fix0.060.01150CVE-2022-41057
11/08/20228.37.3Microsoft Windows Resilient File System Privilege EscalationOperating SystemUnprovenOfficial Fix0.000.01150CVE-2022-41054
11/08/20225.45.0Microsoft Windows Mark of the Web unknown vulnerabilityOperating SystemFunctionalOfficial Fix0.090.02251CVE-2022-41049
11/08/20228.87.7Microsoft Windows ODBC Driver Remote Code ExecutionOperating SystemUnprovenOfficial Fix0.140.01601CVE-2022-41047
11/08/20228.27.1Microsoft Windows Advanced Local Procedure Call Privilege EscalationOperating SystemUnprovenOfficial Fix0.090.01150CVE-2022-41045
11/08/20227.36.3Microsoft Windows Subsystem for Linux/Azure EFLOW Kernel Privilege EscalationOperating SystemUnprovenOfficial Fix0.000.01150CVE-2022-38014
11/08/20228.37.3Microsoft Windows Group Policy Privilege EscalationOperating SystemUnprovenOfficial Fix0.190.01150CVE-2022-37992
11/08/20228.88.2Microsoft Windows Scripting Language Remote Code ExecutionOperating SystemFunctionalOfficial Fix0.480.01601CVE-2022-41128
11/08/20228.37.3Microsoft Exchange Server Privilege EscalationGroupware SoftwareUnprovenOfficial Fix0.000.01150CVE-2022-41123
11/08/20225.95.2Microsoft Windows Point-to-Point Tunneling Protocol denial of serviceOperating SystemUnprovenOfficial Fix0.040.02251CVE-2022-41116
11/08/20227.36.3Microsoft Windows Bind Filter Driver Privilege EscalationOperating SystemUnprovenOfficial Fix0.030.01150CVE-2022-41114
11/08/20228.37.3Microsoft Windows Win32 Kernel Subsystem Privilege EscalationOperating SystemUnprovenOfficial Fix0.030.01150CVE-2022-41113
11/08/20228.37.3Microsoft Windows Win32k Privilege EscalationOperating SystemUnprovenOfficial Fix0.030.01150CVE-2022-41109
11/08/20227.06.1Microsoft Office Graphics Remote Code ExecutionOffice Suite SoftwareUnprovenOfficial Fix0.030.01528CVE-2022-41107
11/08/20227.06.1Microsoft Excel Remote Code ExecutionSpreadsheet SoftwareUnprovenOfficial Fix0.080.04475CVE-2022-41106
11/08/20224.94.3Microsoft Excel information disclosureSpreadsheet SoftwareUnprovenOfficial Fix0.040.02251CVE-2022-41105
11/08/20224.94.3Microsoft Excel information disclosureSpreadsheet SoftwareUnprovenOfficial Fix0.060.02251CVE-2022-41104
11/08/20224.94.3Microsoft Word information disclosureWord Processing SoftwareUnprovenOfficial Fix0.040.02251CVE-2022-41103
11/08/20228.37.3Microsoft Windows Overlay Filter Privilege EscalationOperating SystemUnprovenOfficial Fix0.060.01150CVE-2022-41102
11/08/20228.37.3Microsoft Windows Overlay Filter Privilege EscalationOperating SystemUnprovenOfficial Fix0.000.01150CVE-2022-41101
11/08/20228.27.1Microsoft Windows Advanced Local Procedure Call Privilege EscalationOperating SystemUnprovenOfficial Fix0.030.01150CVE-2022-41100
11/08/20223.53.0Microsoft Windows BitLocker information disclosureOperating SystemUnprovenOfficial Fix0.060.02251CVE-2022-41099
11/08/20225.44.7Microsoft Windows Network Policy Server information disclosureOperating SystemUnprovenOfficial Fix0.030.01150CVE-2022-41097
11/08/20228.37.3Microsoft Windows DWM Core Library Privilege EscalationOperating SystemUnprovenOfficial Fix0.070.01150CVE-2022-41096
11/08/20228.37.3Microsoft Windows Digital Media Receiver Privilege EscalationOperating SystemUnprovenOfficial Fix0.030.01150CVE-2022-41095
11/08/20225.95.2Microsoft Windows Point-to-Point Tunneling Protocol denial of serviceOperating SystemUnprovenOfficial Fix0.040.02251CVE-2022-41090
11/08/20228.17.1Microsoft Windows Point-to-Point Tunneling Protocol Remote Code ExecutionOperating SystemUnprovenOfficial Fix0.040.01601CVE-2022-41088
11/08/20226.55.7Microsoft Windows Group Policy Privilege EscalationOperating SystemUnprovenOfficial Fix0.030.01150CVE-2022-41086
11/08/20228.87.7Microsoft Exchange Server Privilege EscalationGroupware SoftwareUnprovenOfficial Fix0.090.02251CVE-2022-41080
11/08/20228.47.4Microsoft Exchange Server Privilege EscalationGroupware SoftwareUnprovenOfficial Fix0.030.02251CVE-2022-41079
11/08/20228.47.4Microsoft Exchange Server Privilege EscalationGroupware SoftwareUnprovenOfficial Fix0.030.02251CVE-2022-41078
11/08/20228.37.3Microsoft Windows Print Spooler Privilege EscalationOperating SystemUnprovenOfficial Fix0.230.01150CVE-2022-41073
11/08/20224.64.1Microsoft .NET Framework information disclosureProgramming Language SoftwareUnprovenOfficial Fix0.200.01150CVE-2022-41064
11/08/20228.87.7Microsoft SharePoint Server Privilege EscalationGroupware SoftwareUnprovenOfficial Fix0.070.01967CVE-2022-41062
11/08/20227.06.1Microsoft Word Remote Code ExecutionWord Processing SoftwareUnprovenOfficial Fix0.070.01528CVE-2022-41061
11/08/20224.94.3Microsoft Word information disclosureWord Processing SoftwareUnprovenOfficial Fix0.030.02251CVE-2022-41060
11/08/20227.56.5Microsoft Windows Server Network Address Translation denial of serviceOperating SystemUnprovenOfficial Fix0.030.02251CVE-2022-41058

11121 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!