Microsoft
Security Scorecard
Score
25F
Total CVEs
641
Patch Rate
28%
178 patched
Avg Response
1052d
days to patch
Critical Gaps
35
exploitable, no detection
Severity Breakdown
Critical17
High299
Medium264
Low40
Patch Status
Patched178 (28%)
Partial/Workaround31 (5%)
Unpatched432 (67%)
CVEs (645)
| CVE ID | Title | Severity | Score | Days | Patch |
|---|---|---|---|---|---|
| CVE-2026-20957 | Excel Integer Overflow Vulnerability | High | 7.8 | - | Patched |
| CVE-2026-20958 | MS Office SharePoint SSRF | Medium | 5.4 | - | Workaround |
| CVE-2026-20959 | Cross-Site Scripting in Microsoft Office SharePoint | Medium | 4.6 | - | Patched |
| CVE-2026-20962 | DRTM Resource Disclosure Vulnerability | Medium | 4.4 | - | Workaround |
| CVE-2026-20965 | Windows Admin Center Privilege Escalation | High | 7.5 | - | Patched |
| CVE-2026-21219 | Inbox COM Object Use After Free Vulnerability | High | 7.0 | - | Patched |
| CVE-2026-21224 | Azure Connected Machine Agent Vulnerability | High | 7.8 | - | Patched |
| CVE-2020-36911 | Covenant RCE | Critical | 9.8 | - | Patched |
| CVE-2026-21226 | Azure Core Shared Client Library Deserialization Vulnerability | High | 7.5 | - | Patched |
| CVE-2025-66620 | MicroServer Webshell Exploit | High | 8.0 | - | Patched |