- What is the microsoft CNA?
- microsoft is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 11,701 CVE records since 2005.
- How many CVEs has microsoft published?
- microsoft has published 11,701 CVE records, including 2,464 in the last two years.
- What is microsoft's CVE data quality grade?
- RadicalNotion.AI grades microsoft's CVE data quality as F, with an overall completeness score of 58.3%. This reflects how consistently its CVE records include vendor (75.1%), product (75.1%), CVSS (50.8%), and CWE (32%) information.
- What products does microsoft publish CVEs for?
- microsoft most frequently publishes CVEs for Windows Server 2016, Windows Server 2019, Windows Server 2012, Windows 10, Windows Server 2008.
- Which vendors does microsoft cover?
- microsoft publishes CVEs across 5 distinct vendors, most often Microsoft Corporation, dotnet, apple, powershell, linux.
- Is microsoft actively publishing CVEs?
- microsoft is currently active, based on 2,464 CVEs in the last two years.
- What is the average severity of microsoft's CVEs?
- The average CVSS base score across microsoft's scored CVEs is 7.3.
- How many critical CVEs has microsoft published?
- microsoft has published 1,867 critical-severity CVEs and 7,606 high-severity CVEs.
- Are any of microsoft's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 372 of microsoft's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in microsoft's CVEs?
- microsoft's CVEs most often map to these CWE weakness types: CWE-416 (Use After Free), CWE-122 (Heap-based Buffer Overflow), CWE-125 (Out-of-bounds Read), CWE-20 (Improper Input Validation).
- How does microsoft rank among CNAs?
- By total CVE volume, microsoft ranks #4 of 370 CNAs, and it reports more complete CVE records than 13% of all CNAs.