Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Windows Server Number Of NVD 5229 CRITICAL 126 HIGH 3568 MEDIUM 1464 LOW 71
URL https://www.microsoft.com/
Explanation Server products offered by Microsoft.

For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support).
You may need to deploy the latest updates to be eligible for support.
For some products, the support organization may be less than 10 years.

For consumer and multimedia products, five years of mainstream support at the supported Service Pack level.

The above text is excerpted from Microsoft's Fixed Lifecycle Policy.
Tag
  • Microsoft
  • 商用ライセンス有り

Add Information URL
No Type Name URL
1 https://support.microsoft.com//lifecycle/search
2 https://www.microsoft.com/ja-jp/cloud-platform/windows-server
3 https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy
4 https://docs.microsoft.com/ja-jp/windows-server/get-started/windows-server-release-info

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
351 Windows Server 2022 21H2 Nov. 2, 2021 Nov. 2, 2021 Oct. 13, 2026 Oct. 14, 2031 60 1398 449 6
352 Windows Server 2019 1809 Oct. 2, 2018 Nov. 13, 2018 Jan. 9, 2024 Jan. 9, 2029 98 2567 911 12
353 Windows Server 2016 20H2 Oct. 20, 2020 Oct. 15, 2016 Jan. 11, 2022 Jan. 12, 2027 107 2641 1033 16
354 Windows Server 2012 Oct. 30, 2012 Oct. 30, 2012 Oct. 9, 2018 Oct. 10, 2023 98 2256 929 51
355 Windows Server 2008 R2( Service Pack 1適用) Feb. 22, 2011 Jan. 14, 2020 0 0 0 0
356 Windows Server 2008(Service Pack 2適用) April 29, 2009 Jan. 14, 2020 0 0 0 0
357 Microsoft Windows Server 2003(Service Pack 2適用) May 28, 2003 July 13, 2010 July 14, 2015 0 128 53 15
358 Microsoft Windows Storage Server 2003 May 5, 2003 Oct. 11, 2011 Oct. 9, 2016 0 128 53 15
359 Microsoft Windows 2000(Service Pack 4適用) March 31, 2000 June 30, 2005 July 13, 2010 2 40 19 0
360 Windows Server 2025 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
351 7.8
-
HIGH
Local
Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. CWE-59
Link Following
CVE-2025-48820 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:38
2025-07-9
Show GitHub Exploit DB Packet Storm
352 7.1
-
HIGH
Adjacent
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges over an adjacent network. CWE-591
 Sensitive Data Storage in Improperly Locked Memory
CVE-2025-48819 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:39
2025-07-9
Show GitHub Exploit DB Packet Storm
353 6.8
-
MEDIUM
Physics
Time-of-check time-of-use (toctou) race condition in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2025-48818 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:39
2025-07-9
Show GitHub Exploit DB Packet Storm
354 8.8
-
HIGH
Network
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. CWE-284
CWE-23
Improper Access Control
 Relative Path Traversal
CVE-2025-48817 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:41
2025-07-9
Show GitHub Exploit DB Packet Storm
355 7.8
-
HIGH
Local
Integer overflow or wraparound in HID class driver allows an authorized attacker to elevate privileges locally. CWE-125
CWE-190
Out-of-bounds Read
 Integer Overflow or Wraparound
CVE-2025-48816 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:42
2025-07-9
Show GitHub Exploit DB Packet Storm
356 7.8
-
HIGH
Local
Access of resource using incompatible type ('type confusion') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. CWE-843
Type Confusion
CVE-2025-48815 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:42
2025-07-9
Show GitHub Exploit DB Packet Storm
357 7.5
-
HIGH
Network
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network. CWE-306
Missing Authentication for Critical Function
CVE-2025-48814 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:43
2025-07-9
Show GitHub Exploit DB Packet Storm
358 6.7
-
MEDIUM
Local
Missing support for integrity check in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally. CWE-353
 Missing Support for Integrity Check
CVE-2025-48811 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:34
2025-07-9
Show GitHub Exploit DB Packet Storm
359 5.5
-
MEDIUM
Local
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally. CWE-200
Information Exposure
CVE-2025-48808 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:35
2025-07-9
Show GitHub Exploit DB Packet Storm
360 7.8
-
HIGH
Local
Use after free in Microsoft MPEG-2 Video Extension allows an authorized attacker to execute code locally. CWE-416
 Use After Free
CVE-2025-48806 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7558
10.0.14393.8246
2025-07-15 23:29
2025-07-9
Show GitHub Exploit DB Packet Storm