Microsoft Windows Server 2019 Vulnerabilities
Fix Microsoft Windows Server 2019 on Windows Server
88 entries · Windows Server · Sorted by severity
Showing 1–88 of 88 results
| Severity | Title | CVSS | |||||
|---|---|---|---|---|---|---|---|
CRITICAL | KB4511553: Windows Server 2019 Security Update (August 2019)Windows Remote Desktop Services (RDP) — Wormable Pre-Auth RCE ("DejaBlue")Microsoft Windows Server 2019 | CVE-2019-1182 | 9.8 | No confirmed in-the-wild worm at time of writing, but the same protocol layer was the target of BlueKeep (CVE-2019-0708). PoC research has been published. | Reboot Required | Script | |
CRITICAL | KB5000822: Windows Server 2019 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (A heap-based buffer overflow) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2021-26894 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
CRITICAL | KB5003171: Windows Server 2019 Security Update (May 2021)Hyper-V vmswitch.sys — Guest-to-Host RCE via Crafted RNDIS over VMBusMicrosoft Windows Server 2019 | CVE-2021-28476 | 9.9 | Public proof-of-concept exists (0vercl0k/CVE-2021-28476 on GitHub). Reported as affecting Azure infrastructure prior to patch. | Reboot Required | Script | |
CRITICAL | KB5025229: Windows Server 2019 Security Update (April 2023)Microsoft Message Queuing (MSMQ) "QueueJumper" — Unauthenticated RCEMicrosoft Windows Server 2019 | CVE-2023-21554 | 9.8 | Public technical analysis and proof-of-concept widely available since April 2023 (Check Point Research, IBM X-Force, Bitdefender). Over 360,000 internet-exposed MSMQ services were estimated at risk at disclosure. | Reboot Required | Script | |
CRITICAL | KB5041578: Windows Server 2019 Security Update (August 2024)Windows Line Printer Daemon (LPD) Service — Use-After-Free RCEMicrosoft Windows Server 2019 | CVE-2024-38199 | 9.8 | Microsoft assessed exploitation as "more likely". Public proof-of-concept research has been published. | Reboot Required | Script | |
CRITICAL | KB5009557: Windows Server 2019 Security Update (January 2022)Windows HTTP Protocol Stack (http.sys) — Wormable Unauthenticated Kernel RCEMicrosoft Windows Server 2019 | CVE-2022-21907 | 9.8 | Public proof-of-concept code available (exploit-db, Core Security). Microsoft labelled the vulnerability "wormable". No confirmed in-the-wild worm at time of writing. | Reboot Required | Script | |
CRITICAL | KB5012647: Windows Server 2019 Security Update (April 2022)Windows RPC Runtime Library — Wormable Unauthenticated RCE on TCP 445Microsoft Windows Server 2019 | CVE-2022-26809 | 9.8 | Public proof-of-concept code available (websecnl/CVE-2022-26809 on GitHub). Microsoft classified the vulnerability as wormable. Shodan counted 700,000+ internet-exposed hosts at disclosure. | Reboot Required | Script | |
CRITICAL | KB4511553: Windows Server 2019 Security Update (August 2019)Windows Remote Desktop Services (RDP) — Wormable Pre-Auth RCE ("DejaBlue")Microsoft Windows Server 2019 | CVE-2019-1181 | 9.8 | No confirmed in-the-wild worm at time of writing, but the same protocol layer was the target of BlueKeep (CVE-2019-0708). PoC research has been published. | Reboot Required | Script | |
CRITICAL | KB4511553: Windows Server 2019 Security Update (August 2019)Windows Remote Desktop Services (RDP) — Wormable Pre-Auth RCE ("DejaBlue")Microsoft Windows Server 2019 | CVE-2019-1226 | 9.8 | No confirmed in-the-wild worm at time of writing, but the same protocol layer was the target of BlueKeep (CVE-2019-0708). PoC research has been published. | Reboot Required | Script | |
CRITICAL | KB4511553: Windows Server 2019 Security Update (August 2019)Windows Remote Desktop Services (RDP) — Wormable Pre-Auth RCE ("DejaBlue")Microsoft Windows Server 2019 | CVE-2019-1222 | 9.8 | No confirmed in-the-wild worm at time of writing, but the same protocol layer was the target of BlueKeep (CVE-2019-0708). PoC research has been published. | Reboot Required | Script | |
CRITICAL | KB4534273: Windows Server 2019 Security Update (January 2020)Windows Remote Desktop Gateway ("BlueGate") — Companion UDP RCE on Port 3391Microsoft Windows Server 2019 | CVE-2020-0610 | 9.8 | Companion to CVE-2020-0609 — patched together. PoCs available. ~15,500 internet-exposed RD Gateways at disclosure. | Reboot Required | Script | |
CRITICAL | KB4487044: Windows Server 2019 Security Update (February 2019)Windows DHCP Server — Unauthenticated Network RCE (A memory corruption in how the DHCP server processes crafted packets)Microsoft Windows Server 2019 | CVE-2019-0626 | 9.8 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB4489899: Windows Server 2019 Security Update (March 2019)Windows DHCP Client — Memory Corruption RCE via Malicious DHCP ResponseMicrosoft Windows Server 2019 | CVE-2019-0698 | 9.8 | Public technical analysis (McAfee, WithSecure, ZDI). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5000822: Windows Server 2019 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (A memory corruption in DNS record handling) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2021-26895 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
CRITICAL | KB5007206: Windows Server 2019 Security Update (November 2021)Windows Hyper-V VMBus — Remote Code ExecutionMicrosoft Windows Server 2019 | CVE-2021-26443 | 9.0 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5008218: Windows Server 2019 Security Update (December 2021)Microsoft iSNS Server — Unauthenticated Memory-Corruption RCEMicrosoft Windows Server 2019 | CVE-2021-43215 | 9.8 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5017315: Windows Server 2019 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A companion vulnerability to CVE-2022-34721 in the same IKE / IPsec protocol extensions (September 2022 patch cycle))Microsoft Windows Server 2019 | CVE-2022-34722 | 9.8 | Public proof-of-concept research available (micropatches and PoCs published). No confirmed in-the-wild exploitation for this specific CVE at time of writing. | Reboot Required | Script | |
CRITICAL | KB5022840: Windows Server 2019 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Unauthenticated RCEMicrosoft Windows Server 2019 | CVE-2023-21690 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Companion CVE to CVE-2023-21689 and CVE-2023-21692 in the same patch cycle. | Reboot Required | Script | |
CRITICAL | KB5031361: Windows Server 2019 Security Update (October 2023)Windows IIS Server — Unauthenticated Authentication-Bypass Elevation of PrivilegeMicrosoft Windows Server 2019 | CVE-2023-36434 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Highlighted by Arctic Wolf as one of the two critical CVEs in the October 2023 Patch Tuesday. | Reboot Required | Script | |
CRITICAL | KB5032196: Windows Server 2019 Security Update (November 2023)Microsoft PEAP — Heap-Based Buffer Overflow RCE (November 2023)Microsoft Windows Server 2019 | CVE-2023-36028 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Companion to the February 2023 PEAP CVEs (CVE-2023-21689/-21690/-21692) in the same component family. | Reboot Required | Script | |
CRITICAL | KB5005030: Windows Server 2019 Security Update (August 2021)Windows TCP/IP Stack — Unauthenticated Network RCEMicrosoft Windows Server 2019 | CVE-2021-26424 | 9.9 | No confirmed in-the-wild exploitation at time of writing. Microsoft assessed this in the August 2021 Patch Tuesday cycle. | Reboot Required | Script | |
CRITICAL | KB5022840: Windows Server 2019 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2019 | CVE-2023-21689 | 9.8 | No confirmed in-the-wild exploitation at time of writing. One of three companion PEAP RCEs (CVE-2023-21689, -21690, -21692) patched together in February 2023. | Reboot Required | Script | |
CRITICAL | KB5026362: Windows Server 2019 Security Update (May 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 2019 | CVE-2023-24943 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5027222: Windows Server 2019 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 2019 | CVE-2023-32014 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5031361: Windows Server 2019 Security Update (October 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2019 | CVE-2023-35349 | 9.8 | No confirmed in-the-wild exploitation at time of writing. MSMQ has been the focus of a sustained vulnerability-research effort following QueueJumper (CVE-2023-21554) — multiple companion RCEs have been disclosed in the same family. | Reboot Required | Script | |
CRITICAL | KB5009557: Windows Server 2019 Security Update (January 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A stack-based buffer overflow in the ISAKMP VendorID payload handler (the 10-byte buffer is overflowed when a longer VendorID is sent))Microsoft Windows Server 2019 | CVE-2022-21849 | 9.8 | Public proof-of-concept research available (micropatches and PoCs published). No confirmed in-the-wild exploitation for this specific CVE at time of writing. | Reboot Required | Script | |
CRITICAL | KB5012647: Windows Server 2019 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (An NFS protocol parsing flaw)Microsoft Windows Server 2019 | CVE-2022-24491 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-24491 specifically. | Reboot Required | Script | |
CRITICAL | KB5013941: Windows Server 2019 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 2019 | CVE-2022-22012 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Exploit conditions are narrow (non-default MaxReceiveBuffer). | Reboot Required | Script | |
CRITICAL | KB5017315: Windows Server 2019 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A flaw in how IKE / IPsec processes crafted IP packets when IKE and AuthIP IPsec Keying Modules are active)Microsoft Windows Server 2019 | CVE-2022-34721 | 9.8 | Public proof-of-concept research available (micropatches and PoCs published). In-the-wild exploitation has been reported. | Reboot Required | Script | |
CRITICAL | KB4471332: Windows Server 2019 Security Update (December 2018)Windows DNS Server — Unauthenticated RCE (A heap-based buffer overflow in DNS request handling) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2018-8626 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
CRITICAL | KB4507469: Windows Server 2019 Security Update (July 2019)Windows DHCP Server — Unauthenticated Network RCE (A memory corruption in DHCP failover packet handling)Microsoft Windows Server 2019 | CVE-2019-0785 | 9.8 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5000822: Windows Server 2019 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (An out-of-bounds read leading to RCE) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2021-26877 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
CRITICAL | KB5009557: Windows Server 2019 Security Update (January 2022)Windows Hyper-V — Guest-VM Adjacent-Network Elevation of PrivilegeMicrosoft Windows Server 2019 | CVE-2022-21901 | 9.0 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5028168: Windows Server 2019 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#2 of 3 in July 2023)Microsoft Windows Server 2019 | CVE-2023-35366 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RRAS servers are typically internet-exposed by design (VPN endpoints, DirectAccess), making them high-value targets even without a public PoC. | Reboot Required | Script | |
CRITICAL | KB5028168: Windows Server 2019 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#3 of 3 in July 2023)Microsoft Windows Server 2019 | CVE-2023-35367 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RRAS servers are typically internet-exposed by design (VPN endpoints, DirectAccess), making them high-value targets even without a public PoC. | Reboot Required | Script | |
CRITICAL | KB5029247: Windows Server 2019 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated RCE (Companion to CVE-2023-36910)Microsoft Windows Server 2019 | CVE-2023-36911 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Patched together with CVE-2023-36910 in August 2023. | Reboot Required | Script | |
CRITICAL | KB5046615: Windows Server 2019 Security Update (November 2024)Windows Kerberos KDC Proxy (KPSSVC) — Unauthenticated RCE via Integer OverflowMicrosoft Windows Server 2019 | CVE-2024-43639 | 9.8 | No confirmed in-the-wild exploitation at time of writing. ZDI published a technical analysis in March 2025. | Reboot Required | Script | |
CRITICAL | KB5034273: Windows Server 2019 Security Update (January 2024).NET / Visual Studio X.509 Chain-Building Bug — Authentication Bypass via Malformed SignatureMicrosoft Windows Server 2019 | CVE-2024-0057 | 9.1 | No confirmed in-the-wild exploitation at time of writing. Public Microsoft advisory. | Reboot Required | Script | |
CRITICAL | KB5068791: Windows Server 2019 Security Update (November 2025)Windows GDI+ (gdiplus.dll) Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2019 | CVE-2025-60724 | 9.8 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation, but the attack surface (Print Spooler accepting metafiles over RPC) is unauthenticated and the flaw is rated CVSS 9.8. | Reboot Required | Script | |
CRITICAL | KB5062557: Windows Server 2019 Security Update (July 2025)SPNEGO NEGOEX Heap-Based Buffer Overflow — Wormable Unauthenticated RCE in LSASSMicrosoft Windows Server 2019 | CVE-2025-47981 | 9.8 | Microsoft assessed exploitation as "more likely" and described the flaw as wormable. Prioritise internet-facing systems and domain controllers. | Reboot Required | Script | |
CRITICAL | KB5066586: Windows Server 2019 Security Update (October 2025)Microsoft Graphics Component Use-After-Free — Network-Reachable Elevation of Privilege (Exploited Zero-Day)Microsoft Windows Server 2019 | CVE-2025-49708 | 9.9 | Not currently listed in the CISA Known Exploited Vulnerabilities Catalogue. No confirmed in-the-wild exploitation of CVE-2025-49708 specifically at time of writing — though the same October 2025 patch cycle did include other Windows zero-days (CVE-2025-24990, CVE-2025-59230). Refer to the MSRC advisory and recent vendor research for current status. | Reboot Required | Script | |
CRITICAL | KB5073723: Windows Server 2019 Security Update (July 2025)SQLite (winsqlite3.dll) Memory Corruption — RCE via Crafted SQL AggregateMicrosoft Windows Server 2019 | CVE-2025-6965 | 9.8 | Discovered by Google's "Big Sleep" AI-assisted vulnerability research. Public proof-of-concept exists for upstream SQLite; in-the-wild exploitation not yet reported. | Reboot Required | Script | |
CRITICAL | KB5087538: Windows Server 2019 Security Update (May 2026)Windows Netlogon Stack-Based Buffer Overflow — Unauthenticated RCE on Domain ControllersMicrosoft Windows Server 2019 | CVE-2026-41089 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Patch every domain controller before any other system. | Reboot Required | Script | |
CRITICAL | KB5063877: Windows Server 2019 Security Update (August 2025)Windows GDI+ Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2019 | CVE-2025-53766 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis from Check Point research is available. | Reboot Required | Script | |
CRITICAL | KB5023702: Windows Server 2019 Security Update (March 2023)Microsoft RPC Runtime — Integer-Underflow Unauthenticated RCEMicrosoft Windows Server 2019 | CVE-2023-21708 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RPC RCEs in this class historically draw rapid exploit development. | Reboot Required | Script | |
CRITICAL | KB5040430: Windows Server 2019 Security Update (July 2024)Remote Desktop Licensing Service — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2019 | CVE-2024-38076 | 9.8 | Companion to CVE-2024-38074 in the "MadLicense" research series. No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5023702: Windows Server 2019 Security Update (March 2023)Windows ICMP Protocol Stack — Heap-Based Buffer Overflow Unauthenticated Kernel RCEMicrosoft Windows Server 2019 | CVE-2023-23415 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis available; classification of "low complexity" makes exploit development tractable. | Reboot Required | Script | |
CRITICAL | KB5026362: Windows Server 2019 Security Update (May 2023)Windows Network File System (NFS) — Unauthenticated RCE in NFSv4.1 utf8string ParsingMicrosoft Windows Server 2019 | CVE-2023-24941 | 9.8 | Public technical analysis by Trend Micro and ZDI. No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5027222: Windows Server 2019 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 2019 | CVE-2023-29363 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5028168: Windows Server 2019 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#1 of 3 in July 2023)Microsoft Windows Server 2019 | CVE-2023-35365 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RRAS servers are typically internet-exposed by design (VPN endpoints, DirectAccess), making them high-value targets even without a public PoC. | Reboot Required | Script | |
CRITICAL | KB5029247: Windows Server 2019 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2019 | CVE-2023-35385 | 9.8 | No confirmed in-the-wild exploitation at time of writing. MSMQ has been the focus of a sustained vulnerability-research effort following QueueJumper (CVE-2023-21554) — multiple companion RCEs have been disclosed in the same family. | Reboot Required | Script | |
CRITICAL | KB5032196: Windows Server 2019 Security Update (November 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A buffer over-read)Microsoft Windows Server 2019 | CVE-2023-36397 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB4601345: Windows Server 2019 Security Update (February 2021)Windows TCP/IP IPv4 Source-Routing — Unauthenticated RCE via Crafted IP FragmentsMicrosoft Windows Server 2019 | CVE-2021-24074 | 9.8 | Microsoft assessed exploit development as complex. No public PoC or confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5016623: Windows Server 2019 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 2019 | CVE-2022-30133 | 9.8 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5013941: Windows Server 2019 Security Update (May 2022)Windows Network File System (NFS) — Unauthenticated RCE (A stack buffer overflow in NLM Portmap handling — GETADDR RPC response is crafted by the attacker)Microsoft Windows Server 2019 | CVE-2022-26937 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-26937 specifically. | Reboot Required | Script | |
CRITICAL | KB5014692: Windows Server 2019 Security Update (June 2022)Windows Network File System (NFS) — Unauthenticated RCE (A size-calculation error in NFSv4.1 COMPOUND requests that under-allocates the response buffer and overflows it when populating fields)Microsoft Windows Server 2019 | CVE-2022-30136 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-30136 specifically. | Reboot Required | Script | |
CRITICAL | KB5016623: Windows Server 2019 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 2019 | CVE-2022-35744 | 9.8 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5029247: Windows Server 2019 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Integer-Overflow RCEMicrosoft Windows Server 2019 | CVE-2023-36910 | 9.8 | Public Automox worklet for mitigation. No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB4489899: Windows Server 2019 Security Update (March 2019)Windows DHCP Client — Memory Corruption RCE via Malicious DHCP ResponseMicrosoft Windows Server 2019 | CVE-2019-0697 | 9.8 | Public technical analysis (McAfee, WithSecure, ZDI). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB4489899: Windows Server 2019 Security Update (March 2019)Windows DHCP Client — Memory Corruption RCE via Malicious DHCP ResponseMicrosoft Windows Server 2019 | CVE-2019-0726 | 9.8 | Public technical analysis (McAfee, WithSecure, ZDI). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB4511553: Windows Server 2019 Security Update (August 2019)Bluetooth BR/EDR Key Negotiation ("KNOB") — Encryption Downgrade AttackMicrosoft Windows Server 2019 | CVE-2019-9506 | 9.3 | Public proof-of-concept code on GitHub (francozappa/knob). No confirmed targeted in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB4601345: Windows Server 2019 Security Update (February 2021)Windows DNS Server — Unauthenticated RCE (A heap-based buffer overflow) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2021-24077 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
CRITICAL | KB4601345: Windows Server 2019 Security Update (February 2021)Windows TCP/IP IPv6 — Unauthenticated RCE / DoS via Crafted IPv6 PacketsMicrosoft Windows Server 2019 | CVE-2021-24094 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Microsoft assessed exploit development as complex for RCE; DoS is more straightforward. | Reboot Required | Script | |
CRITICAL | KB4534273: Windows Server 2019 Security Update (January 2020)Windows Remote Desktop Gateway ("BlueGate") — Pre-Auth UDP RCE on Port 3391Microsoft Windows Server 2019 | CVE-2020-0609 | 9.8 | Public proof-of-concept code (DoS + RCE) from multiple researchers; working RCE PoC has been demonstrated. ~15,500 RD Gateway servers were internet-exposed on UDP 3391 at disclosure. | Reboot Required | Script | |
CRITICAL | KB4586793: Windows Server 2019 Security Update (November 2020)Windows Network File System (NFSv3) — Wormable Kernel Heap Overflow RCEMicrosoft Windows Server 2019 | CVE-2020-17051 | 9.8 | Public technical analysis from McAfee Labs and Virsec. The first publicly-known RCE in the Windows NFSv3 implementation. | Reboot Required | Script | |
CRITICAL | KB5003646: Windows Server 2019 Security Update (June 2021)Kerberos AppContainer Security Feature Bypass — Capability Check SkippedMicrosoft Windows Server 2019 | CVE-2021-31962 | 9.4 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5005030: Windows Server 2019 Security Update (August 2021)Windows Services for NFS ONCRPC XDR Driver — Unauthenticated RCEMicrosoft Windows Server 2019 | CVE-2021-26432 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis from FortiGuard and ExtraHop. | Reboot Required | Script | |
CRITICAL | KB5044277: Windows Server 2019 Security Update (October 2024)Windows Netlogon — Adjacent-Network Elevation of Privilege via DC Name ImpersonationMicrosoft Windows Server 2019 | CVE-2024-38124 | 9.0 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5082123: Windows Server 2019 Security Update (April 2026)Windows IKE Service Extensions Double-Free — Unauthenticated RCE via Crafted IKEv2 PacketMicrosoft Windows Server 2019 | CVE-2026-33824 | 9.8 | No public proof-of-concept or in-the-wild exploitation at time of writing. Microsoft assessed as critical severity. | Reboot Required | Script | |
CRITICAL | KB5050008: Windows Server 2019 Security Update (January 2025)Windows Reliable Multicast Transport Driver (RMCAST) Use-After-Free — Unauthenticated Network RCEMicrosoft Windows Server 2019 | CVE-2025-21307 | 9.8 | Microsoft assessed exploitation as "more likely". No public proof-of-concept at time of writing. | Reboot Required | Script | |
CRITICAL | KB5004244: Windows Server 2019 Security Update (July 2021)Windows Kernel SR-IOV — Network RCE on Servers Hosting VMs with SR-IOV DevicesMicrosoft Windows Server 2019 | CVE-2021-34458 | 9.9 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5022840: Windows Server 2019 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2019 | CVE-2023-21692 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Companion CVE to CVE-2023-21689 and CVE-2023-21690 in the same patch cycle. | Reboot Required | Script | |
CRITICAL | KB5040430: Windows Server 2019 Security Update (July 2024)Remote Desktop Licensing Service — Unauthenticated Integer-Underflow RCEMicrosoft Windows Server 2019 | CVE-2024-38074 | 9.8 | Public technical analysis available ("MadLicense" research series). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5041578: Windows Server 2019 Security Update (August 2024)Windows Reliable Multicast Transport Driver (RMCAST) — Use-After-Free RCEMicrosoft Windows Server 2019 | CVE-2024-38140 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Closely related to CVE-2025-21307 in the same component. | Reboot Required | Script | |
CRITICAL | KB5025229: Windows Server 2019 Security Update (April 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 2019 | CVE-2023-28250 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5027222: Windows Server 2019 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An input-validation flaw)Microsoft Windows Server 2019 | CVE-2023-32015 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5028168: Windows Server 2019 Security Update (July 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2019 | CVE-2023-32057 | 9.8 | No confirmed in-the-wild exploitation at time of writing. MSMQ has been the focus of a sustained vulnerability-research effort following QueueJumper (CVE-2023-21554) — multiple companion RCEs have been disclosed in the same family. | Reboot Required | Script | |
CRITICAL | KB5012647: Windows Server 2019 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (A companion NFS RCE patched alongside CVE-2022-24491)Microsoft Windows Server 2019 | CVE-2022-24497 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-24497 specifically. | Reboot Required | Script | |
CRITICAL | KB5013941: Windows Server 2019 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 2019 | CVE-2022-29130 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Exploit conditions are narrow (non-default MaxReceiveBuffer). | Reboot Required | Script | |
CRITICAL | KB5017315: Windows Server 2019 Security Update (September 2022)Windows TCP/IP IPv6 Reassembly — Unauthenticated RCE on IPsec Hosts ("EvilESP")Microsoft Windows Server 2019 | CVE-2022-34718 | 9.8 | Public technical analysis from IBM X-Force ("EvilESP"). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB4511553: Windows Server 2019 Security Update (August 2019)Windows DHCP Server — Memory Corruption Denial of Service (RCE Potential)Microsoft Windows Server 2019 | CVE-2019-1212 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Microsoft classified the official impact as denial of service but assigned a CVSS 9.8 because of the underlying memory corruption. | Reboot Required | Script | |
CRITICAL | KB4601345: Windows Server 2019 Security Update (February 2021)Windows DNS Server — Unauthenticated RCE (An out-of-bounds write in dynamic-update parsing) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2021-24078 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
CRITICAL | KB5000822: Windows Server 2019 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (A memory corruption in DNS query parsing) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2021-26893 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
CRITICAL | KB5000822: Windows Server 2019 Security Update (March 2021)Windows DNS Server — Unauthenticated RCE (An out-of-bounds write triggered by oversized SIG records on dynamic updates) — Requires Dynamic UpdatesMicrosoft Windows Server 2019 | CVE-2021-26897 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of seven DNS Server RCEs patched together in March 2021 — McAfee published a research summary ("Seven Windows Wonders"). | Reboot Required | Script | |
HIGH | KB5082123: Windows Server 2019 Security Update (April 2026)Windows Remote Desktop Client — Remote Code Execution via Malicious RDP ServerMicrosoft Windows Server 2019 | CVE-2026-32157 | 8.8 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation. Exploitation requires the victim to initiate an RDP connection to attacker-controlled infrastructure. | Reboot Required | Script | |
HIGH | KB5082123: Windows Server 2019 Security Update (April 2026)Windows Shell Security Feature Bypass — Network Security Control EvasionMicrosoft Windows Server 2019 | CVE-2026-32225 | 8.8 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation. Security-feature bypasses are typically used as one link in a multi-step attack chain rather than as a standalone exploit. | Reboot Required | Script | |
HIGH | KB5082123: Windows Server 2019 Security Update (April 2026)Windows TCP/IP IPv6 Race Condition — Wormable Unauthenticated RCE on IPsec HostsMicrosoft Windows Server 2019 | CVE-2026-33827 | 8.1 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation. Microsoft rates it Critical and notes it is wormable on systems with IPv6 and IPsec enabled; the high attack complexity (winning a race) is the main barrier. | Reboot Required | Script | |
MEDIUM | KB5034127: Windows Server 2019 Security Update (January 2024)Windows BitLocker Security Feature Bypass — Encryption Bypass via Boot Manager / Recovery EnvironmentMicrosoft Windows Server 2019 | CVE-2024-20666 | 6.6 | Not in the CISA KEV catalogue at time of writing. Requires physical access to the device, which bounds the practical risk to lost/stolen/seized hardware and insider scenarios. | Reboot Required | Script |