Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Windows Number Of NVD 3854 CRITICAL 65 HIGH 2644 MEDIUM 1087 LOW 58
URL https://www.microsoft.com/
Explanation For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support).
You may need to deploy the latest updates to be eligible for support.
For some products, the support organization may be less than 10 years.

For consumer and multimedia products, five years of mainstream support at the supported Service Pack level.

The above text is excerpted from Microsoft's Fixed Lifecycle Policy.
Tag
  • Microsoft
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 https://www.microsoft.com/ja-jp/atlife/article-windows10-portal-eos.aspx
2 https://support.microsoft.com/help/14085/fixed-lifecycle-policy
3 https://support.microsoft.com/help/30881/modern-lifecycle-policy
4 https://support.microsoft.com//lifecycle/search
5 https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy
6 https://support.microsoft.com/ja-jp/help/4057281/windows-7-support-ended-on-january-14-2020
7 https://docs.microsoft.com/ja-jp/windows/release-information/
8 https://docs.microsoft.com/ja-jp/lifecycle/faq/extended-security-updates

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
3801 Windows 11 25H2 Sept. 30, 2025 Oct. 4, 2021 Oct. 12, 2027 Oct. 10, 2028 0 0 0 0
3802 Windows 11 23H2 Oct. 31, 2023 Oct. 4, 2021 15 425 130 3
3803 Windows 11 24H2 Oct. 1, 2024 Oct. 4, 2021 Oct. 13, 2026 Oct. 12, 2027 0 0 0 0
3804 Windows 10 (Enterprise, Education, Pro, Pro for Workstations, IoT, Home) 22H2 Oct. 18, 2022 July 29, 2015 Oct. 14, 2025 57 2049 872 33
3805 Windows Phone 8.1 June 24, 2014 July 11, 2017 0 0 0 0
3806 Windows RT 8.1 Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 27 1228 494 38
3807 Windows Embedded 8.1 Pro Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 30 1296 503 34
3808 Windows 8.1 Nov. 13, 2013 Jan. 9, 2018 Jan. 10, 2023 30 1296 503 34
3809 Windows Phone 7.8 Feb. 9, 2013 Oct. 14, 2014 0 0 0 0
3810 Windows 8 Oct. 30, 2012 Jan. 12, 2016 0 167 56 24
3811 Windows Embedded Standard 7(Service Pack 1適用) July 29, 2010 Oct. 13, 2015 Oct. 13, 2020 0 0 0 0
3812 Windows 7 Oct. 22, 2009 Jan. 13, 2015 April 9, 2013 Jan. 14, 2020 29 1407 538 31
3813 Windows Vista Jan. 25, 2007 April 10, 2012 April 13, 2010 April 11, 2017 1 264 67 20
3814 Windows XP Embedded Jan. 30, 2002 Jan. 12, 2016 2 287 85 0
3815 Windows XP Dec. 31, 2001 April 8, 2014 2 287 85 0
3816 Windows Millennium Edition Dec. 31, 2000 Dec. 31, 2003 July 11, 2006 0 1 1 0
3817 Microsoft Windows 2000 Professional March 31, 2000 June 30, 2005 July 13, 2010 2 40 19 0
3818 Windows 98 Second Edition June 30, 1999 June 30, 2002 July 11, 2006 1 1 1 0
3819 Windows 98 Standard Edition June 30, 1998 June 30, 2002 July 11, 2006 1 2 2 0
3820 Windows 95 Aug. 24, 1995 Dec. 31, 2001 0 3 2 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
3801 7.8
7.2
HIGH
Local
The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges … CWE-20
 Improper Input Validation 
CVE-2009-0082 cpe:2.3:o:microsoft:windows_vista:gold:* 2026-04-23 09:35
2009-03-11
Show GitHub Exploit DB Packet Storm
3802 -
9.3
HIGH The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate… CWE-20
 Improper Input Validation 
CVE-2009-0081 cpe:2.3:o:microsoft:windows_vista:gold:* 2026-04-23 09:35
2009-03-11
Show GitHub Exploit DB Packet Storm
3803 -
7.6
HIGH Windows Internet Naming Service (WINS) allows remote attackers to cause a denial of service (connectivity loss) or steal credentials via a 1Ch registration that causes WINS to change the domain contr… CWE-59
Link Following
CVE-1999-1593 cpe:2.3:o:microsoft:windows_98:-:* 2026-04-23 09:35
2009-01-15
Show GitHub Exploit DB Packet Storm
3804 9.8
9.3
CRITICAL
Network
Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a d… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2008-3465 cpe:2.3:o:microsoft:windows_vista:gold:* 2026-04-23 09:35
2008-12-10
Show GitHub Exploit DB Packet Storm
3805 -
9.3
HIGH Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed h… CWE-189
Numeric Errors
CVE-2008-2249 cpe:2.3:o:microsoft:windows_vista:gold:* 2026-04-23 09:35
2008-12-10
Show GitHub Exploit DB Packet Storm
3806 -
6.9
MEDIUM Stack-based buffer overflow in Microsoft Device IO Control in iphlpapi.dll in Microsoft Windows Vista Gold and SP1 allows local users in the Network Configuration Operator group to gain privileges or… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2008-5229 cpe:2.3:o:microsoft:windows_vista:gold:* 2026-04-23 09:35
2008-11-26
Show GitHub Exploit DB Packet Storm
3807 -
5.0
MEDIUM The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitt… CWE-200
Information Exposure
CVE-2008-5112 cpe:2.3:o:microsoft:windows:server_2003:sp2
cpe:2.3:o:microsoft:windows:server_2003:sp1
2026-04-23 09:35
2008-11-18
Show GitHub Exploit DB Packet Storm
3808 -
9.3
HIGH Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by r… CWE-287
Improper Authentication
CVE-2008-4037 cpe:2.3:o:microsoft:windows:xp:unknown
cpe:2.3:o:microsoft:windows:xp:sp3
cpe:2.3:o:microsoft:windows:xp:sp2
c…
2026-04-23 09:35
2008-11-13
Show GitHub Exploit DB Packet Storm
3809 -
10.0
HIGH The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a craf… CWE-94
Code Injection
CVE-2008-4250 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_xp:-:sp2
2026-04-23 09:35
2008-10-24
Show GitHub Exploit DB Packet Storm
3810 -
7.1
HIGH The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of serv… CWE-16
NVD-CWE-noinfo
Configuration
CVE-2008-4609 cpe:2.3:o:microsoft:windows_xp:-:sp3
cpe:2.3:o:microsoft:windows_xp:-:sp2
cpe:2.3:o:microsoft:windows_vista:-:sp2…
2026-04-23 09:35
2008-10-21
Show GitHub Exploit DB Packet Storm