Microsoft

Security Scorecard

Score

25F

Total CVEs

641

Patch Rate

28%

178 patched

Avg Response

1052d

days to patch

Critical Gaps

35

exploitable, no detection

Severity Breakdown

Critical17

High299

Medium264

Low40

Patch Status

Patched178 (28%)

Partial/Workaround31 (5%)

Unpatched432 (67%)

CVEs (645)

CVE ID	Title	Severity	Score	Days	Patch
CVE-2025-27489	Azure Local Privilege Escalation	High	7.8	-	Patched
CVE-2025-26627	Azure Arc Command Injection	High	7.0	-	Workaround
CVE-2025-21298	-	Critical	9.8	334d	Unpatched
CVE-2024-49112	-	Critical	9.8	367d	Unpatched
CVE-2022-41128	Windows Scripting Languages Remote Code Execution Vulnerability	High	8.8	-1d	Patched
CVE-2022-41033	Windows COM+ Event System Service Elevation of Privilege Vulnerability	High	7.8	-	Patched
CVE-2022-37969	Windows Common Log File System Driver Elevation of Privilege Vulnerability	High	7.8	1d	Patched
CVE-2021-34527	-	High	8.8	124d	Patched
CVE-2021-31956	Windows NTFS Elevation of Privilege Vulnerability	High	7.8	-	Patched
CVE-2021-26855	-	Critical	9.1	245d	Patched