Microsoft Windows Server 2016 vulnerabilities

4,167 known vulnerabilities affecting microsoft/windows_server_2016.

Total CVEs

4,167

CISA KEV

114

actively exploited

Public exploits

129

Exploited in wild

107

Severity breakdown

CRITICAL114HIGH2916MEDIUM1118LOW19

Vulnerabilities

Page 35 of 209

CVE-2025-21350MEDIUMCVSS 5.9≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21350 [MEDIUM] CWE-20 Windows Kerberos Denial of Service Vulnerability Windows Kerberos Denial of Service Vulnerability Windows Kerberos Denial of Service Vulnerability

cvelistv5

CVE-2025-21352MEDIUMCVSS 6.5fixed in 10.0.14393.7785≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21352 [MEDIUM] CWE-400 CVE-2025-21352: Internet Connection Sharing (ICS) Denial of Service Vulnerability Internet Connection Sharing (ICS) Denial of Service Vulnerability

nvd

CVE-2025-21337LOWCVSS 3.3≥ 10.0.14393.0, < 10.0.14393.77852025-02-11

CVE-2025-21337 [LOW] CWE-284 Windows NTFS Elevation of Privilege Vulnerability Windows NTFS Elevation of Privilege Vulnerability Windows NTFS Elevation of Privilege Vulnerability

cvelistv5

CVE-2025-21298CRITICALCVSS 9.8≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21298 [CRITICAL] CWE-416 Windows OLE Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability Windows OLE Remote Code Execution Vulnerability

cvelistv5

CVE-2025-21307CRITICALCVSS 9.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21307 [CRITICAL] CWE-416 CVE-2025-21307: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability

nvd

CVE-2025-21239HIGHCVSS 8.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21239 [HIGH] CWE-122 CVE-2025-21239: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21293HIGHCVSS 8.8PoCfixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21293 [HIGH] CWE-284 CVE-2025-21293: Active Directory Domain Services Elevation of Privilege Vulnerability Active Directory Domain Services Elevation of Privilege Vulnerability

nvd

CVE-2025-21378HIGHCVSS 7.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21378 [HIGH] CWE-122 CVE-2025-21378: Windows CSC Service Elevation of Privilege Vulnerability Windows CSC Service Elevation of Privilege Vulnerability

nvd

CVE-2025-21300HIGHCVSS 7.5fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21300 [HIGH] CWE-400 CVE-2025-21300: Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability

nvd

CVE-2025-21409HIGHCVSS 8.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21409 [HIGH] CWE-122 CVE-2025-21409: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21339HIGHCVSS 8.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21339 [HIGH] CWE-122 CVE-2025-21339: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21417HIGHCVSS 8.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21417 [HIGH] CWE-122 CVE-2025-21417: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21281HIGHCVSS 7.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21281 [HIGH] CWE-416 CVE-2025-21281: Microsoft COM for Windows Elevation of Privilege Vulnerability Microsoft COM for Windows Elevation of Privilege Vulnerability

nvd

CVE-2025-21286HIGHCVSS 8.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21286 [HIGH] CWE-122 CVE-2025-21286: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21303HIGHCVSS 8.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21303 [HIGH] CWE-122 CVE-2025-21303: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21244HIGHCVSS 8.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21244 [HIGH] CWE-190 CVE-2025-21244: Windows Telephony Service Remote Code Execution Vulnerability Windows Telephony Service Remote Code Execution Vulnerability

nvd

CVE-2025-21287HIGHCVSS 7.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21287 [HIGH] CWE-269 CVE-2025-21287: Windows Installer Elevation of Privilege Vulnerability Windows Installer Elevation of Privilege Vulnerability

nvd

CVE-2025-21304HIGHCVSS 7.8fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21304 [HIGH] CWE-416 CVE-2025-21304: Microsoft DWM Core Library Elevation of Privilege Vulnerability Microsoft DWM Core Library Elevation of Privilege Vulnerability

nvd

CVE-2025-21289HIGHCVSS 7.5fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21289 [HIGH] CWE-400 CVE-2025-21289: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability

nvd

CVE-2025-21389HIGHCVSS 7.5fixed in 10.0.14393.7699≥ 10.0.14393.0, < 10.0.14393.76992025-01-14

CVE-2025-21389 [HIGH] CWE-400 CVE-2025-21389: Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an un Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network.

nvd

← Previous35 / 209Next →