Microsoft Windows Server 2008 Sp2
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2008 Sp2.
By the Year
In 2026 there have been 24 vulnerabilities in Microsoft Windows Server 2008 Sp2 with an average score of 7.0 out of ten. Last year, in 2025 Windows Server 2008 Sp2 had 355 security vulnerabilities published. Right now, Windows Server 2008 Sp2 is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 0.42
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 24 | 6.97 |
| 2025 | 355 | 7.39 |
| 2024 | 51 | 7.45 |
| 2023 | 34 | 7.48 |
| 2022 | 14 | 7.61 |
| 2021 | 53 | 7.63 |
| 2020 | 45 | 7.13 |
| 2019 | 49 | 6.65 |
It may take a day or so for new Windows Server 2008 Sp2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Server 2008 Sp2 Security Vulnerabilities
Jan 2026: Windows NDIS Information Disclosure Vulnerability
CVE-2026-20936
4.3 - Medium
- January 13, 2026
Out-of-bounds read in Windows NDIS allows an authorized attacker to disclose information with a physical attack.
Out-of-bounds Read
Jan 2026: Windows HTTP.sys Elevation of Privilege Vulnerability
CVE-2026-20929
7.5 - High
- January 13, 2026
Improper access control in Windows HTTP.sys allows an authorized attacker to elevate privileges over a network.
Authorization
Jan 2026: Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-20931
8 - High
- January 13, 2026
External control of file name or path in Windows Telephony Service allows an authorized attacker to elevate privileges over an adjacent network.
External Control of File Name or Path
Jan 2026: NTLM Hash Disclosure Spoofing Vulnerability
CVE-2026-20872
6.5 - Medium
- January 13, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External Control of File Name or Path
Jan 2026: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2026-20868
8.8 - High
- January 13, 2026
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jan 2026: Windows Kerberos Elevation of Privilege Vulnerability
CVE-2026-20849
7.5 - High
- January 13, 2026
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
Reliance on Untrusted Inputs in a Security Decision
Jan 2026: Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2026-20843
7.8 - High
- January 13, 2026
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
Authorization
Jan 2026: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2026-20940
7.8 - High
- January 13, 2026
Heap-based buffer overflow in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Jan 2026: Windows SMB Server Denial of Service Vulnerability
CVE-2026-20927
5.3 - Medium
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to deny service over a network.
Race Condition
Jan 2026: NTLM Hash Disclosure Spoofing Vulnerability
CVE-2026-20925
6.5 - Medium
- January 13, 2026
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
External Control of File Name or Path
Jan 2026: Windows NTFS Remote Code Execution Vulnerability
CVE-2026-20922
7.8 - High
- January 13, 2026
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Heap-based Buffer Overflow
Jan 2026: Windows SMB Server Elevation of Privilege Vulnerability
CVE-2026-20921
7.5 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
Race Condition
Jan 2026: Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2026-20875
7.5 - High
- January 13, 2026
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
NULL Pointer Dereference
Jan 2026: Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
CVE-2026-20869
7 - High
- January 13, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.
Race Condition
Jan 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-20860
7.8 - High
- January 13, 2026
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Object Type Confusion
Jan 2026: Windows NTFS Remote Code Execution Vulnerability
CVE-2026-20840
7.8 - High
- January 13, 2026
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Heap-based Buffer Overflow
Jan 2026: Windows Spoofing Vulnerability
CVE-2026-20834
4.6 - Medium
- January 13, 2026
Absolute path traversal in Windows Shell allows an unauthorized attacker to perform spoofing with a physical attack.
Absolute Path Traversal
Jan 2026: Windows Kerberos Information Disclosure Vulnerability
CVE-2026-20833
5.5 - Medium
- January 13, 2026
Use of a broken or risky cryptographic algorithm in Windows Kerberos allows an authorized attacker to disclose information locally.
Use of a Broken or Risky Cryptographic Algorithm
Jan 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-20831
7.8 - High
- January 13, 2026
Time-of-check time-of-use (toctou) race condition in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
TOCTTOU
Jan 2026: Windows rndismp6.sys Information Disclosure Vulnerability
CVE-2026-20828
4.6 - Medium
- January 13, 2026
Out-of-bounds read in Windows Internet Connection Sharing (ICS) allows an unauthorized attacker to disclose information with a physical attack.
Out-of-bounds Read
Jan 2026: Remote Procedure Call Information Disclosure Vulnerability
CVE-2026-20821
6.2 - Medium
- January 13, 2026
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an unauthorized attacker to disclose information locally.
Information Disclosure
Jan 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-20820
7.8 - High
- January 13, 2026
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jan 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-20816
7.8 - High
- January 13, 2026
Time-of-check time-of-use (toctou) race condition in Windows Installer allows an authorized attacker to elevate privileges locally.
TOCTTOU
Jan 2026: Windows Deployment Services Remote Code Execution Vulnerability
CVE-2026-0386
7.5 - High
- January 13, 2026
Improper access control in Windows Deployment Services allows an unauthorized attacker to execute code over an adjacent network.
Authorization
Dec 2025: PowerShell Remote Code Execution Vulnerability
CVE-2025-54100
7.8 - High
- December 09, 2025
Improper neutralization of special elements used in a command ('command injection') in Windows PowerShell allows an unauthorized attacker to execute code locally.
Command Injection
Dec 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-64678
8.8 - High
- December 09, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Dec 2025: Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2025-62455
7.8 - High
- December 09, 2025
Improper input validation in Windows Message Queuing allows an authorized attacker to elevate privileges locally.
Improper Input Validation
Dec 2025: Windows Installer Elevation of Privilege Vulnerability
CVE-2025-62571
7.8 - High
- December 09, 2025
Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
Improper Input Validation
Dec 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-62549
8.8 - High
- December 09, 2025
Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
Untrusted Pointer Dereference
Dec 2025: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-62472
7.8 - High
- December 09, 2025
Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Use of Uninitialized Resource
Dec 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-62473
6.5 - Medium
- December 09, 2025
Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
Buffer Over-read
Dec 2025: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-62470
7.8 - High
- December 09, 2025
Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Dec 2025: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2025-62466
7.8 - High
- December 09, 2025
Null pointer dereference in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
NULL Pointer Dereference
Nov 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-62213
7 - High
- November 11, 2025
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Nov 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-60724
9.8 - Critical
- November 11, 2025
Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnera
CVE-2025-60720
7.8 - High
- November 11, 2025
Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
Buffer Over-read
Nov 2025: Windows OLE Remote Code Execution Vulnerability
CVE-2025-60714
7.8 - High
- November 11, 2025
Heap-based buffer overflow in Windows OLE allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Nov 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-60715
8 - High
- November 11, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
CVE-2025-59514
7.8 - High
- November 11, 2025
Improper privilege management in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.
Improper Privilege Management
Nov 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-62452
8 - High
- November 11, 2025
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.
Heap-based Buffer Overflow
Nov 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-62217
7 - High
- November 11, 2025
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Nov 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-60719
7 - High
- November 11, 2025
Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Nov 2025: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2025-60709
7.8 - High
- November 11, 2025
Out-of-bounds read in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds Read
Nov 2025: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2025-60705
7.8 - High
- November 11, 2025
Improper access control in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
Authorization
Nov 2025: Windows Kerberos Elevation of Privilege Vulnerability
CVE-2025-60704
7.5 - High
- November 11, 2025
Missing cryptographic step in Windows Kerberos allows an unauthorized attacker to elevate privileges over a network.
Missing Cryptographic Step
Nov 2025: Windows Remote Desktop Services Elevation of Privilege Vulnerability
CVE-2025-60703
7.8 - High
- November 11, 2025
Untrusted pointer dereference in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
Untrusted Pointer Dereference
Nov 2025: Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
CVE-2025-59513
5.5 - Medium
- November 11, 2025
Out-of-bounds read in Windows Bluetooth RFCOM Protocol Driver allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Oct 2025: Windows Authentication Elevation of Privilege Vulnerability
CVE-2025-59275
7.8 - High
- October 14, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Improper Validation of Specified Type of Input
Oct 2025: Windows Authentication Elevation of Privilege Vulnerability
CVE-2025-59278
7.8 - High
- October 14, 2025
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
Improper Validation of Specified Type of Input
Oct 2025: Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
CVE-2025-59230
7.8 - High
- October 14, 2025
Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.
Authorization
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2008 Sp2 or by Microsoft? Click the Watch button to subscribe.
