Microsoft Windows Server 2012 R2
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2012 R2.
By the Year
In 2026 there have been 433 vulnerabilities in Microsoft Windows Server 2012 R2 with an average score of 7.3 out of ten. Last year, in 2025 Windows Server 2012 R2 had 474 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2012 R2 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.01
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 433 | 7.30 |
| 2025 | 474 | 7.31 |
| 2024 | 173 | 7.60 |
| 2023 | 41 | 7.51 |
| 2022 | 24 | 7.65 |
| 2021 | 66 | 7.52 |
| 2020 | 81 | 7.09 |
| 2019 | 45 | 7.07 |
| 2018 | 95 | 7.85 |
It may take a day or so for new Windows Server 2012 R2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Server 2012 R2 Security Vulnerabilities
Jul 2026: Windows Boot Loader Security Feature Bypass Vulnerability
CVE-2026-58638
6 - Medium
- July 14, 2026
Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.
Missing Cryptographic Step
Jul 2026: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2026-58637
7 - High
- July 14, 2026
Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-58629
7 - High
- July 14, 2026
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Windows DHCP Server Denial of Service Vulnerability
CVE-2026-58627
7.5 - High
- July 14, 2026
Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Jul 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-58594
8.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.
Integer Overflow or Wraparound
Jul 2026: Windows Kernel Security Feature Bypass Vulnerability
CVE-2026-58545
5.5 - Medium
- July 14, 2026
Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.
Authorization
Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-58532
7.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jul 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-58540
7.8 - High
- July 14, 2026
Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.
AuthZ
Jul 2026: Windows SMB Elevation of Privilege Vulnerability
CVE-2026-58531
7.5 - High
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.
Race Condition
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58539
6.5 - Medium
- July 14, 2026
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58546
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58535
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58533
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-57982
6.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.
Use of Uninitialized Resource
Jul 2026: Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
CVE-2026-57096
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-57093
7 - High
- July 14, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2026-57092
9.9 - Critical
- July 14, 2026
Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.
Dangling pointer
Jul 2026: Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerabili
CVE-2026-57089
7.5 - High
- July 14, 2026
Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jul 2026: Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-57085
5.5 - Medium
- July 14, 2026
Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Jul 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-57095
6.2 - Medium
- July 14, 2026
Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.
Information Disclosure
Jul 2026: Windows Network File System Elevation of Privilege Vulnerability
CVE-2026-56650
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-57084
5.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.
Use of Uninitialized Resource
Jul 2026: Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2026-57083
5.5 - Medium
- July 14, 2026
Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.
Use of Uninitialized Resource
Jul 2026: Windows Network File System Remote Code Execution Vulnerability
CVE-2026-56649
5.9 - Medium
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.
Race Condition
Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56648
7.5 - High
- July 14, 2026
Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.
TOCTTOU
Jul 2026: Windows Remote Access Service Infrastructure Elevation of Privilege Vulnerability
CVE-2026-56647
8.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows Remote Access Service Infrastructure allows an authorized attacker to elevate privileges over a network.
Integer Overflow or Wraparound
Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56194
8.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.
Heap-based Buffer Overflow
Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-56189
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jul 2026: Windows Server Network driver Remote Code Execution Vulnerability
CVE-2026-56188
9.8 - Critical
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.
Race Condition
Jul 2026: Windows Secure Channel Information Disclosure Vulnerability
CVE-2026-56186
8.1 - High
- July 14, 2026
Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.
Out-of-bounds Read
Jul 2026: Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2026-56190
9.8 - Critical
- July 14, 2026
Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a network.
Use of Uninitialized Resource
Jul 2026: Windows NTFS Elevation of Privilege Vulnerability
CVE-2026-56182
7.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jul 2026: Windows NTFS Elevation of Privilege Vulnerability
CVE-2026-56175
7.8 - High
- July 14, 2026
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jul 2026: Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-56176
7.8 - High
- July 14, 2026
Out-of-bounds read in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
Out-of-bounds Read
Jul 2026: Microsoft XML Core Services Elevation of Privilege Vulnerability
CVE-2026-50359
7 - High
- July 14, 2026
Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: DHCP Server Service Remote Code Execution Vulnerability
CVE-2026-56159
9.8 - Critical
- July 14, 2026
Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jul 2026: Windows DHCP Client Remote Code Execution Vulnerability
CVE-2026-54128
8.4 - High
- July 14, 2026
Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally.
Dangling pointer
Jul 2026: Windows SMB Information Disclosure Vulnerability
CVE-2026-50690
5.5 - Medium
- July 14, 2026
Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.
Use of Uninitialized Resource
Jul 2026: Windows OLE Remote Code Execution Vulnerability
CVE-2026-50686
8.1 - High
- July 14, 2026
Access of resource using incompatible type ('type confusion') in Windows OLE allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Jul 2026: Windows DHCP Client Elevation of Privilege Vulnerability
CVE-2026-50683
8 - High
- July 14, 2026
Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network.
Heap-based Buffer Overflow
Jul 2026: Windows DHCP Server Remote Code Execution Vulnerability
CVE-2026-50685
7.5 - High
- July 14, 2026
Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.
Double-free
Jul 2026: Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2026-54121
8.8 - High
- July 14, 2026
Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.
AuthZ
Jul 2026: Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-50688
7.8 - High
- July 14, 2026
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jul 2026: Active Directory Federation Server Spoofing Vulnerability
CVE-2026-50684
4.8 - Medium
- July 14, 2026
Improper neutralization of input during web page generation ('cross-site scripting') in Active Directory Federation Services (AD FS) allows an authorized attacker to perform spoofing over a network.
XSS
Jul 2026: Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2026-54115
7.8 - High
- July 14, 2026
Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-50673
7.8 - High
- July 14, 2026
Null pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.
NULL Pointer Dereference
Jul 2026: Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2026-50669
7 - High
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Race Condition
Jul 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-50667
7.8 - High
- July 14, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.
Race Condition
Jul 2026: Windows Remote Access Elevation of Privilege Vulnerability
CVE-2026-50666
8.8 - High
- July 14, 2026
Use after free in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges over a network.
Dangling pointer
Jul 2026: Active Directory Federation Server Denial of Service Vulnerability
CVE-2026-50647
7.5 - High
- July 14, 2026
Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.
Infinite Loop
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2012 R2 or by Microsoft? Click the Watch button to subscribe.