Microsoft Windows Server 2022 vulnerabilities
2,874 known vulnerabilities affecting microsoft/windows_server_2022.
Total CVEs
2,874
CISA KEV
103
actively exploited
Public exploits
43
Exploited in wild
85
Severity breakdown
CRITICAL76HIGH2062MEDIUM725LOW11
Vulnerabilities
Page 13 of 144
CVE-2026-20864HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20864 [HIGH] CWE-122 CVE-2026-20864: Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attac
Heap-based buffer overflow in Connected Devices Platform Service (Cdpsvc) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20840HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20840 [HIGH] CWE-122 CVE-2026-20840: Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
Heap-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.
nvd
CVE-2026-20865HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20865 [HIGH] CWE-416 CVE-2026-20865: Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20875HIGHCVSS 7.5fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20875 [HIGH] CWE-476 CVE-2026-20875: Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an una
Null pointer dereference in Windows Local Security Authority Subsystem Service (LSASS) allows an unauthorized attacker to deny service over a network.
nvd
CVE-2026-20844HIGHCVSS 7.4fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20844 [HIGH] CWE-362 CVE-2026-20844: Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges loc
Use after free in Windows Clipboard Server allows an unauthorized attacker to elevate privileges locally.
nvd
CVE-2026-20842HIGHCVSS 7.0fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20842 [HIGH] CWE-416 CVE-2026-20842: Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
Use after free in Windows DWM allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20837HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20837 [HIGH] CWE-122 CVE-2026-20837: Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally.
nvd
CVE-2026-20811HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20811 [HIGH] CWE-822 CVE-2026-20811: Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an au
Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20852HIGHCVSS 7.7fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20852 [HIGH] CWE-266 CVE-2026-20852: Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
nvd
CVE-2026-20804HIGHCVSS 7.7fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20804 [HIGH] CWE-266 CVE-2026-20804: Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
nvd
CVE-2026-20869HIGHCVSS 7.0fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20869 [HIGH] CWE-362 CVE-2026-20869: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Local Session Manager (LSM) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20849HIGHCVSS 7.5fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20849 [HIGH] CWE-807 CVE-2026-20849: Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacke
Reliance on untrusted inputs in a security decision in Windows Kerberos allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-20861HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20861 [HIGH] CWE-362 CVE-2026-20861: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20848HIGHCVSS 7.5fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20848 [HIGH] CWE-362 CVE-2026-20848: Concurrent execution using shared resource with improper synchronization ('race condition') in Windo
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network.
nvd
CVE-2026-20877HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20877 [HIGH] CWE-362 CVE-2026-20877: Use after free in Windows Management Services allows an authorized attacker to elevate privileges lo
Use after free in Windows Management Services allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20817HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20817 [HIGH] CWE-280 CVE-2026-20817: Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an aut
Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20863HIGHCVSS 7.0fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20863 [HIGH] CWE-415 CVE-2026-20863: Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
Double free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20832HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20832 [HIGH] CWE-415 CVE-2026-20832: Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerabili
Windows Remote Procedure Call Interface Definition Language (IDL) Elevation of Privilege Vulnerability
nvd
CVE-2026-20843HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20843 [HIGH] CWE-284 CVE-2026-20843: Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized att
Improper access control in Windows Routing and Remote Access Service (RRAS) allows an authorized attacker to elevate privileges locally.
nvd
CVE-2026-20860HIGHCVSS 7.8fixed in 10.0.20348.4648≥ 10.0.20348.0, < 10.0.20348.46482026-01-13
CVE-2026-20860 [HIGH] CWE-843 CVE-2026-20860: Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver f
Access of resource using incompatible type ('type confusion') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
nvd