Microsoft Windows Server 2012 R2
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2012 R2.
By the Year
In 2026 there have been 247 vulnerabilities in Microsoft Windows Server 2012 R2 with an average score of 7.3 out of ten. Last year, in 2025 Windows Server 2012 R2 had 474 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2012 R2 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.05
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 247 | 7.26 |
| 2025 | 474 | 7.31 |
| 2024 | 173 | 7.60 |
| 2023 | 41 | 7.51 |
| 2022 | 24 | 7.65 |
| 2021 | 66 | 7.52 |
| 2020 | 81 | 7.09 |
| 2019 | 45 | 7.07 |
| 2018 | 95 | 7.85 |
It may take a day or so for new Windows Server 2012 R2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Server 2012 R2 Security Vulnerabilities
Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44812
7.8 - High
- June 09, 2026
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44803
7.8 - High
- June 09, 2026
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42985
8.8 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Windows Deployment Services (WDS) Remote Code Execution
CVE-2026-42987
8.1 - High
- June 09, 2026
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44801
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: DHCP Client Service Remote Code Execution Vulnerability
CVE-2026-44815
9.8 - Critical
- June 09, 2026
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
Stack Overflow
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44799
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jun 2026: Winlogon Elevation of Privilege Vulnerability
CVE-2026-42989
7.8 - High
- June 09, 2026
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
insecure temporary file
Jun 2026: Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2026-42986
7.8 - High
- June 09, 2026
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42970
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Telephony Server Information Disclosure Vulnerability
CVE-2026-42968
5.5 - Medium
- June 09, 2026
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Windows Hyper-V Information Disclosure Vulnerability
CVE-2026-42972
5.5 - Medium
- June 09, 2026
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-42912
7 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Kerberos Denial of Service Vulnerability
CVE-2026-42914
5.3 - Medium
- June 09, 2026
Windows Kerberos Denial of Service Vulnerability
Out-of-bounds Read
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-42911
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42916
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42909
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Race Condition
Jun 2026: NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42980
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Integer underflow
Jun 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-42908
7.5 - High
- June 09, 2026
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Jun 2026: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-42905
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Kerberos Denial of Service Vulnerability
CVE-2026-42903
6.5 - Medium
- June 09, 2026
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
NULL Pointer Dereference
Jun 2026: Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-42836
7 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-50507
6.8 - Medium
- June 09, 2026
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Missing Authentication for Critical Function
Jun 2026: Windows Media Remote Code Execution Vulnerability
CVE-2026-48574
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2026-47656
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Jun 2026: Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-45658
7.8 - High
- June 09, 2026
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Authorization
Jun 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-45653
7 - High
- June 09, 2026
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jun 2026: Windows DHCP Client Information Disclosure Vulnerability
CVE-2026-45608
6.8 - Medium
- June 09, 2026
Out-of-bounds read in Windows DHCP Server allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45603
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45638
7.8 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Heap-based Buffer Overflow
Jun 2026: Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-45635
8.1 - High
- June 09, 2026
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
Object Type Confusion
Jun 2026: Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability
CVE-2026-45602
9.1 - Critical
- June 09, 2026
No cwe for this issue in Windows DHCP Server allows an unauthorized attacker to perform tampering over a network.
Improper Handling of Values
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45596
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows NTFS Remote Code Execution Vulnerability
CVE-2026-45636
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45598
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows UPnP Device Host Remote Code Execution Vulnerability
CVE-2026-45599
8.1 - High
- June 09, 2026
Use after free in Universal Plug and Play (upnp.dll) allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-45601
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Mark of the Web Security Feature Bypass Vulnerability
CVE-2026-45595
5.4 - Medium
- June 09, 2026
Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.
Protection Mechanism Failure
Jun 2026: Windows Internet (wininet.dll) Elevation of Privilege Vulnerability
CVE-2026-45592
7.8 - High
- June 09, 2026
Integer overflow or wraparound in Windows Internet (wininet.dll) allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jun 2026: Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability
CVE-2026-45586
7.8 - High
- June 09, 2026
Improper link resolution before file access ('link following') in Windows Collaborative Translation Framework allows an authorized attacker to elevate privileges locally.
insecure temporary file
Jun 2026: Windows NTLM Spoofing Vulnerability
CVE-2026-50508
6.5 - Medium
- June 09, 2026
Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.
Information Disclosure
Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48578
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Authorization
Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48576
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Reliance on Component That is Not Updateable
Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48575
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48573
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Reliance on Component That is Not Updateable
Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48568
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-48570
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-47653
8.8 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Windows Storage Elevation of Privilege Vulnerability
CVE-2026-47648
7 - High
- June 09, 2026
Untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally.
Untrusted Path
Jun 2026: Secure Boot Security Feature Bypass Vulnerability
CVE-2026-45588
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2012 R2 or by Microsoft? Click the Watch button to subscribe.
