Microsoft
Security Scorecard
Score
25F
Total CVEs
634
Patch Rate
27%
172 patched
Avg Response
1052d
days to patch
Critical Gaps
35
exploitable, no detection
Severity Breakdown
Critical15
High294
Medium264
Low40
Patch Status
Patched172 (27%)
Partial/Workaround31 (5%)
Unpatched431 (68%)
CVEs (644)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2026-24888 | Maker.js Vector Line Drawing Exploit | Medium | 6.5 | - | Patched |
| CVE-2025-41727 | Device Manager Bypass | High | 7.8 | - | Patched |
| CVE-2025-41728 | Device Manager Web Service RCE | Medium | 5.3 | - | Patched |
| CVE-2026-21509 | Windows Server Local Privilege Escalation | High | 7.8 | - | Workaround |
| CVE-2026-24304 | Azure Resource Manager Privilege Escalation | Critical | 9.9 | - | Patched |
| CVE-2026-0758 | mcp-server-siri-shortcuts Shortcut Injection | High | 7.8 | - | Patched |
| CVE-2026-23988 | Rufus Bootloader Exploit | High | 7.3 | - | Patched |
| CVE-2026-21227 | Azure Logic Apps Path Traversal Vulnerability | High | 8.2 | - | Patched |
| CVE-2026-21264 | CVE-2026-21264 | Critical | 9.3 | - | Patched |
| CVE-2026-21520 | Copilot Studio Data Exposure | High | 7.5 | - | Workaround |