Microsoft Windows Server 2008 Service Pack 2 vulnerabilities

CVE-2025-21197 [MEDIUM] CWE-284 CVE-2025-21197: Improper access control in Windows NTFS allows an authorized attacker to disclose file path informat Improper access control in Windows NTFS allows an authorized attacker to disclose file path information under a folder where the attacker doesn't have permission to list content.

CVE-2025-27742 [MEDIUM] CWE-125 CVE-2025-27742: Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally. Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.

CVE-2025-27474 [MEDIUM] CWE-908 CVE-2025-27474: Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthor Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26664 [MEDIUM] CWE-126 CVE-2025-26664: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26676 [MEDIUM] CWE-126 CVE-2025-26676: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-26672 [MEDIUM] CWE-126 CVE-2025-26672: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-27471 [MEDIUM] CWE-591 CVE-2025-27471: Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthor Sensitive data storage in improperly locked memory in Microsoft Streaming Service allows an unauthorized attacker to deny service over a network.

CVE-2025-21203 [MEDIUM] CWE-126 CVE-2025-21203: Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

CVE-2025-24985 [HIGH] CWE-122 CVE-2025-24985: Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.

CVE-2025-24072 [HIGH] CWE-416 CVE-2025-24072: Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker t Use after free in Microsoft Local Security Authority Server (lsasrv) allows an authorized attacker to elevate privileges locally.

CVE-2025-24035 [HIGH] CWE-591 CVE-2025-24035: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unau Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVE-2025-24051 [HIGH] CWE-122 CVE-2025-24051: Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorize Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

CVE-2025-26645 [HIGH] CWE-23 CVE-2025-26645: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code ove Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2025-24983 [HIGH] CWE-416 CVE-2025-24983: Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.

CVE-2025-26633 [HIGH] CWE-707 CVE-2025-26633: Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

CVE-2025-24993 [HIGH] CWE-122 CVE-2025-24993: Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.

CVE-2025-24064 [HIGH] CWE-416 CVE-2025-24064: Use after free in DNS Server allows an unauthorized attacker to execute code over a network. Use after free in DNS Server allows an unauthorized attacker to execute code over a network.

CVE-2025-24056 [HIGH] CWE-122 CVE-2025-24056: Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute co Heap-based buffer overflow in Windows Telephony Server allows an unauthorized attacker to execute code over a network.

CVE-2025-24059 [HIGH] CWE-125 CVE-2025-24059: Incorrect conversion between numeric types in Windows Common Log File System Driver allows an author Incorrect conversion between numeric types in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2025-21180 [HIGH] CWE-122 CVE-2025-21180: Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute c Heap-based buffer overflow in Windows exFAT File System allows an unauthorized attacker to execute code locally.