Defender vulnerabilities: known CVEs & security history
Microsoft · Actively exploited · 30 tracked CVEs · 2 actively exploited · updated June 2026 · what is a CVE? →
This is the full list of known vulnerabilities (CVEs) across all Defender release lines — 30 in total, with 2 actively exploited in the wild. A CVE here doesn't mean your version is affected — check Defender's current status and the safe version to run.
Known Defender CVEs
Actively-exploited and most-severe first. Open any CVE for full details.
| CVE | Severity | CVSS | EPSS | Year |
|---|---|---|---|---|
| CVE-2021-1647⚡ exploited | high | 7.8 | 40% | 2021 |
| CVE-2017-8540⚡ exploited | high | 7.8 | 72% | 2017 |
| CVE-2006-5270 | high | 9.3 | 30% | 2007 |
| CVE-2018-0986 | high | 8.8 | 61% | 2018 |
| CVE-2023-36422 | high | 7.8 | 1% | 2023 |
| CVE-2023-38175 | high | 7.8 | 1% | 2023 |
| CVE-2021-24092 | high | 7.8 | 1% | 2021 |
| CVE-2020-1170 | high | 7.8 | 2% | 2020 |
| CVE-2020-1163 | high | 7.8 | 1% | 2020 |
| CVE-2020-0835 | high | 7.8 | 1% | 2020 |
| CVE-2017-11940 | high | 7.8 | 20% | 2017 |
| CVE-2017-11937 | high | 7.8 | 28% | 2017 |
| CVE-2017-8558 | high | 7.8 | 44% | 2017 |
| CVE-2017-8541 | high | 7.8 | 50% | 2017 |
| CVE-2017-8538 | high | 7.8 | 50% | 2017 |
| CVE-2017-0290 | high | 7.8 | 77% | 2017 |
| CVE-2019-1255 | high | 7.5 | 4% | 2019 |
| CVE-2013-0078 | high | 7.2 | 2% | 2013 |
| CVE-2011-0037 | high | 7.2 | 2% | 2011 |
| CVE-2020-1461 | high | 7.1 | 1% | 2020 |
| CVE-2020-1002 | high | 7.1 | 1% | 2020 |
| CVE-2019-1161 | high | 7.1 | 1% | 2019 |
| CVE-2013-3154 | medium | 6.9 | 2% | 2013 |
| CVE-2017-8542 | medium | 5.5 | 6% | 2017 |
| CVE-2017-8539 | medium | 5.5 | 6% | 2017 |
| CVE-2017-8537 | medium | 5.5 | 17% | 2017 |
| CVE-2017-8536 | medium | 5.5 | 17% | 2017 |
| CVE-2017-8535 | medium | 5.5 | 17% | 2017 |
| CVE-2008-1437 | medium | 5 | 13% | 2008 |
| CVE-2008-1438 | medium | 5 | 13% | 2008 |
Is my Defender version affected?
The list above spans every release. To know whether your version is affected — and the minimum safe version to upgrade to — check it directly.
Check your Defender version → · Monitor Defender for new CVEs →
Defender vulnerabilities — frequently asked
How many known vulnerabilities does Defender have?
IsItPatched tracks 30 CVEs for Defender, 2 of which are actively exploited (CISA KEV). 0 are critical-severity and 22 high-severity. These span every release line — what matters is whether the version you run is affected.
Does Defender have any actively-exploited vulnerabilities?
Yes — 2 Defender CVEs are in CISA's Known Exploited Vulnerabilities catalog, meaning they are confirmed exploited in the wild. Patch these as a priority.
What is the most severe Defender vulnerability?
Among tracked issues, CVE-2021-1647 (HIGH, CVSS 7.8), which is actively exploited, ranks highest.
Is Defender safe to use?
It depends on the version. The latest supported Defender release clears the known issues; older versions may still be affected. Check the exact version you run for a verdict.
CVE data aggregated from NVD, CISA KEV and EPSS (FIRST.org). Related: Defender security status · Defender end-of-life · actively-exploited CVEs. Always verify against Microsoft's advisories — see our disclaimer.