Microsoft Windows Server 2016 vulnerabilities

4,167 known vulnerabilities affecting microsoft/windows_server_2016.

Total CVEs

4,167

CISA KEV

114

actively exploited

Public exploits

129

Exploited in wild

107

Severity breakdown

CRITICAL114HIGH2916MEDIUM1118LOW19

Vulnerabilities

Page 33 of 209

CVE-2025-24046HIGHCVSS 7.8fixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24046 [HIGH] CWE-416 CVE-2025-24046: Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges lo Use after free in Microsoft Streaming Service allows an authorized attacker to elevate privileges locally.

nvd

CVE-2025-24055MEDIUMCVSS 4.3fixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24055 [MEDIUM] CWE-125 CVE-2025-24055: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to disclose information with a physical attack.

nvd

CVE-2025-24991MEDIUMCVSS 5.5KEVfixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24991 [MEDIUM] CWE-125 CVE-2025-24991: Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally. Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.

nvd

CVE-2025-24054MEDIUMCVSS 5.4KEVPoCfixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24054 [MEDIUM] CWE-73 CVE-2025-24054: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2025-24992MEDIUMCVSS 5.5fixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24992 [MEDIUM] CWE-126 CVE-2025-24992: Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally. Buffer over-read in Windows NTFS allows an unauthorized attacker to disclose information locally.

nvd

CVE-2025-24987MEDIUMCVSS 6.8fixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24987 [MEDIUM] CWE-125 CVE-2025-24987: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

nvd

CVE-2025-21247MEDIUMCVSS 4.3fixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-21247 [MEDIUM] CWE-41 CVE-2025-21247: Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to b Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

nvd

CVE-2025-24984MEDIUMCVSS 4.6KEVfixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24984 [MEDIUM] CWE-532 CVE-2025-24984: Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to Insertion of sensitive information into log file in Windows NTFS allows an unauthorized attacker to disclose information with a physical attack.

nvd

CVE-2025-24071MEDIUMCVSS 6.5PoCfixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24071 [MEDIUM] CWE-200 CVE-2025-24071: Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauth Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2025-24988MEDIUMCVSS 6.8fixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24988 [MEDIUM] CWE-125 CVE-2025-24988: Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges w Out-of-bounds read in Windows USB Video Driver allows an authorized attacker to elevate privileges with a physical attack.

nvd

CVE-2025-24996MEDIUMCVSS 6.5fixed in 10.0.14393.7876≥ 10.0.14393.0, < 10.0.14393.78762025-03-11

CVE-2025-24996 [MEDIUM] CWE-73 CVE-2025-24996: External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spo External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network.

nvd

CVE-2025-21407HIGHCVSS 8.8fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21407 [HIGH] CWE-122 CVE-2025-21407: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21359HIGHCVSS 7.8fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21359 [HIGH] CWE-284 CVE-2025-21359: Windows Kernel Security Feature Bypass Vulnerability Windows Kernel Security Feature Bypass Vulnerability

nvd

CVE-2025-21414HIGHCVSS 7.0fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21414 [HIGH] CWE-122 CVE-2025-21414: Windows Core Messaging Elevation of Privileges Vulnerability Windows Core Messaging Elevation of Privileges Vulnerability

nvd

CVE-2025-21369HIGHCVSS 8.8fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21369 [HIGH] CWE-122 CVE-2025-21369: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication Remote Code Execution Vulnerability

nvd

CVE-2025-21410HIGHCVSS 8.8fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21410 [HIGH] CWE-122 CVE-2025-21410: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability

nvd

CVE-2025-21406HIGHCVSS 8.8fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21406 [HIGH] CWE-416 CVE-2025-21406: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21373HIGHCVSS 7.8fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21373 [HIGH] CWE-59 CVE-2025-21373: Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability

nvd

CVE-2025-21376HIGHCVSS 8.1fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21376 [HIGH] CWE-122 CVE-2025-21376: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

nvd

CVE-2025-21368HIGHCVSS 8.8fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21368 [HIGH] CWE-122 CVE-2025-21368: Microsoft Digest Authentication Remote Code Execution Vulnerability Microsoft Digest Authentication Remote Code Execution Vulnerability

nvd

← Previous33 / 209Next →