Microsoft Windows Server 2008 Service Pack 2 vulnerabilities
1,672 known vulnerabilities affecting microsoft/windows_server_2008_service_pack_2.
Total CVEs
1,672
CISA KEV
66
actively exploited
Public exploits
37
Exploited in wild
58
Severity breakdown
CRITICAL68HIGH1214MEDIUM387LOW3
Vulnerabilities
Page 15 of 84
CVE-2025-24991MEDIUMCVSS 5.5KEV≥ 6.0.6003.0, < 6.0.6003.231682025-03-11
CVE-2025-24991 [MEDIUM] CWE-125 CVE-2025-24991: Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
cvelistv5nvd
CVE-2025-24992MEDIUMCVSS 5.5≥ 6.0.6003.0, < 6.0.6003.231682025-03-11
CVE-2025-24992 [MEDIUM] CWE-126 CVE-2025-24992: Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.
cvelistv5nvd
CVE-2025-21247MEDIUMCVSS 4.3≥ 6.0.6003.0, < 6.0.6003.231682025-03-11
CVE-2025-21247 [MEDIUM] CWE-41 CVE-2025-21247: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
cvelistv5nvd
CVE-2025-24055MEDIUMCVSS 4.3≥ 6.0.6003.0, < 6.0.6003.231682025-03-11
CVE-2025-24055 [MEDIUM] CWE-125 CVE-2025-24055: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.
cvelistv5nvd
CVE-2025-24988MEDIUMCVSS 6.8≥ 6.0.6003.0, < 6.0.6003.231682025-03-11
CVE-2025-24988 [MEDIUM] CWE-125 CVE-2025-24988: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
cvelistv5nvd
CVE-2025-24987MEDIUMCVSS 6.8≥ 6.0.6003.0, < 6.0.6003.231682025-03-11
CVE-2025-24987 [MEDIUM] CWE-125 CVE-2025-24987: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w
Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.
cvelistv5nvd
CVE-2025-21407HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21407 [HIGH] CWE-122 CVE-2025-21407: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21359HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21359 [HIGH] CWE-284 CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability
Windows Kernel Security Feature Bypass Vulnerability
cvelistv5nvd
CVE-2025-21369HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21369 [HIGH] CWE-122 CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability
Microsoft Digest Authentication Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21418HIGHCVSS 7.8KEV≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21418 [HIGH] CWE-122 CVE-2025-21418: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2025-21410HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21410 [HIGH] CWE-122 CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21406HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21406 [HIGH] CWE-416 CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21208HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21208 [HIGH] CWE-122 CVE-2025-21208: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21201HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21201 [HIGH] CWE-415 CVE-2025-21201: Windows Telephony Server Remote Code Execution Vulnerability
Windows Telephony Server Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21373HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21373 [HIGH] CWE-59 CVE-2025-21373: Windows Installer Elevation of Privilege Vulnerability
Windows Installer Elevation of Privilege Vulnerability
cvelistv5nvd
CVE-2025-21368HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21368 [HIGH] CWE-122 CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability
Microsoft Digest Authentication Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21376HIGHCVSS 8.1≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21376 [HIGH] CWE-122 CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21200HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21200 [HIGH] CWE-122 CVE-2025-21200: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21190HIGHCVSS 8.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21190 [HIGH] CWE-122 CVE-2025-21190: Windows Telephony Service Remote Code Execution Vulnerability
Windows Telephony Service Remote Code Execution Vulnerability
cvelistv5nvd
CVE-2025-21375HIGHCVSS 7.8≥ 6.0.6003.0, < 6.0.6003.231172025-02-11
CVE-2025-21375 [HIGH] CWE-20 CVE-2025-21375: Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability
cvelistv5nvd