Windows Server 2012 R2 Microsoft Windows Server 2012 R2

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2012 R2.

By the Year

In 2026 there have been 433 vulnerabilities in Microsoft Windows Server 2012 R2 with an average score of 7.3 out of ten. Last year, in 2025 Windows Server 2012 R2 had 474 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2012 R2 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.01




Year Vulnerabilities Average Score
2026 433 7.30
2025 474 7.31
2024 173 7.60
2023 41 7.51
2022 24 7.65
2021 66 7.52
2020 81 7.09
2019 45 7.07
2018 95 7.85

It may take a day or so for new Windows Server 2012 R2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2012 R2 Security Vulnerabilities

Jul 2026: Windows Boot Loader Security Feature Bypass Vulnerability
CVE-2026-58638 6 - Medium - July 14, 2026

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Missing Cryptographic Step

Jul 2026: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2026-58637 7 - High - July 14, 2026

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-58629 7 - High - July 14, 2026

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Windows DHCP Server Denial of Service Vulnerability
CVE-2026-58627 7.5 - High - July 14, 2026

Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Jul 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-58594 8.8 - High - July 14, 2026

Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.

Integer Overflow or Wraparound

Jul 2026: Windows Kernel Security Feature Bypass Vulnerability
CVE-2026-58545 5.5 - Medium - July 14, 2026

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authorization

Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-58532 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Jul 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-58540 7.8 - High - July 14, 2026

Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.

AuthZ

Jul 2026: Windows SMB Elevation of Privilege Vulnerability
CVE-2026-58531 7.5 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.

Race Condition

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58539 6.5 - Medium - July 14, 2026

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58546 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58535 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58533 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-57982 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2026-57096 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-57093 7 - High - July 14, 2026

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2026-57092 9.9 - Critical - July 14, 2026

Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.

Dangling pointer

Jul 2026: Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerabili
CVE-2026-57089 7.5 - High - July 14, 2026

Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.

Dangling pointer

Jul 2026: Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-57085 5.5 - Medium - July 14, 2026

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Jul 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-57095 6.2 - Medium - July 14, 2026

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Information Disclosure

Jul 2026: Windows Network File System Elevation of Privilege Vulnerability
CVE-2026-56650 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-57084 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2026-57083 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows Network File System Remote Code Execution Vulnerability
CVE-2026-56649 5.9 - Medium - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.

Race Condition

Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56648 7.5 - High - July 14, 2026

Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.

TOCTTOU

Jul 2026: Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability
CVE-2026-56647 8.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.

Integer Overflow or Wraparound

Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56194 8.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.

Heap-based Buffer Overflow

Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-56189 7.8 - High - July 14, 2026

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jul 2026: Windows Server Network driver Remote Code Execution Vulnerability
CVE-2026-56188 9.8 - Critical - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.

Race Condition

Jul 2026: Windows Secure Channel Information Disclosure Vulnerability
CVE-2026-56186 8.1 - High - July 14, 2026

Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.

Out-of-bounds Read

Jul 2026: Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2026-56190 9.8 - Critical - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a network.

Use of Uninitialized Resource

Jul 2026: Windows NTFS Elevation of Privilege Vulnerability
CVE-2026-56182 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Jul 2026: Windows NTFS Elevation of Privilege Vulnerability
CVE-2026-56175 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-56176 7.8 - High - July 14, 2026

Out-of-bounds read in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Out-of-bounds Read

Jul 2026: Microsoft XML Core Services Elevation of Privilege Vulnerability
CVE-2026-50359 7 - High - July 14, 2026

Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: DHCP Server Service Remote Code Execution Vulnerability
CVE-2026-56159 9.8 - Critical - July 14, 2026

Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2026: Windows DHCP Client Remote Code Execution Vulnerability
CVE-2026-54128 8.4 - High - July 14, 2026

Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2026: Windows SMB Information Disclosure Vulnerability
CVE-2026-50690 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows OLE Remote Code Execution Vulnerability
CVE-2026-50686 8.1 - High - July 14, 2026

Access of resource using incompatible type ('type confusion') in Windows OLE allows an unauthorized attacker to execute code over a network.

Object Type Confusion

Jul 2026: Windows DHCP Client Elevation of Privilege Vulnerability
CVE-2026-50683 8 - High - July 14, 2026

Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network.

Heap-based Buffer Overflow

Jul 2026: Windows DHCP Server Remote Code Execution Vulnerability
CVE-2026-50685 7.5 - High - July 14, 2026

Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.

Double-free

Jul 2026: Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2026-54121 8.8 - High - July 14, 2026

Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.

AuthZ

Jul 2026: Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-50688 7.8 - High - July 14, 2026

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Active Directory Federation Server Spoofing Vulnerability
CVE-2026-50684 4.8 - Medium - July 14, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Active Directory Federation Services (AD FS) allows an authorized attacker to perform spoofing over a network.

XSS

Jul 2026: Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2026-54115 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-50673 7.8 - High - July 14, 2026

Null pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

NULL Pointer Dereference

Jul 2026: Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2026-50669 7 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Race Condition

Jul 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-50667 7.8 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.

Race Condition

Jul 2026: Windows Remote Access Elevation of Privilege Vulnerability
CVE-2026-50666 8.8 - High - July 14, 2026

Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.

Dangling pointer

Jul 2026: Active Directory Federation Server Denial of Service Vulnerability
CVE-2026-50647 7.5 - High - July 14, 2026

Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

Infinite Loop

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2012 R2 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe