IRONSMITHINTEL

Microsoft Windows Server 2012 R2 Vulnerabilities

Fix Microsoft Windows Server 2012 R2 on Windows Server

74 entries · Windows Server · Sorted by severity

Showing 174 of 74 results

SeverityTitleCVSS
CRITICAL
KB4507448: Windows Server 2012 R2 Security Update (July 2019)Windows DHCP Server — Unauthenticated Network RCE (A memory corruption in DHCP failover packet handling)Microsoft Windows Server 2012 R29.8
CRITICAL
KB4512488: Windows Server 2012 R2 Security Update (August 2019)Bluetooth BR/EDR Key Negotiation ("KNOB") — Encryption Downgrade AttackMicrosoft Windows Server 2012 R29.3
CRITICAL
KB4512488: Windows Server 2012 R2 Security Update (August 2019)Windows DHCP Server — Memory Corruption Denial of Service (RCE Potential)Microsoft Windows Server 2012 R29.8
CRITICAL
KB4534297: Windows Server 2012 R2 Security Update (January 2020)Windows Remote Desktop Gateway ("BlueGate") — Companion UDP RCE on Port 3391Microsoft Windows Server 2012 R29.8
CRITICAL
KB4601384: Windows Server 2012 R2 Security Update (February 2021)Windows DNS Server — Unauthenticated RCE (A heap-based buffer overflow) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB4601384: Windows Server 2012 R2 Security Update (February 2021)Windows DNS Server — Unauthenticated RCE (An out-of-bounds write in dynamic-update parsing) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB4601384: Windows Server 2012 R2 Security Update (February 2021)Windows TCP/IP IPv6 — Unauthenticated RCE / DoS via Crafted IPv6 PacketsMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5003671: Windows Server 2012 R2 Security Update (June 2021)Kerberos AppContainer Security Feature Bypass — Capability Check SkippedMicrosoft Windows Server 2012 R29.4
CRITICAL
KB5012670: Windows Server 2012 R2 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (A companion NFS RCE patched alongside CVE-2022-24491)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5014011: Windows Server 2012 R2 Security Update (May 2022)Windows Network File System (NFS) — Unauthenticated RCE (A stack buffer overflow in NLM Portmap handling — GETADDR RPC response is crafted by the attacker)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5014011: Windows Server 2012 R2 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5014011: Windows Server 2012 R2 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5014738: Windows Server 2012 R2 Security Update (June 2022)Windows Network File System (NFS) — Unauthenticated RCE (A size-calculation error in NFSv4.1 COMPOUND requests that under-allocates the response buffer and overflows it when populating fields)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5016681: Windows Server 2012 R2 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5016681: Windows Server 2012 R2 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5017367: Windows Server 2012 R2 Security Update (September 2022)Windows TCP/IP IPv6 Reassembly — Unauthenticated RCE on IPsec Hosts ("EvilESP")Microsoft Windows Server 2012 R29.8
CRITICAL
KB5017367: Windows Server 2012 R2 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A companion vulnerability to CVE-2022-34721 in the same IKE / IPsec protocol extensions (September 2022 patch cycle))Microsoft Windows Server 2012 R29.8
CRITICAL
KB4512488: Windows Server 2012 R2 Security Update (August 2019)Windows Remote Desktop Services (RDP) — Wormable Pre-Auth RCE ("DejaBlue")Microsoft Windows Server 2012 R29.8
CRITICAL
KB5012670: Windows Server 2012 R2 Security Update (April 2022)Windows RPC Runtime Library — Wormable Unauthenticated RCE on TCP 445Microsoft Windows Server 2012 R29.8
CRITICAL
KB5041828: Windows Server 2012 R2 Security Update (August 2024)Windows Reliable Multicast Transport Driver (RMCAST) — Use-After-Free RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5003209: Windows Server 2012 R2 Security Update (May 2021)Hyper-V vmswitch.sys — Guest-to-Host RCE via Crafted RNDIS over VMBusMicrosoft Windows Server 2012 R29.9
CRITICAL
KB4512488: Windows Server 2012 R2 Security Update (August 2019)Windows DHCP Client — Memory Corruption RCE via Malicious DHCP ResponseMicrosoft Windows Server 2012 R29.8
CRITICAL
KB4601384: Windows Server 2012 R2 Security Update (February 2021)Windows TCP/IP IPv4 Source-Routing — Unauthenticated RCE via Crafted IP FragmentsMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5000848: Windows Server 2012 R2 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (An out-of-bounds read leading to RCE) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5000848: Windows Server 2012 R2 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (A memory corruption in DNS query parsing) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5000848: Windows Server 2012 R2 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (A memory corruption in DNS record handling) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5000848: Windows Server 2012 R2 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (An out-of-bounds write triggered by oversized SIG records on dynamic updates) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5005076: Windows Server 2012 R2 Security Update (August 2021)Windows Services for NFS ONCRPC XDR Driver — Unauthenticated RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5009624: Windows Server 2012 R2 Security Update (January 2022)Windows Hyper-V — Guest-VM Adjacent-Network Elevation of PrivilegeMicrosoft Windows Server 2012 R29.0
CRITICAL
KB5012670: Windows Server 2012 R2 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (An NFS protocol parsing flaw)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5026415: Windows Server 2012 R2 Security Update (May 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5023765: Windows Server 2012 R2 Security Update (March 2023)Windows ICMP Protocol Stack — Heap-Based Buffer Overflow Unauthenticated Kernel RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5028228: Windows Server 2012 R2 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#1 of 3 in July 2023)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5028228: Windows Server 2012 R2 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#2 of 3 in July 2023)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5029312: Windows Server 2012 R2 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated RCE (Companion to CVE-2023-36910)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5034279: Windows Server 2012 R2 Security Update (January 2024).NET / Visual Studio X.509 Chain-Building Bug — Authentication Bypass via Malformed SignatureMicrosoft Windows Server 2012 R29.1
CRITICAL
KB5022899: Windows Server 2012 R2 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5025285: Windows Server 2012 R2 Security Update (April 2023)Microsoft Message Queuing (MSMQ) "QueueJumper" — Unauthenticated RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB4487000: Windows Server 2012 R2 Security Update (February 2019)Windows DHCP Server — Unauthenticated Network RCE (A memory corruption in how the DHCP server processes crafted packets)Microsoft Windows Server 2012 R29.8
CRITICAL
KB4586845: Windows Server 2012 R2 Security Update (November 2020)Windows Network File System (NFSv3) — Wormable Kernel Heap Overflow RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5000848: Windows Server 2012 R2 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (A heap-based buffer overflow) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5068905: Windows Server 2012 R2 Security Update (November 2025)Windows GDI+ (gdiplus.dll) Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5025285: Windows Server 2012 R2 Security Update (April 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5026415: Windows Server 2012 R2 Security Update (May 2023)Windows Network File System (NFS) — Unauthenticated RCE in NFSv4.1 utf8string ParsingMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5027271: Windows Server 2012 R2 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5027271: Windows Server 2012 R2 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5027271: Windows Server 2012 R2 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An input-validation flaw)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5028228: Windows Server 2012 R2 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#3 of 3 in July 2023)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5029312: Windows Server 2012 R2 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Integer-Overflow RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5029312: Windows Server 2012 R2 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5031419: Windows Server 2012 R2 Security Update (October 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5031419: Windows Server 2012 R2 Security Update (October 2023)Windows IIS Server — Unauthenticated Authentication-Bypass Elevation of PrivilegeMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5032249: Windows Server 2012 R2 Security Update (November 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A buffer over-read)Microsoft Windows Server 2012 R29.8
CRITICAL
KB5040456: Windows Server 2012 R2 Security Update (July 2024)Remote Desktop Licensing Service — Unauthenticated Integer-Underflow RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5041828: Windows Server 2012 R2 Security Update (August 2024)Windows Line Printer Daemon (LPD) Service — Use-After-Free RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5044343: Windows Server 2012 R2 Security Update (October 2024)Windows Netlogon — Adjacent-Network Elevation of Privilege via DC Name ImpersonationMicrosoft Windows Server 2012 R29.0
CRITICAL
KB5046682: Windows Server 2012 R2 Security Update (November 2024)Windows Kerberos KDC Proxy (KPSSVC) — Unauthenticated RCE via Integer OverflowMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5050048: Windows Server 2012 R2 Security Update (January 2025)Windows Reliable Multicast Transport Driver (RMCAST) Use-After-Free — Unauthenticated Network RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5087471: Windows Server 2012 R2 Security Update (May 2026)Windows Netlogon Stack-Based Buffer Overflow — Unauthenticated RCE on Domain ControllersMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5005076: Windows Server 2012 R2 Security Update (August 2021)Windows TCP/IP Stack — Unauthenticated Network RCEMicrosoft Windows Server 2012 R29.9
CRITICAL
KB5023765: Windows Server 2012 R2 Security Update (March 2023)Microsoft RPC Runtime — Integer-Underflow Unauthenticated RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5022899: Windows Server 2012 R2 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5028228: Windows Server 2012 R2 Security Update (July 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB4038792: Windows Server 2012 R2 Security Update (September 2017)Windows DHCP Server — Unauthenticated Network RCE (A boundary error in DHCP failover packet processing)Microsoft Windows Server 2012 R29.8
CRITICAL
KB4534297: Windows Server 2012 R2 Security Update (January 2020)Windows Remote Desktop Gateway ("BlueGate") — Pre-Auth UDP RCE on Port 3391Microsoft Windows Server 2012 R29.8
CRITICAL
KB5008263: Windows Server 2012 R2 Security Update (December 2021)Microsoft iSNS Server — Unauthenticated Memory-Corruption RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5063950: Windows Server 2012 R2 Security Update (August 2025)Windows GDI+ Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5062597: Windows Server 2012 R2 Security Update (July 2025)SPNEGO NEGOEX Heap-Based Buffer Overflow — Wormable Unauthenticated RCE in LSASSMicrosoft Windows Server 2012 R29.8
CRITICAL
KB5022899: Windows Server 2012 R2 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Unauthenticated RCEMicrosoft Windows Server 2012 R29.8
CRITICAL
KB4471320: Windows Server 2012 R2 Security Update (December 2018)Windows DNS Server — Unauthenticated RCE (A heap-based buffer overflow in DNS request handling) — Requires Dynamic UpdatesMicrosoft Windows Server 2012 R29.8
CRITICAL
KB4512488: Windows Server 2012 R2 Security Update (August 2019)Windows Remote Desktop Services (RDP) — Wormable Pre-Auth RCE ("DejaBlue")Microsoft Windows Server 2012 R29.8
CRITICAL
KB5017367: Windows Server 2012 R2 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A flaw in how IKE / IPsec processes crafted IP packets when IKE and AuthIP IPsec Keying Modules are active)Microsoft Windows Server 2012 R29.8
HIGHCISA KEV
KB5058403: Windows Server 2012 R2 Security Update (May 2025)Windows Ancillary Function Driver for WinSock (afd.sys) Use-After-Free — Actively Exploited Privilege EscalationMicrosoft Windows Server 2012 R27.8
HIGHCISA KEV
KB5058403: Windows Server 2012 R2 Security Update (May 2025)Windows Common Log File System (CLFS) Driver Heap Overflow — Actively Exploited Privilege EscalationMicrosoft Windows Server 2012 R27.8