Msrc Windows Server 2008 R2 vulnerabilities
2,474 known vulnerabilities affecting msrc/windows_server_2008_r2.
Total CVEs
2,474
CISA KEV
111
actively exploited
Public exploits
175
Exploited in wild
107
Severity breakdown
CRITICAL55HIGH1697MEDIUM701LOW21
Vulnerabilities
Page 19 of 124
CVE-2025-21341MEDIUMCVSS 6.62025-01-14
CVE-2025-21341 [MEDIUM] CWE-125 Windows Digital Media Elevation of Privilege Vulnerability
Windows Digital Media Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability?
An attacker needs physical access to the target computer to plug in a malicious USB drive.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited th
msrc
CVE-2024-49112CRITICALCVSS 9.82024-12-10
CVE-2024-49112 [CRITICAL] CWE-190 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
FAQ: What actions do customers need to perform to be protected against this vulnerability?
This vulnerability affects both LDAP clients and servers running an affected version of Windows listed in the Security Updates table. Customers must apply the latest security update for their Wind
msrc
CVE-2024-49118HIGHCVSS 8.12024-12-10
CVE-2024-49118 [HIGH] CWE-416 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition during the execution of a specific operation that recurs in a low frequency on the target system. This might require an att
msrc
CVE-2024-49090HIGHCVSS 7.82024-12-10
CVE-2024-49090 [HIGH] CWE-822 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Common Log File System Driver: Windows Common Log File System Driver
Microsoft: Microsoft
Customer Action Required: Yes
msrc
CVE-2024-49096HIGHCVSS 7.52024-12-10
CVE-2024-49096 [HIGH] CWE-400 Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Windows Message Queuing: Windows Message Queuing
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5048661
Reference: https://
msrc
CVE-2024-49080HIGHCVSS 8.82024-12-10
CVE-2024-49080 [HIGH] CWE-122 Windows IP Routing Management Snapin Remote Code Execution Vulnerability
Windows IP Routing Management Snapin Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this vulne
msrc
CVE-2024-49122HIGHCVSS 8.12024-12-10
CVE-2024-49122 [HIGH] CWE-416 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: How could an attacker exploit the vulnerability?
To exploit this vulnerability, an attacker would need to send a spe
msrc
CVE-2024-49126HIGHCVSS 8.12024-12-10
CVE-2024-49126 [HIGH] CWE-416 Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: According to the CVSS metric, the attack vector is network (AV:N
msrc
CVE-2024-49102HIGHCVSS 8.82024-12-10
CVE-2024-49102 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.
FAQ: Accordi
msrc
CVE-2024-49088HIGHCVSS 7.82024-12-10
CVE-2024-49088 [HIGH] CWE-126 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Common Log File System Driver: Windows Common Log File System Driver
Microsoft: Microsoft
Customer Action Required: Yes
msrc
CVE-2024-49124HIGHCVSS 8.12024-12-10
CVE-2024-49124 [HIGH] CWE-362 Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: How could an attacker exploit this vulnerability?
An unauthenticated attacker
msrc
CVE-2024-49121HIGHCVSS 7.52024-12-10
CVE-2024-49121 [HIGH] CWE-476 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweight Directory Access Protocol
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Re
msrc
CVE-2024-49105HIGHCVSS 8.42024-12-10
CVE-2024-49105 [HIGH] CWE-284 Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An authenticated attacker could exploit the vulnerability by triggering remote code execution (RCE) on the server via a Remote Desktop connection. Alternatively, an authenticated attacker could trigger guest-to-host RCE via a malicious program by connecting to the host using MMC.
FAQ: According t
msrc
CVE-2024-49072HIGHCVSS 7.82024-12-10
CVE-2024-49072 [HIGH] CWE-122 Windows Task Scheduler Elevation of Privilege Vulnerability
Windows Task Scheduler Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Task Scheduler: Windows Task Scheduler
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Dis
msrc
CVE-2024-49113HIGHCVSS 7.52024-12-10
CVE-2024-49113 [HIGH] CWE-125 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Windows LDAP - Lightweight Directory Access Protocol: Windows LDAP - Lightweight Directory Access Protocol
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Denial of Service
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Re
msrc
CVE-2024-49127HIGHCVSS 8.12024-12-10
CVE-2024-49127 [HIGH] CWE-416 Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: How could an attacker exploit this vulnerability?
An unauthenticated attacke
msrc
CVE-2024-49104HIGHCVSS 8.82024-12-10
CVE-2024-49104 [HIGH] CWE-122 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system.
FAQ: Accordi
msrc
CVE-2024-49138HIGHCVSS 7.8KEVPoC2024-12-10
CVE-2024-49138 [HIGH] CWE-122 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Windows Common Log File System Driver Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Common Log File System Driver: Windows Common Log File System Driver
Microsoft: Microsoft
Customer Action Required: Yes
msrc
CVE-2024-49089HIGHCVSS 7.22024-12-10
CVE-2024-49089 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes ty
msrc
CVE-2024-49084HIGHCVSS 7.02024-12-10
CVE-2024-49084 [HIGH] CWE-362 Windows Kernel Elevation of Privilege Vulnerability
Windows Kernel Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerabilit
msrc