Microsoft Windows Server 2022 vulnerabilities
2,817 known vulnerabilities affecting microsoft/windows_server_2022.
Total CVEs
2,817
CISA KEV
102
actively exploited
Public exploits
38
Exploited in wild
85
Severity breakdown
CRITICAL74HIGH2015MEDIUM717LOW11
Vulnerabilities
Page 49 of 141
CVE-2025-21265MEDIUMCVSS 6.6fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21265 [MEDIUM] CWE-125 CVE-2025-21265: Windows Digital Media Elevation of Privilege Vulnerability
Windows Digital Media Elevation of Privilege Vulnerability
nvd
CVE-2025-21210MEDIUMCVSS 4.2fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21210 [MEDIUM] CWE-636 CVE-2025-21210: Windows BitLocker Information Disclosure Vulnerability
Windows BitLocker Information Disclosure Vulnerability
nvd
CVE-2025-21261MEDIUMCVSS 6.6fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21261 [MEDIUM] CWE-125 CVE-2025-21261: Windows Digital Media Elevation of Privilege Vulnerability
Windows Digital Media Elevation of Privilege Vulnerability
nvd
CVE-2025-21219MEDIUMCVSS 4.3fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21219 [MEDIUM] CWE-41 CVE-2025-21219: MapUrlToZone Security Feature Bypass Vulnerability
MapUrlToZone Security Feature Bypass Vulnerability
nvd
CVE-2025-21268MEDIUMCVSS 4.3fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21268 [MEDIUM] CWE-41 CVE-2025-21268: MapUrlToZone Security Feature Bypass Vulnerability
MapUrlToZone Security Feature Bypass Vulnerability
nvd
CVE-2025-21217MEDIUMCVSS 6.5≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21217 [MEDIUM] CWE-693 Windows NTLM Spoofing Vulnerability
Windows NTLM Spoofing Vulnerability
Windows NTLM Spoofing Vulnerability
cvelistv5
CVE-2025-21310MEDIUMCVSS 6.6fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21310 [MEDIUM] CWE-125 CVE-2025-21310: Windows Digital Media Elevation of Privilege Vulnerability
Windows Digital Media Elevation of Privilege Vulnerability
nvd
CVE-2025-21226MEDIUMCVSS 6.6fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21226 [MEDIUM] CWE-125 CVE-2025-21226: Windows Digital Media Elevation of Privilege Vulnerability
Windows Digital Media Elevation of Privilege Vulnerability
nvd
CVE-2025-21288MEDIUMCVSS 6.5fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21288 [MEDIUM] CWE-908 CVE-2025-21288: Windows COM Server Information Disclosure Vulnerability
Windows COM Server Information Disclosure Vulnerability
nvd
CVE-2025-21312LOWCVSS 2.4fixed in 10.0.20348.3091≥ 10.0.20348.0, < 10.0.20348.30912025-01-14
CVE-2025-21312 [LOW] CWE-908 CVE-2025-21312: Windows Smart Card Reader Information Disclosure Vulnerability
Windows Smart Card Reader Information Disclosure Vulnerability
nvd
CVE-2022-40732HIGHCVSS 7.5v10.0.20348.6432024-12-18
CVE-2022-40732 [HIGH] CWE-476 CVE-2022-40732: An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys drive
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code t
nvd
CVE-2022-40733MEDIUMCVSS 6.5v10.0.20348.6432024-12-18
CVE-2022-40733 [MEDIUM] CWE-476 CVE-2022-40733: An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys drive
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code
nvd
CVE-2024-49112CRITICALCVSS 9.8fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.29662024-12-12
CVE-2024-49112 [CRITICAL] CWE-190 CVE-2024-49112: Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
nvd
CVE-2024-49115HIGHCVSS 8.1fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.29662024-12-12
CVE-2024-49115 [HIGH] CWE-416 CVE-2024-49115: Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
nvd
CVE-2024-49122HIGHCVSS 8.1fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.29662024-12-12
CVE-2024-49122 [HIGH] CWE-416 CVE-2024-49122: Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
nvd
CVE-2024-49105HIGHCVSS 8.4fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.29662024-12-12
CVE-2024-49105 [HIGH] CWE-284 CVE-2024-49105: Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
nvd
CVE-2024-49128HIGHCVSS 8.1fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.36922024-12-12
CVE-2024-49128 [HIGH] CWE-416 CVE-2024-49128: Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unau
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
nvd
CVE-2024-49108HIGHCVSS 8.1fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.29662024-12-12
CVE-2024-49108 [HIGH] CWE-416 CVE-2024-49108: Windows Remote Desktop Services Remote Code Execution Vulnerability
Windows Remote Desktop Services Remote Code Execution Vulnerability
nvd
CVE-2024-49080HIGHCVSS 8.8fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.29662024-12-12
CVE-2024-49080 [HIGH] CWE-122 CVE-2024-49080: Windows IP Routing Management Snapin Remote Code Execution Vulnerability
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
nvd
CVE-2024-49088HIGHCVSS 7.8fixed in 10.0.20348.2966≥ 10.0.20348.0, < 10.0.20348.29662024-12-12
CVE-2024-49088 [HIGH] CWE-126 CVE-2024-49088: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
nvd