| Windows Server | Number Of NVD | 5229 | CRITICAL | 126 | HIGH | 3568 | MEDIUM | 1464 | LOW | 71 |
| URL | https://www.microsoft.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | Server products offered by Microsoft. For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support). You may need to deploy the latest updates to be eligible for support. For some products, the support organization may be less than 10 years. For consumer and multimedia products, five years of mainstream support at the supported Service Pack level. The above text is excerpted from Microsoft's Fixed Lifecycle Policy. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://support.microsoft.com//lifecycle/search | ||
| 2 | https://www.microsoft.com/ja-jp/cloud-platform/windows-server | ||
| 3 | https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy | ||
| 4 | https://docs.microsoft.com/ja-jp/windows-server/get-started/windows-server-release-info |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 131 | Windows Server 2022 | 21H2 | Nov. 2, 2021 | Nov. 2, 2021 | Oct. 13, 2026 | Oct. 14, 2031 | 60 | 1398 | 449 | 6 | |
| 132 | Windows Server 2019 | 1809 | Oct. 2, 2018 | Nov. 13, 2018 | Jan. 9, 2024 | Jan. 9, 2029 | 98 | 2567 | 911 | 12 | |
| 133 | Windows Server 2016 | 20H2 | Oct. 20, 2020 | Oct. 15, 2016 | Jan. 11, 2022 | Jan. 12, 2027 | 107 | 2641 | 1033 | 16 | |
| 134 | Windows Server 2012 | Oct. 30, 2012 | Oct. 30, 2012 | Oct. 9, 2018 | Oct. 10, 2023 | 98 | 2256 | 929 | 51 | ||
| 135 | Windows Server 2008 R2( Service Pack 1適用) | Feb. 22, 2011 | Jan. 14, 2020 | 0 | 0 | 0 | 0 | ||||
| 136 | Windows Server 2008(Service Pack 2適用) | April 29, 2009 | Jan. 14, 2020 | 0 | 0 | 0 | 0 | ||||
| 137 | Microsoft Windows Server 2003(Service Pack 2適用) | May 28, 2003 | July 13, 2010 | July 14, 2015 | 0 | 128 | 53 | 15 | |||
| 138 | Microsoft Windows Storage Server 2003 | May 5, 2003 | Oct. 11, 2011 | Oct. 9, 2016 | 0 | 128 | 53 | 15 | |||
| 139 | Microsoft Windows 2000(Service Pack 4適用) | March 31, 2000 | June 30, 2005 | July 13, 2010 | 2 | 40 | 19 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 131 |
7.8 - |
HIGH
Local |
Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. |
CWE-415
Double Free |
CVE-2026-33838 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8755 10.0.14393.9140 |
2026-05-14 23:45 2026-05-13 |
Show | GitHub Exploit DB Packet Storm |
| 132 |
7.8 - |
HIGH
Local |
Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. |
CWE-122
Heap-based Buffer Overflow |
CVE-2026-33837 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8755 10.0.14393.9140 |
2026-05-14 23:46 2026-05-13 |
Show | GitHub Exploit DB Packet Storm |
| 133 |
7.8 - |
HIGH
Local |
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. |
CWE-416
Use After Free |
CVE-2026-33835 | cpe:2.3:o:microsoft:windows_server_2019:*:* | 10.0.17763.8755 |
2026-05-14 23:47 2026-05-13 |
Show | GitHub Exploit DB Packet Storm | |||
| 134 |
7.8 - |
HIGH
Local |
Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. |
CWE-284
Improper Access Control |
CVE-2026-33834 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8755 10.0.14393.9140 |
2026-05-14 23:49 2026-05-13 |
Show | GitHub Exploit DB Packet Storm |
| 135 |
4.4 - |
MEDIUM
Local |
Improper access control in Windows Filtering Platform (WFP) allows an authorized attacker to bypass a security feature locally. |
CWE-284
Improper Access Control |
CVE-2026-32209 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8755 10.0.14393.9140 |
2026-05-14 23:51 2026-05-13 |
Show | GitHub Exploit DB Packet Storm |
| 136 |
6.7 - |
MEDIUM
Local |
Double free in Windows Rich Text Edit Control allows an authorized attacker to elevate privileges locally. |
CWE-415
Double Free |
CVE-2026-32170 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8755 10.0.14393.9140 |
2026-05-14 23:52 2026-05-13 |
Show | GitHub Exploit DB Packet Storm |
| 137 |
7.5 - |
HIGH
Adjacent |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Native WiFi Miniport Driver allows an unauthorized attacker to execute code over an adjacent net… |
CWE-362 CWE-416 Race Condition Use After Free |
CVE-2026-32161 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8755 10.0.14393.9140 |
2026-05-14 23:54 2026-05-13 |
Show | GitHub Exploit DB Packet Storm |
| 138 |
6.7 - |
MEDIUM
Local |
Double free in Windows Rich Text Edit allows an authorized attacker to elevate privileges locally. |
CWE-415
Double Free |
CVE-2026-21530 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8755 10.0.14393.9140 |
2026-05-14 23:56 2026-05-13 |
Show | GitHub Exploit DB Packet Storm |
| 139 |
4.3 - |
MEDIUM
Network |
Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. |
CWE-200
Information Exposure |
CVE-2026-33829 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-21 23:16 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 140 |
7.0 - |
HIGH
Local |
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. |
CWE-362 CWE-416 Race Condition Use After Free |
CVE-2026-33104 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-18 03:20 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |