Microsoft Windows_server_2016
522 CVEs affecting Microsoft Windows_server_2016. Latest disclosed: 2026-05-12. Critical: 8, High: 317.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41089 | Critical | 9.8 | 2026-05-12 | Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network. |
CVE-2025-60724 | Critical | 9.8 | 2025-11-11 | Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code over a network. |
CVE-2025-53766 | Critical | 9.8 | 2025-08-12 | Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network. |
CVE-2017-11899 | Critical | 9.8 | 2017-12-12 | Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due t… |
CVE-2017-11771 | Critical | 9.8 | 2017-10-13 | The Microsoft Windows Search component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT… |
CVE-2017-8686 | Critical | 9.8 | 2017-09-13 | The Windows Server DHCP service in Windows Server 2012 Gold and R2, and Windows Server 2016 allows an attacker to either run arbitrary code on the DHCP failove… |
CVE-2017-8589 | Critical | 9.8 | 2017-07-11 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and… |
CVE-2017-0021 | Critical | 9.0 | 2017-03-17 | Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a… |
CVE-2026-40403 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. |
CVE-2026-34329 | High | 8.8 | 2026-05-12 | Heap-based buffer overflow in Windows Message Queuing allows an unauthorized attacker to execute code over an adjacent network. |
CVE-2026-32157 | High | 8.8 | 2026-04-14 | Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CVE-2024-43455 | High | 8.8 | 2024-09-10 | Windows Remote Desktop Licensing Service Spoofing Vulnerability |
CVE-2017-11763 | High | 8.8 | 2017-10-13 | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1… |
CVE-2017-11762 | High | 8.8 | 2017-10-13 | The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1… |
CVE-2017-8682 | High | 8.8 | 2017-09-13 | Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold… |
CVE-2017-8660 | High | 8.8 | 2017-09-13 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current use… |
CVE-2017-8664 | High | 8.8 | 2017-08-08 | Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote… |
CVE-2017-8625 | High | 8.8 | 2017-08-08 | Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) polic… |
CVE-2017-8503 | High | 8.8 | 2017-08-08 | Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edg… |
CVE-2017-8590 | High | 8.8 | 2017-07-11 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and… |