Windows Server 2008 Microsoft Windows Server 2008

  1. Vendors
  2. Microsoft
  3. Windows Server 2008

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2008.

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft Windows Server 2008. Last year, in 2025 Windows Server 2008 had 295 security vulnerabilities published. Right now, Windows Server 2008 is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 295 7.47
2024 299 7.70
2023 363 7.55
2022 334 7.56
2021 279 7.62
2020 384 7.43
2019 314 7.14
2018 158 6.48

It may take a day or so for new Windows Server 2008 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2008 Security Vulnerabilities

Aug 2025: Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-53722 7.5 - High - August 12, 2025

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Aug 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-53766 9.8 - Critical - August 12, 2025

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability
CVE-2025-50166 6.5 - Medium - August 12, 2025

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.

Integer Overflow or Wraparound

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50164 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50163 8.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50162 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-50161 7.3 - High - August 12, 2025

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50160 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows NTFS Information Disclosure Vulnerability
CVE-2025-50158 7 - High - August 12, 2025

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

TOCTTOU

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-50157 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-50156 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Microsoft Windows File Explorer Spoofing Vulnerability
CVE-2025-50154 6.5 - Medium - August 12, 2025

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Information Disclosure

Aug 2025: Desktop Windows Manager Elevation of Privilege Vulnerability
CVE-2025-50153 7.8 - High - August 12, 2025

Use after free in Desktop Windows Manager allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows NTLM Elevation of Privilege Vulnerability
CVE-2025-53778 8.8 - High - August 12, 2025

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

authentification

Aug 2025: Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49743 6.7 - Medium - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-53720 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53719 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53718 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53154 7.8 - High - August 12, 2025

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

NULL Pointer Dereference

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53153 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-53149 7.8 - High - August 12, 2025

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Aug 2025: Desktop Windows Manager Remote Code Execution Vulnerability
CVE-2025-53152 7.8 - High - August 12, 2025

Use after free in Desktop Windows Manager allows an authorized attacker to execute code locally.

Dangling pointer

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49757 8.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-49761 7.8 - High - August 12, 2025

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-49762 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Installer Elevation of Privilege Vulnerability
CVE-2025-50173 7.8 - High - August 12, 2025

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.

1390

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-50177 8.1 - High - August 12, 2025

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.

Dangling pointer

Aug 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-53132 7.8 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53134 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

TOCTTOU

Aug 2025: NT OS Kernel Information Disclosure Vulnerability
CVE-2025-53136 5.5 - Medium - August 12, 2025

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Information Disclosure

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53138 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Kernel Transaction Manager Elevation of Privilege Vulnerability
CVE-2025-53140 7 - High - August 12, 2025

Use after free in Kernel Transaction Manager allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53141 7.8 - High - August 12, 2025

Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

NULL Pointer Dereference

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-53143 8.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Object Type Confusion

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-53144 8.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Object Type Confusion

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-53145 8.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Message Queuing allows an authorized attacker to execute code over a network.

Object Type Confusion

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53147 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53148 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53137 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

CVE-2025-49753: Heap Overflow in Windows RRAS Enables Remote Code Execution
CVE-2025-49753 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Msft Graphics Comp Heap overflow-> local privilege escalation
CVE-2025-49732 7.8 - High - July 08, 2025

Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Microsoft Windows QoS Scheduler TOCTOU Privilege Escalation
CVE-2025-49730 7.8 - High - July 08, 2025

Time-of-check time-of-use (toctou) race condition in Microsoft Windows QoS scheduler allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Windows RRAS Heap Overflow Allows Remote Code Execution
CVE-2025-49729 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Win32K GRFX Heap Overflow local privilege escalation
CVE-2025-49727 7 - High - July 08, 2025

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

MS Graphics Component Integer overflow allows local code execution
CVE-2025-49742 7.8 - High - July 08, 2025

Integer overflow or wraparound in Microsoft Graphics Component allows an authorized attacker to execute code locally.

Integer Overflow or Wraparound

Heap Overflow in Windows RRAS Enables Remote Code Exec
CVE-2025-49674 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Windows RRAS Heap Buffer Overflow Enables Remote Code Exec
CVE-2025-49668 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Heap-based BO in Windows RRAS Service
CVE-2025-49669 8.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Heap Buffer overflow in Windows RRAS, Remote Code Exec via network
CVE-2025-49670 6.5 - Medium - July 08, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Windows RRAS Info Disclosure via Network
CVE-2025-49671 6.5 - Medium - July 08, 2025

Exposure of sensitive information to an unauthorized actor in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

Information Disclosure

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2008 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Windows Server 2008
Product

subscribe