Vulnerabilities > Microsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2017-06-15 CVE-2017-8543 Improper Preservation of Permissions vulnerability in Microsoft products
Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to take control of the affected system when Windows Search fails to handle objects in memory, aka "Windows Search Remote Code Execution Vulnerability".
network
low complexity
microsoft CWE-281
critical
9.8
2017-05-15 CVE-2017-0252 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory.
network
low complexity
microsoft CWE-119
critical
9.8
2017-05-15 CVE-2017-0223 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory.
network
low complexity
microsoft CWE-119
critical
9.8
2017-03-27 CVE-2017-7269 Classic Buffer Overflow vulnerability in Microsoft Internet Information Server 6.0
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
network
low complexity
microsoft CWE-120
critical
9.8
2017-03-23 CVE-2017-6517 Uncontrolled Search Path Element vulnerability in Microsoft Skype 7.16.0.102
Microsoft Skype 7.16.0.102 contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on the targeted system.
network
low complexity
microsoft CWE-427
critical
9.8
2017-03-17 CVE-2017-0021 Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016
Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.
low complexity
microsoft
critical
9.0
2016-12-20 CVE-2016-7277 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Office 2016
Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
critical
9.6
2016-10-14 CVE-2016-7182 Improper Input Validation vulnerability in Microsoft products
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-20
critical
9.8
2016-08-09 CVE-2016-3312 Information Exposure vulnerability in Microsoft Windows 10 1511
ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows attackers to discover credentials by leveraging failure of Universal Outlook to obtain a secure connection, aka "Universal Outlook Information Disclosure Vulnerability."
network
low complexity
microsoft CWE-200
critical
9.1
2016-06-16 CVE-2016-3236 Data Processing Errors vulnerability in Microsoft products
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-19
critical
9.8