Loading...
Loading...
Windows + Azure + Office (MSRC advisories)
Generated May 28, 2026Cohort: 3 vendors with ≥10 CVE advisoriesMethodology ↗
Total all-time: 15,616 CVEs with Microsoft advisories. Source: NVD CVE records joined with vendor advisory publish dates.
56.5% of Microsoft's 15,616 CVEs are CRITICAL or HIGH severity. Industry median: 40.3%. Source: NVD CVSS v3.1.
81 of 6,591 Microsoft CVEs in the last 3 years are on CISA's Known Exploited Vulnerabilities catalog (1.2%). Industry median: 0.7%.
Source: CISA Known Exploited Vulnerabilities catalog (current snapshot). KEV listing means CISA observed active in-the-wild exploitation.
Median time from CVE disclosure to Microsoft advisory: 14 days (p25 2 days – p75 71 days). Industry median: 10 days.
Sample size: 4,411 CVE→advisory pairs over the last 3 years. Source: vendor advisory published_at minus CVE published.
Most-frequently mapped CWEs across Microsoft's last 3 years of CVE disclosures. Source: NVD — CWE mapping per MITRE taxonomy.
Snapshot generated May 28, 2026. Industry medians refresh every 6 hours; raw vendor counts are queried live on each request.
Spot a factual error in this report?
Email support@echelongraph.io with the specific number you're disputing and a link to the authoritative source. We review every report and publish corrections on the methodology page.