Windows Server 2022 23h2 Microsoft Windows Server 2022 23h2

  1. Vendors
  2. Microsoft
  3. Windows Server 2022 23h2

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2022 23h2.

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft Windows Server 2022 23h2. Last year, in 2025 Windows Server 2022 23h2 had 496 security vulnerabilities published. Right now, Windows Server 2022 23h2 is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 496 7.31
2024 597 7.45
2023 21 7.26

It may take a day or so for new Windows Server 2022 23h2 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server 2022 23h2 Security Vulnerabilities

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-49757 8.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows StateRepository API Server file Elevation of Privilege Vulnerability
CVE-2025-53789 7.8 - High - August 12, 2025

Missing authentication for critical function in Windows StateRepository API allows an authorized attacker to elevate privileges locally.

Missing Authentication for Critical Function

Aug 2025: GDI+ Remote Code Execution Vulnerability
CVE-2025-53766 9.8 - Critical - August 12, 2025

Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Remote Desktop Spoofing Vulnerability
CVE-2025-50171 9.1 - Critical - August 12, 2025

Missing authorization in Remote Desktop Server allows an unauthorized attacker to perform spoofing over a network.

AuthZ

Aug 2025: Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2025-50167 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Distributed Transaction Coordinator (MSDTC) Information Disclosure Vulnerability
CVE-2025-50166 6.5 - Medium - August 12, 2025

Integer overflow or wraparound in Windows Distributed Transaction Coordinator allows an authorized attacker to disclose information over a network.

Integer Overflow or Wraparound

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50164 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50163 8.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50162 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-50161 7.3 - High - August 12, 2025

Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-50160 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Remote Access Point-to-Point Protocol (PPP) EAP-TLS Elevation of Privilege Vulnerability
CVE-2025-50159 7.3 - High - August 12, 2025

Use after free in Remote Access Point-to-Point Protocol (PPP) EAP-TLS allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows NTFS Information Disclosure Vulnerability
CVE-2025-50158 7 - High - August 12, 2025

Time-of-check time-of-use (toctou) race condition in Windows NTFS allows an unauthorized attacker to disclose information locally.

TOCTTOU

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-50157 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-50156 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Push Notifications Apps Elevation of Privilege Vulnerability
CVE-2025-50155 7.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Object Type Confusion

Aug 2025: Microsoft Windows File Explorer Spoofing Vulnerability
CVE-2025-50154 6.5 - Medium - August 12, 2025

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

Information Disclosure

Aug 2025: Windows NTLM Elevation of Privilege Vulnerability
CVE-2025-53778 8.8 - High - August 12, 2025

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

authentification

Aug 2025: Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2025-53723 7.8 - High - August 12, 2025

Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Numeric Truncation Error

Aug 2025: Windows Hyper-V Denial of Service Vulnerability
CVE-2025-49751 6.8 - Medium - August 12, 2025

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network.

Missing Synchronization

Aug 2025: Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2025-49743 6.7 - Medium - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Hyper-V Remote Code Execution Vulnerability
CVE-2025-48807 6.7 - Medium - August 12, 2025

Improper restriction of communication channel to intended endpoints in Windows Hyper-V allows an authorized attacker to execute code locally.

Improper Restriction of Communication Channel to Intended Endpoints

Aug 2025: Windows Push Notifications Apps Elevation of Privilege Vulnerability
CVE-2025-53726 7.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Object Type Confusion

Aug 2025: Windows Push Notifications Apps Elevation of Privilege Vulnerability
CVE-2025-53725 7.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Object Type Confusion

Aug 2025: Windows Push Notifications Apps Elevation of Privilege Vulnerability
CVE-2025-53724 7.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.

Object Type Confusion

Aug 2025: Windows Remote Desktop Services Denial of Service Vulnerability
CVE-2025-53722 7.5 - High - August 12, 2025

Uncontrolled resource consumption in Windows Remote Desktop Services allows an unauthorized attacker to deny service over a network.

Resource Exhaustion

Aug 2025: Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
CVE-2025-53721 7 - High - August 12, 2025

Use after free in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2025-53720 8 - High - August 12, 2025

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53719 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53718 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability
CVE-2025-53716 6.5 - Medium - August 12, 2025

Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an authorized attacker to deny service over a network.

NULL Pointer Dereference

Aug 2025: Windows Hyper-V Elevation of Privilege Vulnerability
CVE-2025-53155 7.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Aug 2025: Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-49761 7.8 - High - August 12, 2025

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-49762 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-50168 7.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.

Object Type Confusion

Aug 2025: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
CVE-2025-50170 7.8 - High - August 12, 2025

Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.

Improper Handling of Insufficient Permissions or Privileges

Aug 2025: DirectX Graphics Kernel Denial of Service Vulnerability
CVE-2025-50172 6.5 - Medium - August 12, 2025

Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.

Allocation of Resources Without Limits or Throttling

Aug 2025: Windows Installer Elevation of Privilege Vulnerability
CVE-2025-50173 7.8 - High - August 12, 2025

Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.

1390

Aug 2025: DirectX Graphics Kernel Remote Code Execution Vulnerability
CVE-2025-50176 7.8 - High - August 12, 2025

Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.

Object Type Confusion

Aug 2025: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2025-50177 8.1 - High - August 12, 2025

Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.

Dangling pointer

Aug 2025: Windows Media Remote Code Execution Vulnerability
CVE-2025-53131 8.8 - High - August 12, 2025

Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.

Heap-based Buffer Overflow

Aug 2025: Win32k Elevation of Privilege Vulnerability
CVE-2025-53132 7.8 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53134 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

TOCTTOU

Aug 2025: DirectX Graphics Kernel Elevation of Privilege Vulnerability
CVE-2025-53135 7 - High - August 12, 2025

Concurrent execution using shared resource with improper synchronization ('race condition') in Windows DirectX allows an authorized attacker to elevate privileges locally.

Race Condition

Aug 2025: NT OS Kernel Information Disclosure Vulnerability
CVE-2025-53136 5.5 - Medium - August 12, 2025

Exposure of sensitive information to an unauthorized actor in Windows NT OS Kernel allows an authorized attacker to disclose information locally.

Information Disclosure

Aug 2025: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2025-53137 7 - High - August 12, 2025

Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
CVE-2025-53149 7.8 - High - August 12, 2025

Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.

Heap-based Buffer Overflow

Aug 2025: Windows Kernel Elevation of Privilege Vulnerability
CVE-2025-53151 7.8 - High - August 12, 2025

Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.

Dangling pointer

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53153 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Aug 2025: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
CVE-2025-53148 5.7 - Medium - August 12, 2025

Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to disclose information over a network.

Use of Uninitialized Resource

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2022 23h2 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Windows Server 2022 23h2
Product

subscribe