Windows Server 2012 Microsoft Windows Server 2012

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2012.

By the Year

In 2026 there have been 409 vulnerabilities in Microsoft Windows Server 2012 with an average score of 7.3 out of ten. Last year, in 2025 Windows Server 2012 had 467 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2012 in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.00




Year Vulnerabilities Average Score
2026 409 7.31
2025 467 7.31
2024 413 7.54
2023 453 7.55
2022 414 7.43
2021 331 7.51
2020 465 7.38
2019 333 7.23
2018 170 7.28

It may take a day or so for new Windows Server 2012 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2012 Security Vulnerabilities

Jul 2026: Windows Boot Loader Security Feature Bypass Vulnerability
CVE-2026-58638 6 - Medium - July 14, 2026

Missing cryptographic step in Windows Boot Loader allows an authorized attacker to bypass a security feature locally.

Missing Cryptographic Step

Jul 2026: Windows Client-Side Caching Elevation of Privilege Vulnerability
CVE-2026-58637 7 - High - July 14, 2026

Use after free in Windows Client-Side Caching (CSC) Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2026-58629 7 - High - July 14, 2026

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Windows DHCP Server Denial of Service Vulnerability
CVE-2026-58627 7.5 - High - July 14, 2026

Uncontrolled resource consumption in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Jul 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-58594 8.8 - High - July 14, 2026

Integer overflow or wraparound in Windows RDP allows an unauthorized attacker to execute code over a network.

Integer Overflow or Wraparound

Jul 2026: Windows Kernel Security Feature Bypass Vulnerability
CVE-2026-58545 5.5 - Medium - July 14, 2026

Improper access control in Windows Kernel allows an authorized attacker to bypass a security feature locally.

Authorization

Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-58532 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Kernel allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Jul 2026: Windows Installer Elevation of Privilege Vulnerability
CVE-2026-58540 7.8 - High - July 14, 2026

Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally.

AuthZ

Jul 2026: Windows SMB Elevation of Privilege Vulnerability
CVE-2026-58531 7.5 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an authorized attacker to elevate privileges over a network.

Race Condition

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58539 6.5 - Medium - July 14, 2026

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58546 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58535 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-58533 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-57982 6.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows RDP allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Jul 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-57093 7 - High - July 14, 2026

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Microsoft Windows VMSwitch Elevation of Privilege Vulnerability
CVE-2026-57092 9.9 - Critical - July 14, 2026

Use after free in Windows VMSwitch allows an authorized attacker to elevate privileges over a network.

Dangling pointer

Jul 2026: Windows SMB Server Network Transport Driver (srvnet.sys) Remote Code Execution Vulnerabili
CVE-2026-57089 7.5 - High - July 14, 2026

Use after free in Windows SMB Server Network Transport Driver (srvnet.sys) allows an unauthorized attacker to execute code over a network.

Dangling pointer

Jul 2026: Windows Print Spooler Information Disclosure Vulnerability
CVE-2026-57085 5.5 - Medium - July 14, 2026

Out-of-bounds read in Windows Print Spooler Components allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Jul 2026: Win32k Elevation of Privilege Vulnerability
CVE-2026-57095 6.2 - Medium - July 14, 2026

Exposure of sensitive information to an unauthorized actor in Windows Win32K allows an unauthorized attacker to elevate privileges locally.

Information Disclosure

Jul 2026: Windows Network File System Elevation of Privilege Vulnerability
CVE-2026-56650 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows File Explorer Information Disclosure Vulnerability
CVE-2026-57084 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows File Explorer allows an unauthorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows Media Photo Codec Information Disclosure Vulnerability
CVE-2026-57083 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Microsoft Windows Codecs Library allows an unauthorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows Network File System Remote Code Execution Vulnerability
CVE-2026-56649 5.9 - Medium - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Network File System allows an unauthorized attacker to execute code over a network.

Race Condition

Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56648 7.5 - High - July 14, 2026

Time-of-check time-of-use (toctou) race condition in Windows Network File System allows an authorized attacker to elevate privileges over a network.

TOCTTOU

Jul 2026: Windows NFS Server Elevation of Privilege Vulnerability
CVE-2026-56194 8.8 - High - July 14, 2026

Heap-based buffer overflow in Windows Network File System allows an authorized attacker to elevate privileges over a network.

Heap-based Buffer Overflow

Jul 2026: Microsoft Windows Media Foundation Remote Code Execution Vulnerability
CVE-2026-56189 7.8 - High - July 14, 2026

Heap-based buffer overflow in Microsoft Windows Media Foundation allows an unauthorized attacker to execute code locally.

Heap-based Buffer Overflow

Jul 2026: Windows Server Network driver Remote Code Execution Vulnerability
CVE-2026-56188 9.8 - Critical - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Server Network driver allows an unauthorized attacker to execute code over a network.

Race Condition

Jul 2026: Windows Secure Channel Information Disclosure Vulnerability
CVE-2026-56186 8.1 - High - July 14, 2026

Out-of-bounds read in Windows Schannel allows an authorized attacker to disclose information over a network.

Out-of-bounds Read

Jul 2026: Remote Desktop Protocol Remote Code Execution Vulnerability
CVE-2026-56190 9.8 - Critical - July 14, 2026

Use of uninitialized resource in Windows RDP allows an unauthorized attacker to execute code over a network.

Use of Uninitialized Resource

Jul 2026: Windows NTFS Elevation of Privilege Vulnerability
CVE-2026-56182 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows NTFS allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Jul 2026: Windows NTFS Elevation of Privilege Vulnerability
CVE-2026-56175 7.8 - High - July 14, 2026

Heap-based buffer overflow in Windows NTFS allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Jul 2026: Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-56176 7.8 - High - July 14, 2026

Out-of-bounds read in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Out-of-bounds Read

Jul 2026: Microsoft XML Core Services Elevation of Privilege Vulnerability
CVE-2026-50359 7 - High - July 14, 2026

Use after free in Microsoft XML Core Services allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: DHCP Server Service Remote Code Execution Vulnerability
CVE-2026-56159 9.8 - Critical - July 14, 2026

Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2026: Windows DHCP Client Remote Code Execution Vulnerability
CVE-2026-54128 8.4 - High - July 14, 2026

Use after free in Windows DHCP Client allows an unauthorized attacker to execute code locally.

Dangling pointer

Jul 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-54126 6.5 - Medium - July 14, 2026

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Jul 2026: Windows SMB Information Disclosure Vulnerability
CVE-2026-50690 5.5 - Medium - July 14, 2026

Use of uninitialized resource in Windows SMB allows an authorized attacker to disclose information locally.

Use of Uninitialized Resource

Jul 2026: Windows DHCP Client Elevation of Privilege Vulnerability
CVE-2026-50683 8 - High - July 14, 2026

Heap-based buffer overflow in Windows DHCP Server allows an authorized attacker to elevate privileges over an adjacent network.

Heap-based Buffer Overflow

Jul 2026: Windows DHCP Server Remote Code Execution Vulnerability
CVE-2026-50685 7.5 - High - July 14, 2026

Double free in Windows DHCP Server allows an authorized attacker to execute code over a network.

Double-free

Jul 2026: Active Directory Certificate Services Elevation of Privilege Vulnerability
CVE-2026-54121 8.8 - High - July 14, 2026

Improper authorization in Active Directory Certificate Services (AD CS) allows an authorized attacker to elevate privileges over a network.

AuthZ

Jul 2026: Windows Win32k Elevation of Privilege Vulnerability
CVE-2026-50688 7.8 - High - July 14, 2026

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Jul 2026: Active Directory Federation Server Spoofing Vulnerability
CVE-2026-50684 4.8 - Medium - July 14, 2026

Improper neutralization of input during web page generation ('cross-site scripting') in Active Directory Federation Services (AD FS) allows an authorized attacker to perform spoofing over a network.

XSS

Jul 2026: Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability
CVE-2026-54115 7.8 - High - July 14, 2026

Integer overflow or wraparound in Windows Active Directory allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Jul 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-50673 7.8 - High - July 14, 2026

Null pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.

NULL Pointer Dereference

Jul 2026: Windows Telephony Server Elevation of Privilege Vulnerability
CVE-2026-50669 7 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

Race Condition

Jul 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-50667 7.8 - High - July 14, 2026

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows NTFS allows an authorized attacker to elevate privileges locally.

Race Condition

Jul 2026: Active Directory Federation Server Denial of Service Vulnerability
CVE-2026-50647 7.5 - High - July 14, 2026

Loop with unreachable exit condition ('infinite loop') in Active Directory Federation Services (AD FS) allows an unauthorized attacker to deny service over a network.

Infinite Loop

Jul 2026: Windows DHCP Server Remote Code Execution Vulnerability
CVE-2026-50518 9.8 - Critical - July 14, 2026

Heap-based buffer overflow in Windows DHCP Server allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Jul 2026: Windows Remote Desktop Client Information Disclosure Vulnerability
CVE-2026-50504 6.5 - Medium - July 14, 2026

Buffer over-read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

Buffer Over-read

Jul 2026: Windows Network Policy Server SNMP Information Disclosure Vulnerability
CVE-2026-50496 7.5 - High - July 14, 2026

Out-of-bounds read in Windows Network Policy Server SNMP allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2012 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe