Windows Server 2003
by Microsoft
Source repositories
CVEs (4,745)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-0885 | Med | 0.28 | 4.3 | 0.04 | Mar 12, 2020 | An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. | ||
| CVE-2018-8320 | Med | 0.28 | 4.3 | 0.05 | Oct 10, 2018 | A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008… | ||
| CVE-2025-21214 | Med | 0.27 | 4.2 | 0.01 | Jan 14, 2025 | Windows BitLocker Information Disclosure Vulnerability | ||
| CVE-2025-21210 | Med | 0.27 | 4.2 | 0.01 | Jan 14, 2025 | Windows BitLocker Information Disclosure Vulnerability | ||
| CVE-2024-38143 | Med | 0.27 | 4.2 | 0.02 | Aug 13, 2024 | Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability | ||
| CVE-2024-28922 | Med | 0.27 | 4.1 | 0.01 | Apr 9, 2024 | Secure Boot Security Feature Bypass Vulnerability | ||
| CVE-2024-21304 | Med | 0.27 | 4.1 | 0.00 | Feb 13, 2024 | Trusted Compute Base Elevation of Privilege Vulnerability | ||
| CVE-2022-29127 | Med | 0.27 | 4.2 | 0.01 | May 10, 2022 | BitLocker Security Feature Bypass Vulnerability | ||
| CVE-2022-24466 | Med | 0.27 | 4.1 | 0.01 | May 10, 2022 | Windows Hyper-V Security Feature Bypass Vulnerability | ||
| CVE-2021-42279 | Med | 0.27 | 4.2 | 0.02 | Nov 10, 2021 | Chakra Scripting Engine Memory Corruption Vulnerability | ||
| CVE-2018-8435 | Med | 0.27 | 4.2 | 0.01 | Sep 13, 2018 | A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2025-29839 | Med | 0.26 | 4.0 | 0.00 | May 13, 2025 | Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally. | ||
| CVE-2026-45642 | Low | 0.25 | 3.9 | 0.00 | Jun 9, 2026 | Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack. | ||
| CVE-2018-8449 | Low | 0.25 | 3.3 | 0.03 | Sep 13, 2018 | A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2018-0966 | Low | 0.25 | 3.3 | 0.02 | Apr 12, 2018 | A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | ||
| CVE-2022-21977 | Low | 0.22 | 3.3 | 0.02 | Mar 9, 2022 | Media Foundation Information Disclosure Vulnerability | ||
| CVE-2020-17097 | Low | 0.22 | 3.3 | 0.01 | Dec 10, 2020 | Windows Digital Media Receiver Elevation of Privilege Vulnerability | ||
| CVE-2019-1488 | Low | 0.22 | 3.3 | 0.01 | Dec 10, 2019 | A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'. | ||
| CVE-2019-1418 | Low | 0.22 | 3.3 | 0.02 | Nov 12, 2019 | An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'. | ||
| CVE-2025-59287 | 0.21 | — | 1.00 | KEV | Oct 14, 2025 | Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network. |
- risk 0.28cvss 4.3epss 0.04
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'.
- risk 0.28cvss 4.3epss 0.05
A security feature bypass vulnerability exists in DNS Global Blocklist feature, aka "Windows DNS Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows Server 2008, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows Server 2008…
- risk 0.27cvss 4.2epss 0.01
Windows BitLocker Information Disclosure Vulnerability
- risk 0.27cvss 4.2epss 0.01
Windows BitLocker Information Disclosure Vulnerability
- risk 0.27cvss 4.2epss 0.02
Windows WLAN AutoConfig Service Elevation of Privilege Vulnerability
- risk 0.27cvss 4.1epss 0.01
Secure Boot Security Feature Bypass Vulnerability
- risk 0.27cvss 4.1epss 0.00
Trusted Compute Base Elevation of Privilege Vulnerability
- risk 0.27cvss 4.2epss 0.01
BitLocker Security Feature Bypass Vulnerability
- risk 0.27cvss 4.1epss 0.01
Windows Hyper-V Security Feature Bypass Vulnerability
- risk 0.27cvss 4.2epss 0.02
Chakra Scripting Engine Memory Corruption Vulnerability
- risk 0.27cvss 4.2epss 0.01
A security feature bypass vulnerability exists when Windows Hyper-V BIOS loader fails to provide a high-entropy source, aka "Windows Hyper-V Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.26cvss 4.0epss 0.00
Out-of-bounds read in Windows File Server allows an unauthorized attacker to disclose information locally.
- risk 0.25cvss 3.9epss 0.00
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack.
- risk 0.25cvss 3.3epss 0.03
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.25cvss 3.3epss 0.02
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
- risk 0.22cvss 3.3epss 0.02
Media Foundation Information Disclosure Vulnerability
- risk 0.22cvss 3.3epss 0.01
Windows Digital Media Receiver Elevation of Privilege Vulnerability
- risk 0.22cvss 3.3epss 0.01
A security feature bypass vulnerability exists when Microsoft Defender improperly handles specific buffers, aka 'Microsoft Defender Security Feature Bypass Vulnerability'.
- risk 0.22cvss 3.3epss 0.02
An information vulnerability exists when Windows Modules Installer Service improperly discloses file information, aka 'Windows Modules Installer Service Information Disclosure Vulnerability'.
- risk 0.21cvss —epss 1.00
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Page 180 of 238