Windows Server Microsoft Windows Server

Do you want an email whenever new security vulnerabilities are reported in Microsoft Windows Server?

By the Year

In 2021 there have been 23 vulnerabilities in Microsoft Windows Server with an average score of 7.4 out of ten. Windows Server did not have any published security vulnerabilities last year. That is, 23 more vulnerabilities have already been reported in 2021 as compared to last year.

Year Vulnerabilities Average Score
2021 23 7.44
2020 0 0.00
2019 0 0.00
2018 36 6.37

It may take a day or so for new Windows Server vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Windows Server Security Vulnerabilities

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2021-42282 8.8 - High - November 10, 2021

Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42287, CVE-2021-42291.

Improper Privilege Management

NTFS Elevation of Privilege Vulnerability

CVE-2021-42283 7.8 - High - November 10, 2021

NTFS Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-41367, CVE-2021-41370.

Improper Privilege Management

Windows Hyper-V Denial of Service Vulnerability

CVE-2021-42284 7.5 - High - November 10, 2021

Windows Hyper-V Denial of Service Vulnerability

Resource Exhaustion

Windows Kernel Elevation of Privilege Vulnerability

CVE-2021-42285 7.8 - High - November 10, 2021

Windows Kernel Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability

CVE-2021-42286 7.8 - High - November 10, 2021

Windows Core Shell SI Host Extension Framework for Composable Shell Elevation of Privilege Vulnerability

Improper Privilege Management

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2021-42287 8.8 - High - November 10, 2021

Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42291.

Improper Privilege Management

Active Directory Domain Services Elevation of Privilege Vulnerability

CVE-2021-42291 8.8 - High - November 10, 2021

Active Directory Domain Services Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-42278, CVE-2021-42282, CVE-2021-42287.

Improper Privilege Management

Rich Text Edit Control Information Disclosure Vulnerability

CVE-2021-40454 5.5 - Medium - October 13, 2021

Rich Text Edit Control Information Disclosure Vulnerability

Cleartext Storage of Sensitive Information

Windows Text Shaping Remote Code Execution Vulnerability

CVE-2021-40465 7.8 - High - October 13, 2021

Windows Text Shaping Remote Code Execution Vulnerability

Windows Nearby Sharing Elevation of Privilege Vulnerability

CVE-2021-40464 8 - High - October 13, 2021

Windows Nearby Sharing Elevation of Privilege Vulnerability

Improper Privilege Management

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

CVE-2021-40462 7.8 - High - October 13, 2021

Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability

Windows Hyper-V Remote Code Execution Vulnerability

CVE-2021-40461 9 - Critical - October 13, 2021

Windows Hyper-V Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-38672.

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

CVE-2021-40460 6.5 - Medium - October 13, 2021

Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability

Windows AD FS Security Feature Bypass Vulnerability

CVE-2021-40456 7.5 - High - October 13, 2021

Windows AD FS Security Feature Bypass Vulnerability

Windows Installer Spoofing Vulnerability

CVE-2021-40455 5.5 - Medium - October 13, 2021

Windows Installer Spoofing Vulnerability

Win32k Elevation of Privilege Vulnerability

CVE-2021-40449 7.8 - High - October 13, 2021

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40450, CVE-2021-41357.

Improper Privilege Management

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVE-2021-40443 7.8 - High - October 13, 2021

Windows Common Log File System Driver Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40466, CVE-2021-40467.

Improper Privilege Management

Windows exFAT File System Information Disclosure Vulnerability

CVE-2021-38663 5.5 - Medium - October 13, 2021

Windows exFAT File System Information Disclosure Vulnerability

Windows Fast FAT File System Driver Information Disclosure Vulnerability

CVE-2021-38662 5.5 - Medium - October 13, 2021

Windows Fast FAT File System Driver Information Disclosure Vulnerability This CVE ID is unique from CVE-2021-41343.

Windows Print Spooler Spoofing Vulnerability

CVE-2021-36970 6.5 - Medium - October 13, 2021

Windows Print Spooler Spoofing Vulnerability

Windows TCP/IP Denial of Service Vulnerability

CVE-2021-36953 7.5 - High - October 13, 2021

Windows TCP/IP Denial of Service Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

CVE-2021-26441 7.8 - High - October 13, 2021

Storage Spaces Controller Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40478, CVE-2021-40488, CVE-2021-40489, CVE-2021-41345.

Improper Privilege Management

Win32k Elevation of Privilege Vulnerability

CVE-2021-40450 7.8 - High - October 13, 2021

Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-40449, CVE-2021-41357.

Improper Privilege Management

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory

CVE-2018-8554 7.8 - High - November 14, 2018

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561.

Improper Resource Shutdown or Release

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts

CVE-2018-8332 8.8 - High - September 13, 2018

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Win32k Graphics Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory

CVE-2018-8422 6.5 - Medium - September 13, 2018

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8424.

Information Disclosure

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input

CVE-2018-8420 8.8 - High - September 13, 2018

A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input, aka "MS XML Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

XXE

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address

CVE-2018-8419 5.5 - Medium - September 13, 2018

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446.

Improper Initialization

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input

CVE-2018-8438 6.8 - Medium - September 13, 2018

A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437.

Improper Input Validation

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory

CVE-2018-8410 7.8 - High - September 13, 2018

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.

Improper Resource Shutdown or Release

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory

CVE-2018-8445 5.5 - Medium - September 13, 2018

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8446.

Information Disclosure

A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server

CVE-2018-8335 7.5 - High - September 13, 2018

A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths

CVE-2018-8414 8.8 - High - August 15, 2018

A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths, aka "Windows Shell Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

Improper Input Validation

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory

CVE-2018-8399 7 - High - August 15, 2018

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10. This CVE ID is unique from CVE-2018-8404.

Improper Resource Shutdown or Release

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory

CVE-2018-8350 8.8 - High - August 15, 2018

A remote code execution vulnerability exists when Microsoft Windows PDF Library improperly handles objects in memory, aka "Windows PDF Remote Code Execution Vulnerability." This affects Windows 10 Servers, Windows 10.

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0811 5.5 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Improper Initialization

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0813 5.5 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.

Improper Initialization

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0814 5.5 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926.

Improper Initialization

The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0877 7.8 - High - March 14, 2018

The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0880 7 - High - March 14, 2018

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0882.

The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0881 7 - High - March 14, 2018

The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege due to how objects are handled in memory, aka "Microsoft Video Control Elevation of Privilege Vulnerability".

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0882 7 - High - March 14, 2018

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880.

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0883 7.5 - High - March 14, 2018

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how file copy destinations are validated, aka "Windows Shell Remote Code Execution Vulnerability".

Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0884 7.8 - High - March 14, 2018

Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0902.

The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0885 5.8 - Medium - March 14, 2018

The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows a denial of service vulnerability due to how input from a privileged user on a guest operating system is validated, aka "Hyper-V Denial of Service Vulnerability".

Improper Input Validation

The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0888 5.6 - Medium - March 14, 2018

The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how guest operating system input is validated, aka "Hyper-V Information Disclosure Vulnerability".

Improper Input Validation

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0894 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Out-of-bounds Read

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0895 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Improper Initialization

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0896 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Information Disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0897 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Improper Initialization

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0898 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Information Disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0899 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0900, CVE-2018-0901 and CVE-2018-0926.

Information Disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0900 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926.

Information Disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0901 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926.

Improper Initialization

The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709

CVE-2018-0902 7.8 - High - March 14, 2018

The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, aka "Windows Security Feature Bypass Vulnerability". This CVE is unique from CVE-2018-0884.

The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0904 4.7 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows information disclosure vulnerability due to how memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability".

Information Disclosure

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0926 5.5 - Medium - March 14, 2018

The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901.

Improper Initialization

StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0825 7.5 - High - February 15, 2018

StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a remote code execution vulnerability due to how objects are handled in memory, aka "StructuredQuery Remote Code Execution Vulnerability".

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709

CVE-2018-0757 4.7 - Medium - February 15, 2018

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0810.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows Server 2016 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe