Windows Server 2016 Microsoft Windows Server 2016

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2016.

By the Year

In 2025 there have been 111 vulnerabilities in Microsoft Windows Server 2016 with an average score of 7.1 out of ten. Last year, in 2024 Windows Server 2016 had 493 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2016 in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.41




Year Vulnerabilities Average Score
2025 111 7.12
2024 493 7.52
2023 505 7.52
2022 515 7.42
2021 505 7.38
2020 791 7.38
2019 443 7.32
2018 244 6.57

It may take a day or so for new Windows Server 2016 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2016 Security Vulnerabilities

Windows Storage Elevation of Privilege Vulnerability

CVE-2025-21391 7.1 - High - February 11, 2025

Windows Storage Elevation of Privilege Vulnerability

insecure temporary file

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CVE-2025-21418 7.8 - High - February 11, 2025

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21417 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21413 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21411 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21409 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows upnphost.dll Denial of Service Vulnerability

CVE-2025-21389 7.5 - High - January 14, 2025

Windows upnphost.dll Denial of Service Vulnerability

Resource Exhaustion

Windows CSC Service Elevation of Privilege Vulnerability

CVE-2025-21378 7.8 - High - January 14, 2025

Windows CSC Service Elevation of Privilege Vulnerability

Heap-based Buffer Overflow

Windows CSC Service Information Disclosure Vulnerability

CVE-2025-21374 5.5 - Medium - January 14, 2025

Windows CSC Service Information Disclosure Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21286 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21260 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21261 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21263 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21265 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21266 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

MapUrlToZone Security Feature Bypass Vulnerability

CVE-2025-21268 4.3 - Medium - January 14, 2025

MapUrlToZone Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Windows HTML Platforms Security Feature Bypass Vulnerability

CVE-2025-21269 4.3 - Medium - January 14, 2025

Windows HTML Platforms Security Feature Bypass Vulnerability

Improper Resolution of Path Equivalence

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21270 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Resource Exhaustion

Windows COM Server Information Disclosure Vulnerability

CVE-2025-21272 6.5 - Medium - January 14, 2025

Windows COM Server Information Disclosure Vulnerability

Use of Uninitialized Resource

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21273 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Event Tracing Denial of Service Vulnerability

CVE-2025-21274 5.5 - Medium - January 14, 2025

Windows Event Tracing Denial of Service Vulnerability

insecure temporary file

Windows MapUrlToZone Denial of Service Vulnerability

CVE-2025-21276 7.5 - High - January 14, 2025

Windows MapUrlToZone Denial of Service Vulnerability

Integer underflow

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21277 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Buffer Over-read

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

CVE-2025-21278 5.5 - Medium - January 14, 2025

Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability

Race Condition

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

CVE-2025-21280 5.5 - Medium - January 14, 2025

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

Improper Input Validation

Microsoft COM for Windows Elevation of Privilege Vulnerability

CVE-2025-21281 7.8 - High - January 14, 2025

Microsoft COM for Windows Elevation of Privilege Vulnerability

Dangling pointer

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21282 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

CVE-2025-21284 5.5 - Medium - January 14, 2025

Windows Virtual Trusted Platform Module Denial of Service Vulnerability

Improper Input Validation

Windows SmartScreen Spoofing Vulnerability

CVE-2025-21314 6.5 - Medium - January 14, 2025

Windows SmartScreen Spoofing Vulnerability

User Interface (UI) Misrepresentation of Critical Information

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21232 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21233 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21236 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21237 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21238 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21239 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21240 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21241 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Kerberos Information Disclosure Vulnerability

CVE-2025-21242 5.9 - Medium - January 14, 2025

Windows Kerberos Information Disclosure Vulnerability

Information Disclosure

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21243 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21244 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Integer Overflow or Wraparound

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21258 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

CVE-2025-21257 5.5 - Medium - January 14, 2025

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

Out-of-bounds Read

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21256 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21245 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21246 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21248 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Digital Media Elevation of Privilege Vulnerability

CVE-2025-21249 6.6 - Medium - January 14, 2025

Windows Digital Media Elevation of Privilege Vulnerability

Out-of-bounds Read

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21250 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21251 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Resource Exhaustion

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21252 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21285 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

NULL Pointer Dereference

Windows Installer Elevation of Privilege Vulnerability

CVE-2025-21287 7.8 - High - January 14, 2025

Windows Installer Elevation of Privilege Vulnerability

Improper Privilege Management

Windows COM Server Information Disclosure Vulnerability

CVE-2025-21288 6.5 - Medium - January 14, 2025

Windows COM Server Information Disclosure Vulnerability

Use of Uninitialized Resource

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21289 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Resource Exhaustion

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

CVE-2025-21290 7.5 - High - January 14, 2025

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

Resource Exhaustion

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2025-21293 8.8 - High - January 14, 2025

Active Directory Domain Services Elevation of Privilege Vulnerability

Authorization

Microsoft Digest Authentication Remote Code Execution Vulnerability

CVE-2025-21294 8.1 - High - January 14, 2025

Microsoft Digest Authentication Remote Code Execution Vulnerability

Sensitive Data Storage in Improperly Locked Memory

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

CVE-2025-21295 8.1 - High - January 14, 2025

SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability

Dangling pointer

BranchCache Remote Code Execution Vulnerability

CVE-2025-21296 7.5 - High - January 14, 2025

BranchCache Remote Code Execution Vulnerability

Dangling pointer

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVE-2025-21297 8.1 - High - January 14, 2025

Windows Remote Desktop Services Remote Code Execution Vulnerability

Dangling pointer

Windows OLE Remote Code Execution Vulnerability

CVE-2025-21298 9.8 - Critical - January 14, 2025

Windows OLE Remote Code Execution Vulnerability

Dangling pointer

Windows Kerberos Security Feature Bypass Vulnerability

CVE-2025-21299 7.8 - High - January 14, 2025

Windows Kerberos Security Feature Bypass Vulnerability

Insecure Storage of Sensitive Information

Windows upnphost.dll Denial of Service Vulnerability

CVE-2025-21300 7.5 - High - January 14, 2025

Windows upnphost.dll Denial of Service Vulnerability

Resource Exhaustion

Windows Geolocation Service Information Disclosure Vulnerability

CVE-2025-21301 6.5 - Medium - January 14, 2025

Windows Geolocation Service Information Disclosure Vulnerability

Authorization

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21302 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21303 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Microsoft DWM Core Library Elevation of Privilege Vulnerability

CVE-2025-21304 7.8 - High - January 14, 2025

Microsoft DWM Core Library Elevation of Privilege Vulnerability

Dangling pointer

Windows Telephony Service Remote Code Execution Vulnerability

CVE-2025-21305 8.8 - High - January 14, 2025

Windows Telephony Service Remote Code Execution Vulnerability

Heap-based Buffer Overflow

Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability