Microsoft Windows Server 2022

2864 CVEs affecting Microsoft Windows Server 2022. Latest disclosed: 2026-05-12. Critical: 61, High: 2042.

Top CVEs affecting Microsoft Windows Server 2022
CVE	Severity	Score	Published	Summary
`CVE-2025-49708`	Critical	`9.9`	2025-10-14	Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges over a network.
`CVE-2026-41089`	Critical	`9.8`	2026-05-12	Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.
`CVE-2026-33824`	Critical	`9.8`	2026-04-14	Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
`CVE-2025-60724`	Critical	`9.8`	2025-11-11	Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network.
`CVE-2025-59287`	Critical	`9.8`	2025-10-14	Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
`CVE-2025-53766`	Critical	`9.8`	2025-08-12	Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
`CVE-2025-47981`	Critical	`9.8`	2025-07-08	Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
`CVE-2025-21307`	Critical	`9.8`	2025-01-14	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
`CVE-2025-21298`	Critical	`9.8`	2025-01-14	Windows OLE Remote Code Execution Vulnerability
`CVE-2024-49112`	Critical	`9.8`	2024-12-10	Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
`CVE-2024-43639`	Critical	`9.8`	2024-11-12	Windows KDC Proxy Remote Code Execution Vulnerability
`CVE-2024-38140`	Critical	`9.8`	2024-08-13	Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
`CVE-2024-38063`	Critical	`9.8`	2024-08-13	Windows TCP/IP Remote Code Execution Vulnerability
`CVE-2024-38199`	Critical	`9.8`	2024-08-13	Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
`CVE-2024-38076`	Critical	`9.8`	2024-07-09	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
`CVE-2024-38074`	Critical	`9.8`	2024-07-09	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
`CVE-2024-38077`	Critical	`9.8`	2024-07-09	Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
`CVE-2024-30080`	Critical	`9.8`	2024-06-11	Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
`CVE-2023-36028`	Critical	`9.8`	2023-11-14	Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability
`CVE-2023-36397`	Critical	`9.8`	2023-11-14	Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability