Windows Server 2008 Microsoft Windows Server 2008

  1. Vendors
  2. Microsoft
  3. Windows Server 2008

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2008.

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft Windows Server 2008. Last year, in 2025 Windows Server 2008 had 295 security vulnerabilities published. Right now, Windows Server 2008 is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 295 7.46
2024 299 7.70
2023 363 7.55
2022 334 7.56
2021 279 7.62
2020 388 7.41
2019 317 7.13
2018 161 7.29

It may take a day or so for new Windows Server 2008 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2008 Security Vulnerabilities

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49757 8.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-53766 9.8 - Critical - August 12, 2025

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability
CVE-2025-50166 6.5 - Medium - August 12, 2025

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.

Integer Overflow or Wraparound

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50164 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50163 8.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50162 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-50161 7.3 - High - August 12, 2025

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50160 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows NTFS Information Disclosure Vulnerability
CVE-2025-50158 7 - High - August 12, 2025

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

TOCTTOU

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-50157 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-50156 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Microsoft Windows File Explorer Spoofing Vulnerability
CVE-2025-50154 6.5 - Medium - August 12, 2025

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Information Disclosure

Aug 2025: Desktop Window Manager Elevation of Privilege Vulnerability
CVE-2025-50153 7.8 - High - August 12, 2025

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows NTLM Elevation of Privilege Vulnerability
CVE-2025-53778 8.8 - High - August 12, 2025

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

authentification

Aug 2025: Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49743 6.7 - Medium - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-53722 7.5 - High - August 12, 2025

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-53720 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53719 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53718 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53154 7.8 - High - August 12, 2025

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

NULL Pointer Dereference

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53153 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-53149 7.8 - High - August 12, 2025

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Aug 2025: Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-49761 7.8 - High - August 12, 2025

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-49762 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Installer Elevation of Privilege Vulnerability
CVE-2025-50173 7.8 - High - August 12, 2025

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.

1390

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-50177 8.1 - High - August 12, 2025

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.

Dangling pointer

Aug 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-53132 7.8 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53134 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

TOCTTOU

Aug 2025: NT OS Kernel Information Disclosure Vulnerability
CVE-2025-53136 5.5 - Medium - August 12, 2025

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Information Disclosure

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53137 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53138 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Kernel Transaction Manager Elevation of Privilege Vulnerability
CVE-2025-53140 7 - High - August 12, 2025

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53141 7.8 - High - August 12, 2025

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

NULL Pointer Dereference

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-53143 8.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Object Type Confusion

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-53144 8.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Object Type Confusion

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-53145 8.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Object Type Confusion

Aug 2025: Desktop Windows Manager Remote Code Execution Vulnerability
CVE-2025-53152 7.8 - High - August 12, 2025

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53147 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53148 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2025: Microsoft Windows QoS Scheduler Driver Elevation of Privilege Vulnerability
CVE-2025-49730 7.8 - High - July 08, 2025

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

TOCTTOU

Jul 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49729 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-49727 7 - High - July 08, 2025

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2025: Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49732 7.8 - High - July 08, 2025

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49753 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2025: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2025-49742 7.8 - High - July 08, 2025

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Integer Overflow or Wraparound

Jul 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-47998 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-49661 7.8 - High - July 08, 2025

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Untrusted Pointer Dereference

Jul 2025: Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerabili
CVE-2025-47987 7.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2025: Windows MBT Transport Driver Elevation of Privilege Vulnerability
CVE-2025-47996 7.8 - High - July 08, 2025

Integer underflow (wrap or wraparound) in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Integer underflow

Jul 2025: Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnera
CVE-2025-47975 7 - High - July 08, 2025

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Double-free

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2008 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Windows Server 2008
Product

subscribe