Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Windows Number Of NVD 3854 CRITICAL 65 HIGH 2644 MEDIUM 1087 LOW 58
URL https://www.microsoft.com/
Explanation For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support).
You may need to deploy the latest updates to be eligible for support.
For some products, the support organization may be less than 10 years.

For consumer and multimedia products, five years of mainstream support at the supported Service Pack level.

The above text is excerpted from Microsoft's Fixed Lifecycle Policy.
Tag
  • Microsoft
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 https://www.microsoft.com/ja-jp/atlife/article-windows10-portal-eos.aspx
2 https://support.microsoft.com/help/14085/fixed-lifecycle-policy
3 https://support.microsoft.com/help/30881/modern-lifecycle-policy
4 https://support.microsoft.com//lifecycle/search
5 https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy
6 https://support.microsoft.com/ja-jp/help/4057281/windows-7-support-ended-on-january-14-2020
7 https://docs.microsoft.com/ja-jp/windows/release-information/
8 https://docs.microsoft.com/ja-jp/lifecycle/faq/extended-security-updates

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
3751 Windows 11 25H2 Sept. 30, 2025 Oct. 4, 2021 Oct. 12, 2027 Oct. 10, 2028 0 0 0 0
3752 Windows 11 23H2 Oct. 31, 2023 Oct. 4, 2021 15 425 130 3
3753 Windows 11 24H2 Oct. 1, 2024 Oct. 4, 2021 Oct. 13, 2026 Oct. 12, 2027 0 0 0 0
3754 Windows 10 (Enterprise, Education, Pro, Pro for Workstations, IoT, Home) 22H2 Oct. 18, 2022 July 29, 2015 Oct. 14, 2025 57 2049 872 33
3755 Windows Phone 8.1 June 24, 2014 July 11, 2017 0 0 0 0
3756 Windows RT 8.1 Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 27 1228 494 38
3757 Windows Embedded 8.1 Pro Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 30 1296 503 34
3758 Windows 8.1 Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 30 1296 503 34
3759 Windows Phone 7.8 Feb. 9, 2013 Oct. 14, 2014 0 0 0 0
3760 Windows 8 Oct. 30, 2012 Jan. 12, 2016 0 167 56 24
3761 Windows Embedded Standard 7(Service Pack 1適用) July 29, 2010 Oct. 13, 2015 Oct. 13, 2020 0 0 0 0
3762 Windows 7 Oct. 22, 2009 Jan. 13, 2015 April 9, 2013 Jan. 14, 2020 29 1407 538 31
3763 Windows Vista Jan. 25, 2007 April 10, 2012 April 13, 2010 April 11, 2017 1 264 67 20
3764 Windows XP Embedded Jan. 30, 2002 Jan. 12, 2016 2 287 85 0
3765 Windows XP Dec. 31, 2001 April 8, 2014 2 287 85 0
3766 Windows Millennium Edition Dec. 31, 2000 Dec. 31, 2003 July 11, 2006 0 1 1 0
3767 Microsoft Windows 2000 Professional March 31, 2000 June 30, 2005 July 13, 2010 2 40 19 0
3768 Windows 98 Second Edition June 30, 1999 June 30, 2002 July 11, 2006 1 1 1 0
3769 Windows 98 Standard Edition June 30, 1998 June 30, 2002 July 11, 2006 1 2 2 0
3770 Windows 95 Aug. 24, 1995 Dec. 31, 2001 0 3 2 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
3751 -
9.3
HIGH Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini… CWE-94
Code Injection
CVE-2009-2531 cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3752 -
9.3
HIGH Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly ini… CWE-94
Code Injection
CVE-2009-2530 cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3753 8.1
9.3
HIGH
Network
Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not properly handle argument validation for unspecified variables, which allows remote attackers to execute arbitrary code via a crafted … CWE-94
Code Injection
CVE-2009-2529 cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3754 -
7.8
HIGH Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and… CWE-399
 Resource Management Errors
CVE-2009-2526 cpe:2.3:o:microsoft:windows_vista:-:sp2
cpe:2.3:o:microsoft:windows_vista:-:sp1
2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3755 -
7.8
HIGH Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, a… CWE-189
Numeric Errors
CVE-2009-2524 cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_7:-:*
2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3756 -
7.2
HIGH Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a craf… CWE-189
Numeric Errors
CVE-2009-2515 cpe:2.3:o:microsoft:windows_vista:sp1:* 2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3757 -
7.5
HIGH Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, an… CWE-189
Numeric Errors
CVE-2009-2511 cpe:2.3:o:microsoft:windows_7:-:* 2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3758 -
6.8
MEDIUM The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used… CWE-310
Cryptographic Issues
CVE-2009-2510 cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_7:-:*
2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3759 -
9.3
HIGH A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary… NVD-CWE-noinfo
CVE-2009-2507 cpe:2.3:o:microsoft:windows_xp:-:sp2 2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm
3760 -
9.3
HIGH The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute… CWE-94
Code Injection
CVE-2009-2497 cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_7:-:*
2026-04-23 09:35
2009-10-14
Show GitHub Exploit DB Packet Storm