Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Windows Number Of NVD 3854 CRITICAL 65 HIGH 2644 MEDIUM 1087 LOW 58
URL https://www.microsoft.com/
Explanation For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support).
You may need to deploy the latest updates to be eligible for support.
For some products, the support organization may be less than 10 years.

For consumer and multimedia products, five years of mainstream support at the supported Service Pack level.

The above text is excerpted from Microsoft's Fixed Lifecycle Policy.
Tag
  • Microsoft
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 https://www.microsoft.com/ja-jp/atlife/article-windows10-portal-eos.aspx
2 https://support.microsoft.com/help/14085/fixed-lifecycle-policy
3 https://support.microsoft.com/help/30881/modern-lifecycle-policy
4 https://support.microsoft.com//lifecycle/search
5 https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy
6 https://support.microsoft.com/ja-jp/help/4057281/windows-7-support-ended-on-january-14-2020
7 https://docs.microsoft.com/ja-jp/windows/release-information/
8 https://docs.microsoft.com/ja-jp/lifecycle/faq/extended-security-updates

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
3781 Windows 11 25H2 Sept. 30, 2025 Oct. 4, 2021 Oct. 12, 2027 Oct. 10, 2028 0 0 0 0
3782 Windows 11 23H2 Oct. 31, 2023 Oct. 4, 2021 15 425 130 3
3783 Windows 11 24H2 Oct. 1, 2024 Oct. 4, 2021 Oct. 13, 2026 Oct. 12, 2027 0 0 0 0
3784 Windows 10 (Enterprise, Education, Pro, Pro for Workstations, IoT, Home) 22H2 Oct. 18, 2022 July 29, 2015 Oct. 14, 2025 57 2049 872 33
3785 Windows Phone 8.1 June 24, 2014 July 11, 2017 0 0 0 0
3786 Windows RT 8.1 Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 27 1228 494 38
3787 Windows Embedded 8.1 Pro Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 30 1296 503 34
3788 Windows 8.1 Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 30 1296 503 34
3789 Windows Phone 7.8 Feb. 9, 2013 Oct. 14, 2014 0 0 0 0
3790 Windows 8 Oct. 30, 2012 Jan. 12, 2016 0 167 56 24
3791 Windows Embedded Standard 7(Service Pack 1適用) July 29, 2010 Oct. 13, 2015 Oct. 13, 2020 0 0 0 0
3792 Windows 7 Oct. 22, 2009 Jan. 13, 2015 April 9, 2013 Jan. 14, 2020 29 1407 538 31
3793 Windows Vista Jan. 25, 2007 April 10, 2012 April 13, 2010 April 11, 2017 1 264 67 20
3794 Windows XP Embedded Jan. 30, 2002 Jan. 12, 2016 2 287 85 0
3795 Windows XP Dec. 31, 2001 April 8, 2014 2 287 85 0
3796 Windows Millennium Edition Dec. 31, 2000 Dec. 31, 2003 July 11, 2006 0 1 1 0
3797 Microsoft Windows 2000 Professional March 31, 2000 June 30, 2005 July 13, 2010 2 40 19 0
3798 Windows 98 Second Edition June 30, 1999 June 30, 2002 July 11, 2006 1 1 1 0
3799 Windows 98 Standard Edition June 30, 1998 June 30, 2002 July 11, 2006 1 2 2 0
3800 Windows 95 Aug. 24, 1995 Dec. 31, 2001 0 3 2 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
3781 -
4.6
MEDIUM The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privile… CWE-264
Permissions, Privileges, and Access Controls
CVE-2009-2653 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2009-08-3
Show GitHub Exploit DB Packet Storm
3782 -
9.3
HIGH The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 a… CWE-264
Permissions, Privileges, and Access Controls
CVE-2009-2493 cpe:2.3:o:microsoft:windows_vista:-:* 2026-04-23 09:35
2009-07-30
Show GitHub Exploit DB Packet Storm
3783 -
9.3
HIGH Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2; and Internet Explorer 7 and 8 for Windows XP SP2 and SP3, Server 2003 SP2, Vista Go… CWE-94
Code Injection
CVE-2009-1919 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp3
2026-04-23 09:35
2009-07-30
Show GitHub Exploit DB Packet Storm
3784 -
9.3
HIGH The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate… CWE-94
Code Injection
CVE-2009-1539 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2009-07-16
Show GitHub Exploit DB Packet Storm
3785 -
9.3
HIGH The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointe… CWE-20
 Improper Input Validation 
CVE-2009-1538 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2009-07-16
Show GitHub Exploit DB Packet Storm
3786 -
9.3
HIGH Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attack… CWE-189
Numeric Errors
CVE-2009-0232 cpe:2.3:o:microsoft:windows_vista:-:sp2
cpe:2.3:o:microsoft:windows_vista:-:sp1
2026-04-23 09:35
2009-07-16
Show GitHub Exploit DB Packet Storm
3787 8.8
9.3
HIGH
Network
The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to… CWE-681
 Incorrect Conversion between Numeric Types
CVE-2009-0231 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_vista:-:sp2…
2026-04-23 09:35
2009-07-16
Show GitHub Exploit DB Packet Storm
3788 -
9.3
HIGH Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in… CWE-94
Code Injection
CVE-2008-0020 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2009-07-8
Show GitHub Exploit DB Packet Storm
3789 8.8
9.3
HIGH
Network
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microso… CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow
CVE-2008-0015 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-22 03:41
2009-07-8
Show GitHub Exploit DB Packet Storm
3790 -
7.2
HIGH The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions,… CWE-20
 Improper Input Validation 
CVE-2009-1124 cpe:2.3:o:microsoft:windows_vista:gold:* 2026-04-23 09:35
2009-06-11
Show GitHub Exploit DB Packet Storm