| Windows Server | Number Of NVD | 5229 | CRITICAL | 126 | HIGH | 3568 | MEDIUM | 1464 | LOW | 71 |
| URL | https://www.microsoft.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | Server products offered by Microsoft. For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support). You may need to deploy the latest updates to be eligible for support. For some products, the support organization may be less than 10 years. For consumer and multimedia products, five years of mainstream support at the supported Service Pack level. The above text is excerpted from Microsoft's Fixed Lifecycle Policy. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://support.microsoft.com//lifecycle/search | ||
| 2 | https://www.microsoft.com/ja-jp/cloud-platform/windows-server | ||
| 3 | https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy | ||
| 4 | https://docs.microsoft.com/ja-jp/windows-server/get-started/windows-server-release-info |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 351 | Windows Server 2022 | 21H2 | Nov. 2, 2021 | Nov. 2, 2021 | Oct. 13, 2026 | Oct. 14, 2031 | 60 | 1398 | 449 | 6 | |
| 352 | Windows Server 2019 | 1809 | Oct. 2, 2018 | Nov. 13, 2018 | Jan. 9, 2024 | Jan. 9, 2029 | 98 | 2567 | 911 | 12 | |
| 353 | Windows Server 2016 | 20H2 | Oct. 20, 2020 | Oct. 15, 2016 | Jan. 11, 2022 | Jan. 12, 2027 | 107 | 2641 | 1033 | 16 | |
| 354 | Windows Server 2012 | Oct. 30, 2012 | Oct. 30, 2012 | Oct. 9, 2018 | Oct. 10, 2023 | 98 | 2256 | 929 | 51 | ||
| 355 | Windows Server 2008 R2( Service Pack 1適用) | Feb. 22, 2011 | Jan. 14, 2020 | 0 | 0 | 0 | 0 | ||||
| 356 | Windows Server 2008(Service Pack 2適用) | April 29, 2009 | Jan. 14, 2020 | 0 | 0 | 0 | 0 | ||||
| 357 | Microsoft Windows Server 2003(Service Pack 2適用) | May 28, 2003 | July 13, 2010 | July 14, 2015 | 0 | 128 | 53 | 15 | |||
| 358 | Microsoft Windows Storage Server 2003 | May 5, 2003 | Oct. 11, 2011 | Oct. 9, 2016 | 0 | 128 | 53 | 15 | |||
| 359 | Microsoft Windows 2000(Service Pack 4適用) | March 31, 2000 | June 30, 2005 | July 13, 2010 | 2 | 40 | 19 | 0 | |||
| 360 | Windows Server 2025 | 0 | 0 | 0 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 351 |
7.8 - |
HIGH
Local |
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. |
CWE-59
Link Following |
CVE-2025-48820 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:38 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 352 |
7.1 - |
HIGH
Adjacent |
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. |
CWE-591
Sensitive Data Storage in Improperly Locked Memory |
CVE-2025-48819 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:39 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 353 |
6.8 - |
MEDIUM
Physics |
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. |
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition |
CVE-2025-48818 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:39 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 354 |
8.8 - |
HIGH
Network |
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. |
CWE-284 CWE-23 Improper Access Control Relative Path Traversal |
CVE-2025-48817 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:41 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 355 |
7.8 - |
HIGH
Local |
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally. |
CWE-125 CWE-190 Out-of-bounds Read Integer Overflow or Wraparound |
CVE-2025-48816 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:42 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 356 |
7.8 - |
HIGH
Local |
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. |
CWE-843
Type Confusion |
CVE-2025-48815 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:42 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 357 |
7.5 - |
HIGH
Network |
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network. |
CWE-306
Missing Authentication for Critical Function |
CVE-2025-48814 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:43 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 358 |
6.7 - |
MEDIUM
Local |
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. |
CWE-353
Missing Support for Integrity Check |
CVE-2025-48811 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:34 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 359 |
5.5 - |
MEDIUM
Local |
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. |
CWE-200
Information Exposure |
CVE-2025-48808 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:35 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |
| 360 |
7.8 - |
HIGH
Local |
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. |
CWE-416
Use After Free |
CVE-2025-48806 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.7558 10.0.14393.8246 |
2025-07-15 23:29 2025-07-9 |
Show | GitHub Exploit DB Packet Storm |