Microsoft Windows Server 2016 vulnerabilities

4,167 known vulnerabilities affecting microsoft/windows_server_2016.

Total CVEs

4,167

CISA KEV

114

actively exploited

Public exploits

129

Exploited in wild

107

Severity breakdown

CRITICAL114HIGH2916MEDIUM1118LOW19

Vulnerabilities

Page 50 of 209

CVE-2024-38187HIGHCVSS 7.8fixed in 10.0.14393.7159≥ 10.0.14393.0, < 10.0.14393.71592024-08-13

CVE-2024-38187 [HIGH] CWE-822 CVE-2024-38187: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Windows Kernel-Mode Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-38196HIGHCVSS 7.8fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38196 [HIGH] CWE-20 CVE-2024-38196: Windows Common Log File System Driver Elevation of Privilege Vulnerability Windows Common Log File System Driver Elevation of Privilege Vulnerability

nvd

CVE-2024-38127HIGHCVSS 7.8fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38127 [HIGH] CWE-126 CVE-2024-38127: Windows Hyper-V Elevation of Privilege Vulnerability Windows Hyper-V Elevation of Privilege Vulnerability

nvd

CVE-2024-38198HIGHCVSS 7.5fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38198 [HIGH] CWE-345 CVE-2024-38198: Windows Print Spooler Elevation of Privilege Vulnerability Windows Print Spooler Elevation of Privilege Vulnerability

nvd

CVE-2024-38114HIGHCVSS 8.8fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38114 [HIGH] CWE-122 CVE-2024-38114: Windows IP Routing Management Snapin Remote Code Execution Vulnerability Windows IP Routing Management Snapin Remote Code Execution Vulnerability

nvd

CVE-2024-38146HIGHCVSS 7.5fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38146 [HIGH] CWE-476 CVE-2024-38146: Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability Windows Layer-2 Bridge Network Driver Denial of Service Vulnerability

nvd

CVE-2024-38193HIGHCVSS 7.8KEVPoCfixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38193 [HIGH] CWE-416 CVE-2024-38193: Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

nvd

CVE-2024-38138HIGHCVSS 7.5fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.73362024-08-13

CVE-2024-38138 [HIGH] CWE-416 CVE-2024-38138: Windows Deployment Services Remote Code Execution Vulnerability Windows Deployment Services Remote Code Execution Vulnerability

nvd

CVE-2024-38153HIGHCVSS 7.8fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38153 [HIGH] CWE-367 CVE-2024-38153: Windows Kernel Elevation of Privilege Vulnerability Windows Kernel Elevation of Privilege Vulnerability

nvd

CVE-2024-38118MEDIUMCVSS 5.5fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38118 [MEDIUM] CWE-908 CVE-2024-38118: Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability

nvd

CVE-2024-38213MEDIUMCVSS 6.5KEVfixed in 10.0.14393.7070≥ 10.0.14393.0, < 10.0.14393.70702024-08-13

CVE-2024-38213 [MEDIUM] CWE-693 CVE-2024-38213: Windows Mark of the Web Security Feature Bypass Vulnerability Windows Mark of the Web Security Feature Bypass Vulnerability

nvd

CVE-2024-38214MEDIUMCVSS 6.5fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38214 [MEDIUM] CWE-125 CVE-2024-38214: Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability

nvd

CVE-2024-38122MEDIUMCVSS 5.5fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38122 [MEDIUM] CWE-908 CVE-2024-38122: Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability Microsoft Local Security Authority (LSA) Server Information Disclosure Vulnerability

nvd

CVE-2024-38223MEDIUMCVSS 6.8fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38223 [MEDIUM] CWE-284 CVE-2024-38223: Windows Initial Machine Configuration Elevation of Privilege Vulnerability Windows Initial Machine Configuration Elevation of Privilege Vulnerability

nvd

CVE-2024-38143MEDIUMCVSS 4.2fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38143 [MEDIUM] CWE-306 CVE-2024-38143: Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability

nvd

CVE-2024-38151MEDIUMCVSS 5.5fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.72592024-08-13

CVE-2024-38151 [MEDIUM] CWE-125 CVE-2024-38151: Windows Kernel Information Disclosure Vulnerability Windows Kernel Information Disclosure Vulnerability

nvd

CVE-2024-6768MEDIUMCVSS 6.8v10.0.02024-08-12

CVE-2024-6768 [MEDIUM] CWE-1284 CVE-2024-6768: A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Se A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.

nvd

CVE-2024-38202HIGHCVSS 7.3≥ 10.0.14393.0, < 10.0.14393.74282024-08-08

CVE-2024-38202 [HIGH] CWE-284 CVE-2024-38202: Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update Summary Microsoft was notified that an elevation of privilege vulnerability exists in Windows Update, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires

nvd

CVE-2024-21302MEDIUMCVSS 6.7fixed in 10.0.14393.7259≥ 10.0.14393.0, < 10.0.14393.82462024-08-08

CVE-2024-21302 [MEDIUM] CWE-284 CVE-2024-21302: Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See K Summary: As of July 8, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this vulnerability. An elevation of privilege vulnerability exis

nvd

CVE-2024-38074CRITICALCVSS 9.8fixed in 10.0.14393.7159≥ 10.0.14393.0, < 10.0.14393.71592024-07-09

CVE-2024-38074 [CRITICAL] CWE-191 CVE-2024-38074: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

nvd

← Previous50 / 209Next →