Windows Server 2016 Microsoft Windows Server 2016

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2016.

By the Year

In 2025 there have been 318 vulnerabilities in Microsoft Windows Server 2016 with an average score of 7.2 out of ten. Last year, in 2024 Windows Server 2016 had 493 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2016 in 2025 could surpass last years number. Last year, the average CVE base score was greater by 0.30




Year Vulnerabilities Average Score
2025 318 7.22
2024 493 7.52
2023 505 7.52
2022 515 7.42
2021 505 7.38
2020 791 7.38
2019 443 7.26
2018 244 6.57

It may take a day or so for new Windows Server 2016 vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2016 Security Vulnerabilities

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave

CVE-2025-47159 7.8 - High - July 08, 2025

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Protection Mechanism Failure

Buffer over-read in Virtual Hard Disk (VHDX)

CVE-2025-47971 7.8 - High - July 08, 2025

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Over-read

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME)

CVE-2025-47972 8 - High - July 08, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges over a network.

Race Condition

Buffer over-read in Virtual Hard Disk (VHDX)

CVE-2025-47973 7.8 - High - July 08, 2025

Buffer over-read in Virtual Hard Disk (VHDX) allows an unauthorized attacker to elevate privileges locally.

Buffer Over-read

Double free in Windows SSDP Service

CVE-2025-47975 7 - High - July 08, 2025

Double free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Double-free

Use after free in Windows SSDP Service

CVE-2025-47976 7.8 - High - July 08, 2025

Use after free in Windows SSDP Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component

CVE-2025-47980 6.2 - Medium - July 08, 2025

Exposure of sensitive information to an unauthorized actor in Windows Imaging Component allows an unauthorized attacker to disclose information locally.

Information Disclosure

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation

CVE-2025-47981 9.8 - Critical - July 08, 2025

Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Improper input validation in Windows Storage VSP Driver

CVE-2025-47982 7.8 - High - July 08, 2025

Improper input validation in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally.

Improper Input Validation

Protection mechanism failure in Windows GDI

CVE-2025-47984 7.5 - High - July 08, 2025

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Protection Mechanism Failure

Untrusted pointer dereference in Windows Event Tracing

CVE-2025-47985 7.8 - High - July 08, 2025

Untrusted pointer dereference in Windows Event Tracing allows an authorized attacker to elevate privileges locally.

Untrusted Pointer Dereference

Use after free in Universal Print Management Service

CVE-2025-47986 8.8 - High - July 08, 2025

Use after free in Universal Print Management Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Heap-based buffer overflow in Windows Cred SSProvider Protocol

CVE-2025-47987 7.8 - High - July 08, 2025

Heap-based buffer overflow in Windows Cred SSProvider Protocol allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Use after free in Microsoft Input Method Editor (IME)

CVE-2025-47991 7.8 - High - July 08, 2025

Use after free in Microsoft Input Method Editor (IME) allows an authorized attacker to elevate privileges locally.

Dangling pointer

Improper privilege management in Windows Remote Access Connection Manager

CVE-2025-47955 7.8 - High - June 10, 2025

Improper privilege management in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally.

Improper Privilege Management

Protection mechanism failure in Windows Shell

CVE-2025-47160 5.4 - Medium - June 10, 2025

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Protection Mechanism Failure

Improper link resolution before file access ('link following') in Windows Installer

CVE-2025-33075 7.8 - High - June 10, 2025

Improper link resolution before file access ('link following') in Windows Installer allows an authorized attacker to elevate privileges locally.

insecure temporary file

Improper access control in Windows SMB

CVE-2025-33073 8.8 - High - June 10, 2025

Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.

Authorization

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33063 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33065 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Use of uninitialized resource in Windows Netlogon

CVE-2025-33070 8.1 - High - June 10, 2025

Use of uninitialized resource in Windows Netlogon allows an unauthorized attacker to elevate privileges over a network.

Use of Uninitialized Resource

Use after free in Windows KDC Proxy Service (KPSSVC)

CVE-2025-33071 8.1 - High - June 10, 2025

Use after free in Windows KDC Proxy Service (KPSSVC) allows an unauthorized attacker to execute code over a network.

Dangling pointer

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33062 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33061 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33060 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33059 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33058 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-33055 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-32720 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-32719 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service

CVE-2025-33068 7.5 - High - June 10, 2025

Uncontrolled resource consumption in Windows Standards-Based Storage Management Service allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Improper privilege management in Windows Kernel

CVE-2025-33067 8.4 - High - June 10, 2025

Improper privilege management in Windows Kernel allows an unauthorized attacker to elevate privileges locally.

Improper Privilege Management

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS)

CVE-2025-33066 8.8 - High - June 10, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS)

CVE-2025-33064 8.8 - High - June 10, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Null pointer dereference in Windows Local Security Authority (LSA)

CVE-2025-33057 6.5 - Medium - June 10, 2025

Null pointer dereference in Windows Local Security Authority (LSA) allows an authorized attacker to deny service over a network.

NULL Pointer Dereference

Improper access control in Microsoft Local Security Authority Server (lsasrv)

CVE-2025-33056 7.5 - High - June 10, 2025

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

Authorization

Protection mechanism failure in Windows DHCP Server

CVE-2025-33050 7.5 - High - June 10, 2025

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Protection Mechanism Failure

Protection mechanism failure in Windows DHCP Server

CVE-2025-32725 7.5 - High - June 10, 2025

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Protection Mechanism Failure

External control of file name or path in Internet Shortcut Files

CVE-2025-33053 8.8 - High - June 10, 2025

External control of file name or path in Internet Shortcut Files allows an unauthorized attacker to execute code over a network.

External Control of File Name or Path

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS)

CVE-2025-32724 7.5 - High - June 10, 2025

Uncontrolled resource consumption in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Improper access control in Windows Storage Port Driver

CVE-2025-32722 5.5 - Medium - June 10, 2025

Improper access control in Windows Storage Port Driver allows an authorized attacker to disclose information locally.

Authorization

Improper link resolution before file access ('link following') in Windows Recovery Driver

CVE-2025-32721 7.3 - High - June 10, 2025

Improper link resolution before file access ('link following') in Windows Recovery Driver allows an authorized attacker to elevate privileges locally.

insecure temporary file

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-24069 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Integer overflow or wraparound in Windows SMB

CVE-2025-32718 7.8 - High - June 10, 2025

Integer overflow or wraparound in Windows SMB allows an authorized attacker to elevate privileges locally.

Integer Overflow or Wraparound

Out-of-bounds read in Windows Storage Management Provider

CVE-2025-24065 5.5 - Medium - June 10, 2025

Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Out-of-bounds Read

Buffer over-read in Windows Storage Management Provider

CVE-2025-24068 5.5 - Medium - June 10, 2025

Buffer over-read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.

Buffer Over-read

Use after free in Windows Remote Desktop Services

CVE-2025-32710 8.1 - High - June 10, 2025

Use after free in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

Race Condition

Use after free in Windows Win32K - GRFX

CVE-2025-32712 7.8 - High - June 10, 2025

Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Dangling pointer

Out-of-bounds read in Windows Media

CVE-2025-32716 7.8 - High - June 10, 2025

Out-of-bounds read in Windows Media allows an authorized attacker to elevate privileges locally.

Out-of-bounds Read

Out-of-bounds read in Remote Desktop Client

CVE-2025-32715 6.5 - Medium - June 10, 2025

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows 11 22h2 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe