Windows Server 2016
by Microsoft
CVEs (3,555)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-11842 | Med | 0.31 | 4.7 | 0.02 | Nov 15, 2017 | Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing… | ||
| CVE-2017-11817 | Med | 0.31 | 4.7 | 0.02 | Oct 13, 2017 | The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability… | ||
| CVE-2017-8719 | Med | 0.31 | 4.7 | 0.03 | Sep 13, 2017 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it… | ||
| CVE-2017-8709 | Med | 0.31 | 4.7 | 0.03 | Sep 13, 2017 | The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it… | ||
| CVE-2017-8486 | Med | 0.31 | 4.7 | 0.02 | Jul 11, 2017 | Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k… | ||
| CVE-2017-8554 | Med | 0.31 | 4.7 | 0.02 | Jun 29, 2017 | The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially… | ||
| CVE-2017-8553 | Med | 0.31 | 4.7 | 0.03 | Jun 15, 2017 | An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure… | ||
| CVE-2017-0073 | Med | 0.31 | 4.3 | 0.33 | Mar 17, 2017 | The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from… | ||
| CVE-2016-7218 | Med | 0.31 | 4.7 | 0.03 | Nov 10, 2016 | Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive… | ||
| CVE-2026-26175 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2026-20928 | Med | 0.30 | 4.6 | 0.00 | Apr 14, 2026 | Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. | ||
| CVE-2022-21905 | Med | 0.30 | 4.6 | 0.01 | Jan 11, 2022 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2022-21900 | Med | 0.30 | 4.6 | 0.01 | Jan 11, 2022 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2018-8566 | Med | 0.30 | 4.6 | 0.01 | Nov 14, 2018 | A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | ||
| CVE-2018-8253 | Med | 0.30 | 4.6 | 0.02 | Aug 15, 2018 | An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10. | ||
| CVE-2026-32209 | Med | 0.29 | 4.4 | 0.00 | May 12, 2026 | Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. | ||
| CVE-2023-36722 | Med | 0.29 | 4.4 | 0.01 | Oct 10, 2023 | Active Directory Domain Services Information Disclosure Vulnerability | ||
| CVE-2023-28276 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2023 | Windows Group Policy Security Feature Bypass Vulnerability | ||
| CVE-2022-22010 | Med | 0.29 | 4.4 | 0.02 | Mar 9, 2022 | Media Foundation Information Disclosure Vulnerability | ||
| CVE-2022-21894 | Med | 0.29 | 4.4 | 0.07 | Jan 11, 2022 | Secure Boot Security Feature Bypass Vulnerability |
- risk 0.31cvss 4.7epss 0.02
Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing…
- risk 0.31cvss 4.7epss 0.02
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability…
- risk 0.31cvss 4.7epss 0.03
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it…
- risk 0.31cvss 4.7epss 0.03
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it…
- risk 0.31cvss 4.7epss 0.02
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k…
- risk 0.31cvss 4.7epss 0.02
The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially…
- risk 0.31cvss 4.7epss 0.03
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure…
- risk 0.31cvss 4.3epss 0.33
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from…
- risk 0.31cvss 4.7epss 0.03
Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to obtain sensitive…
- risk 0.30cvss 4.6epss 0.00
Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.30cvss 4.6epss 0.00
Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack.
- risk 0.30cvss 4.6epss 0.01
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.30cvss 4.6epss 0.01
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.30cvss 4.6epss 0.01
A security feature bypass vulnerability exists when Windows improperly suspends BitLocker Device Encryption, aka "BitLocker Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
- risk 0.30cvss 4.6epss 0.02
An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10.
- risk 0.29cvss 4.4epss 0.00
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally.
- risk 0.29cvss 4.4epss 0.01
Active Directory Domain Services Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.00
Windows Group Policy Security Feature Bypass Vulnerability
- risk 0.29cvss 4.4epss 0.02
Media Foundation Information Disclosure Vulnerability
- risk 0.29cvss 4.4epss 0.07
Secure Boot Security Feature Bypass Vulnerability
Page 118 of 178