Microsoft Windows Server 2012 R2 vulnerabilities

CVE-2026-33834 [HIGH] CWE-284 CVE-2026-33834: Improper access control in Windows Event Logging Service allows an authorized attacker to elevate pr Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally.

CVE-2026-40406 [HIGH] CWE-416 CVE-2026-40406: Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a netw Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.

CVE-2026-40382 [HIGH] CWE-416 CVE-2026-40382: Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges loca Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-35416 [HIGH] CWE-416 CVE-2026-35416: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-40397 [HIGH] CWE-191 CVE-2026-40397: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-35421 [HIGH] CWE-122 CVE-2026-35421: Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally. Heap-based buffer overflow in Windows GDI allows an unauthorized attacker to execute code locally.

CVE-2026-40414 [HIGH] CWE-476 CVE-2026-40414: Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an a Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

CVE-2026-34342 [HIGH] CWE-362 CVE-2026-34342: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.

CVE-2026-35420 [HIGH] CWE-122 CVE-2026-35420: Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges loc Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.

CVE-2026-34331 [HIGH] CWE-362 CVE-2026-34331: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.

CVE-2026-34344 [HIGH] CWE-843 CVE-2026-34344: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.

CVE-2026-34334 [HIGH] CWE-362 CVE-2026-34334: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-40413 [HIGH] CWE-476 CVE-2026-40413: Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an a Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over an adjacent network.

CVE-2026-40407 [HIGH] CWE-122 CVE-2026-40407: Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.

CVE-2026-34351 [HIGH] CWE-362 CVE-2026-34351: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an authorized attacker to elevate privileges locally.

CVE-2026-42825 [HIGH] CWE-416 CVE-2026-42825: Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges loca Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.

CVE-2026-35422 [MEDIUM] CWE-288 CVE-2026-35422: Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized atta Authentication bypass using an alternate path or channel in Windows TCP/IP allows an authorized attacker to bypass a security feature over a network.

CVE-2026-32170 [MEDIUM] CWE-415 CVE-2026-32170: Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally.

CVE-2026-32209 [MEDIUM] CWE-284 CVE-2026-32209: Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.

CVE-2026-35423 [MEDIUM] CWE-125 CVE-2026-35423: Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a n Out-of-bounds read in Telnet Client allows an unauthorized attacker to disclose information over a network.