Microsoft Windows Server 2025
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Windows Server 2025.
By the Year
In 2026 there have been 446 vulnerabilities in Microsoft Windows Server 2025 with an average score of 7.3 out of ten. Last year, in 2025 Windows Server 2025 had 777 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Windows Server 2025 in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 0.04.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 446 | 7.26 |
| 2025 | 777 | 7.22 |
| 2024 | 92 | 7.59 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.00 |
It may take a day or so for new Windows Server 2025 vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Windows Server 2025 Security Vulnerabilities
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42993
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44812
7.8 - High
- June 09, 2026
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Jun 2026: Windows Graphics Component Remote Code Execution Vulnerability
CVE-2026-44803
7.8 - High
- June 09, 2026
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
Integer Overflow or Wraparound
Jun 2026: Windows Deployment Services (WDS) Remote Code Execution
CVE-2026-42987
8.1 - High
- June 09, 2026
Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42985
8.8 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44801
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jun 2026: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-44802
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-42983
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: DHCP Client Service Remote Code Execution Vulnerability
CVE-2026-44815
9.8 - Critical
- June 09, 2026
Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network.
Stack Overflow
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-44799
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jun 2026: Windows Network Controller (NC) Host Agent Denial of Service Vulnerability
CVE-2026-44805
5.5 - Medium
- June 09, 2026
Use after free in Windows Network Controller (NC) Host Agent allows an authorized attacker to deny service locally.
Dangling pointer
Jun 2026: Microsoft Cryptographic Services Elevation of Privilege Vulnerability
CVE-2026-44810
8.4 - High
- June 09, 2026
Improper authentication in Windows Cryptographic Services allows an unauthorized attacker to elevate privileges locally.
authentification
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42992
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Jun 2026: Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2026-44809
7.8 - High
- June 09, 2026
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42991
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Winlogon Elevation of Privilege Vulnerability
CVE-2026-42989
7.8 - High
- June 09, 2026
Improper link resolution before file access ('link following') in Winlogon allows an authorized attacker to elevate privileges locally.
insecure temporary file
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42979
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42977
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows Push Notifications Elevation of Privilege Vulnerability
CVE-2026-42978
7.8 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Microsoft Graphics Component Elevation of Privilege Vulnerability
CVE-2026-42986
7.8 - High
- June 09, 2026
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Performance Monitor Remote Code Execution Vulnerability
CVE-2026-42974
8.1 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
Integer Overflow or Wraparound
Jun 2026: Windows Kernel Elevation of Privilege Vulnerability
CVE-2026-42984
7 - High
- June 09, 2026
Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows Performance Monitor Remote Code Execution Vulnerability
CVE-2026-42981
8.1 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network.
Integer underflow
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42973
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42970
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42971
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Push Notification Information Disclosure Vulnerability
CVE-2026-42969
5.5 - Medium
- June 09, 2026
Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally.
Use of Uninitialized Resource
Jun 2026: Windows Hyper-V Information Disclosure Vulnerability
CVE-2026-42972
5.5 - Medium
- June 09, 2026
Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Telephony Server Information Disclosure Vulnerability
CVE-2026-42968
5.5 - Medium
- June 09, 2026
Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally.
Out-of-bounds Read
Jun 2026: Windows TCP/IP Denial of Service Vulnerability
CVE-2026-42915
5.7 - Medium
- June 09, 2026
Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network.
Incorrect Calculation of Buffer Size
Jun 2026: Windows Kerberos Denial of Service Vulnerability
CVE-2026-42914
5.3 - Medium
- June 09, 2026
Windows Kerberos Denial of Service Vulnerability
Out-of-bounds Read
Jun 2026: Windows Telephony Service Elevation of Privilege Vulnerability
CVE-2026-42912
7 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42913
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Race Condition
Jun 2026: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
CVE-2026-42911
7 - High
- June 09, 2026
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42916
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Integer Overflow or Wraparound
Jun 2026: NT OS Kernel Elevation of Privilege Vulnerability
CVE-2026-42980
7.8 - High
- June 09, 2026
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
Integer underflow
Jun 2026: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2026-42909
7.5 - High
- June 09, 2026
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Race Condition
Jun 2026: Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2026-42908
7.5 - High
- June 09, 2026
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
Jun 2026: Windows Shell Information Disclosure Vulnerability
CVE-2026-42907
6.5 - Medium
- June 09, 2026
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows Shell Information Disclosure Vulnerability
CVE-2026-42906
5.5 - Medium
- June 09, 2026
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally.
Information Disclosure
Jun 2026: Windows DWM Core Library Elevation of Privilege Vulnerability
CVE-2026-42905
7.8 - High
- June 09, 2026
Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally.
Dangling pointer
Jun 2026: Windows TCP/IP Elevation of Privilege Vulnerability
CVE-2026-42904
9.6 - Critical
- June 09, 2026
Heap-based buffer overflow in Windows TCP/IP allows an unauthorized attacker to elevate privileges over an adjacent network.
Heap-based Buffer Overflow
Jun 2026: Windows Kerberos Denial of Service Vulnerability
CVE-2026-42903
6.5 - Medium
- June 09, 2026
Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network.
NULL Pointer Dereference
Jun 2026: Windows Projected File System Elevation of Privilege Vulnerability
CVE-2026-42837
7.8 - High
- June 09, 2026
Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally.
Out-of-bounds Read
Jun 2026: Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability
CVE-2026-42836
7 - High
- June 09, 2026
Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally.
Race Condition
Jun 2026: Windows BitLocker Security Feature Bypass Vulnerability
CVE-2026-50507
6.8 - Medium
- June 09, 2026
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
Missing Authentication for Critical Function
Jun 2026: HTTP.sys Denial of Service Vulnerability
CVE-2026-49160
7.5 - High
- June 09, 2026
Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network.
Resource Exhaustion
Jun 2026: Windows Media Remote Code Execution Vulnerability
CVE-2026-48574
7.8 - High
- June 09, 2026
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
Heap-based Buffer Overflow
Jun 2026: Windows Boot Manager Security Feature Bypass Vulnerability
CVE-2026-47656
7.9 - High
- June 09, 2026
Protection mechanism failure in Windows Boot Manager allows an authorized attacker to bypass a security feature locally.
Protection Mechanism Failure
Jun 2026: Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability
CVE-2026-42910
7.8 - High
- June 09, 2026
Out-of-bounds write in Windows Hotpatch Monitoring Service allows an authorized attacker to elevate privileges locally.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2025 or by Microsoft? Click the Watch button to subscribe.
