Software Detail
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
Number of items displayed
Windows Server Number Of NVD 5229 CRITICAL 126 HIGH 3568 MEDIUM 1464 LOW 71
URL https://www.microsoft.com/
Explanation Server products offered by Microsoft.

For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support).
You may need to deploy the latest updates to be eligible for support.
For some products, the support organization may be less than 10 years.

For consumer and multimedia products, five years of mainstream support at the supported Service Pack level.

The above text is excerpted from Microsoft's Fixed Lifecycle Policy.
Tag
  • 商用ライセンス有り
  • Microsoft

Add Information URL
No Type Name URL
1 https://support.microsoft.com//lifecycle/search
2 https://www.microsoft.com/ja-jp/cloud-platform/windows-server
3 https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy
4 https://docs.microsoft.com/ja-jp/windows-server/get-started/windows-server-release-info

List Of Product  [ Click to show release history and vulnerability information ]
No Name Latest Version Release date Initial release Normal Support Security Support
Service Pack Support
Extended
for a fee
Critical High Medium Low
391 Windows Server 2022 21H2 Nov. 2, 2021 Nov. 2, 2021 Oct. 13, 2026 Oct. 14, 2031 60 1398 449 6
392 Windows Server 2019 1809 Oct. 2, 2018 Nov. 13, 2018 Jan. 9, 2024 Jan. 9, 2029 98 2567 911 12
393 Windows Server 2016 20H2 Oct. 20, 2020 Oct. 15, 2016 Jan. 11, 2022 Jan. 12, 2027 107 2641 1033 16
394 Windows Server 2012 Oct. 30, 2012 Oct. 30, 2012 Oct. 9, 2018 Oct. 10, 2023 98 2256 929 51
395 Windows Server 2008 R2( Service Pack 1適用) Feb. 22, 2011 Jan. 14, 2020 0 0 0 0
396 Windows Server 2008(Service Pack 2適用) April 29, 2009 Jan. 14, 2020 0 0 0 0
397 Microsoft Windows Server 2003(Service Pack 2適用) May 28, 2003 July 13, 2010 July 14, 2015 0 128 53 15
398 Microsoft Windows Storage Server 2003 May 5, 2003 Oct. 11, 2011 Oct. 9, 2016 0 128 53 15
399 Microsoft Windows 2000(Service Pack 4適用) March 31, 2000 June 30, 2005 July 13, 2010 2 40 19 0
400 Windows Server 2025 0 0 0 0
NVD Vulnerability Information
  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW
No CVSS3
CVSS2
Level
Attach Vector
Title CWE CVE cpe23Uri or higher or less more than less than Update date
Published date
Show Affected Exploit
PoC
Search
391 8.8
-
HIGH
Network
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. CWE-787
CWE-122
 Out-of-bounds Write
Heap-based Buffer Overflow
CVE-2025-29963 cpe:2.3:o:microsoft:windows_server_2019:*:* 10.0.17763.7314 2025-05-19 23:22
2025-05-14
Show GitHub Exploit DB Packet Storm
392 8.8
-
HIGH
Network
Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network. CWE-787
CWE-122
 Out-of-bounds Write
Heap-based Buffer Overflow
CVE-2025-29962 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-19 23:22
2025-05-14
Show GitHub Exploit DB Packet Storm
393 6.5
-
MEDIUM
Network
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. CWE-125
Out-of-bounds Read
CVE-2025-29961 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-19 23:22
2025-05-14
Show GitHub Exploit DB Packet Storm
394 6.5
-
MEDIUM
Network
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. CWE-125
Out-of-bounds Read
CVE-2025-29960 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-19 23:22
2025-05-14
Show GitHub Exploit DB Packet Storm
395 6.5
-
MEDIUM
Network
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. CWE-908
 Use of Uninitialized Resource
CVE-2025-29959 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-19 23:22
2025-05-14
Show GitHub Exploit DB Packet Storm
396 6.5
-
MEDIUM
Network
Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. CWE-908
 Use of Uninitialized Resource
CVE-2025-29958 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-20 03:28
2025-05-14
Show GitHub Exploit DB Packet Storm
397 6.2
-
MEDIUM
Local
Uncontrolled resource consumption in Windows Deployment Services allows an unauthorized attacker to deny service locally. CWE-770
CWE-400
 Allocation of Resources Without Limits or Throttling
 Uncontrolled Resource Consumption
CVE-2025-29957 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-20 03:28
2025-05-14
Show GitHub Exploit DB Packet Storm
398 5.4
-
MEDIUM
Network
Buffer over-read in Windows SMB allows an authorized attacker to disclose information over a network. CWE-125
CWE-126
Out-of-bounds Read
 Buffer Over-read
CVE-2025-29956 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-20 03:29
2025-05-14
Show GitHub Exploit DB Packet Storm
399 5.9
-
MEDIUM
Network
Uncontrolled resource consumption in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network. CWE-770
CWE-400
 Allocation of Resources Without Limits or Throttling
 Uncontrolled Resource Consumption
CVE-2025-29954 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*
cpe:2.3:o:microsoft:windo…



10.0.17763.7314
10.0.14393.8066
2025-05-20 03:29
2025-05-14
Show GitHub Exploit DB Packet Storm
400 7.5
-
HIGH
Network
Acceptance of extraneous untrusted data with trusted data in UrlMon allows an unauthorized attacker to bypass a security feature over a network. CWE-345
CWE-349
 Insufficient Verification of Data Authenticity
 Acceptance of Extraneous Untrusted Data With Trusted Data
CVE-2025-29842 cpe:2.3:o:microsoft:windows_server_2019:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*



10.0.17763.7314
10.0.14393.8066
2025-05-20 03:29
2025-05-14
Show GitHub Exploit DB Packet Storm