Loading...
Loading...
Windows + Azure + Office (MSRC advisories)
Generated Jun 13, 2026Cohort: 3 vendors with ≥10 CVE advisoriesMethodology ↗
Total all-time: 19,805 CVEs with Microsoft advisories. Source: NVD CVE records joined with vendor advisory publish dates.
56.2% of Microsoft's 19,805 CVEs are CRITICAL or HIGH severity. Industry median: 41.1%. Source: NVD CVSS v3.1.
131 of 10,653 Microsoft CVEs in the last 3 years are on CISA's Known Exploited Vulnerabilities catalog (1.2%). Industry median: 0.6%.
Source: CISA Known Exploited Vulnerabilities catalog (current snapshot). KEV listing means CISA observed active in-the-wild exploitation.
Median time from CVE disclosure to Microsoft advisory: 10 days (p25 1 day – p75 56 days). Industry median: 8 days.
Sample size: 6,817 CVE→advisory pairs over the last 3 years. Source: vendor advisory published_at minus CVE published.
Most-frequently mapped CWEs across Microsoft's last 3 years of CVE disclosures. Source: NVD — CWE mapping per MITRE taxonomy.
Snapshot generated Jun 13, 2026. Industry medians refresh every 6 hours; raw vendor counts are queried live on each request.
Spot a factual error in this report?
Email support@echelongraph.io with the specific number you're disputing and a link to the authoritative source. We review every report and publish corrections on the methodology page.