IRONSMITHINTEL

Microsoft Windows Server 2022 Vulnerabilities

Fix Microsoft Windows Server 2022 on Windows Server

63 entries · Windows Server · Sorted by severity

Showing 163 of 63 results

SeverityTitleCVSS
CRITICAL
KB5009555: Windows Server 2022 Security Update (January 2022)Windows HTTP Protocol Stack (http.sys) — Wormable Unauthenticated Kernel RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5012604: Windows Server 2022 Security Update (April 2022)Windows RPC Runtime Library — Wormable Unauthenticated RCE on TCP 445Microsoft Windows Server 20229.8
CRITICAL
KB5049984: Windows Server 2022 Security Update (January 2025)NTLMv1 Authentication Implementation Flaw — Remote Privilege EscalationMicrosoft Windows Server 20229.8
CRITICAL
KB5025230: Windows Server 2022 Security Update (April 2023)Microsoft Message Queuing (MSMQ) "QueueJumper" — Unauthenticated RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5041160: Windows Server 2022 Security Update (August 2024)Windows Line Printer Daemon (LPD) Service — Use-After-Free RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5063880: Windows Server 2022 Security Update (August 2025)Remote Desktop Server Missing Authorization — Network Spoofing for Credential TheftMicrosoft Windows Server 20229.1
CRITICAL
KB5082142: Windows Server 2022 Security Update (April 2026)Windows IKE Service Extensions Double-Free — Unauthenticated RCE via Crafted IKEv2 PacketMicrosoft Windows Server 20229.8
CRITICAL
KB5009555: Windows Server 2022 Security Update (January 2022)Windows Hyper-V — Guest-VM Adjacent-Network Elevation of PrivilegeMicrosoft Windows Server 20229.0
CRITICAL
KB5012604: Windows Server 2022 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (An NFS protocol parsing flaw)Microsoft Windows Server 20229.8
CRITICAL
KB5013944: Windows Server 2022 Security Update (May 2022)Windows Network File System (NFS) — Unauthenticated RCE (A stack buffer overflow in NLM Portmap handling — GETADDR RPC response is crafted by the attacker)Microsoft Windows Server 20229.8
CRITICAL
KB5013944: Windows Server 2022 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 20229.8
CRITICAL
KB5022842: Windows Server 2022 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Unauthenticated RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5016627: Windows Server 2022 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 20229.8
CRITICAL
KB5022842: Windows Server 2022 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5022842: Windows Server 2022 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5023705: Windows Server 2022 Security Update (March 2023)Windows ICMP Protocol Stack — Heap-Based Buffer Overflow Unauthenticated Kernel RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5025230: Windows Server 2022 Security Update (April 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 20229.8
CRITICAL
KB5027225: Windows Server 2022 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 20229.8
CRITICAL
KB5027225: Windows Server 2022 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An input-validation flaw)Microsoft Windows Server 20229.8
CRITICAL
KB5028171: Windows Server 2022 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#1 of 3 in July 2023)Microsoft Windows Server 20229.8
CRITICAL
KB5029250: Windows Server 2022 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5034272: Windows Server 2022 Security Update (January 2024).NET / Visual Studio X.509 Chain-Building Bug — Authentication Bypass via Malformed SignatureMicrosoft Windows Server 20229.1
CRITICAL
KB5013944: Windows Server 2022 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 20229.8
CRITICAL
KB5009555: Windows Server 2022 Security Update (January 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A stack-based buffer overflow in the ISAKMP VendorID payload handler (the 10-byte buffer is overflowed when a longer VendorID is sent))Microsoft Windows Server 20229.8
CRITICAL
KB5016627: Windows Server 2022 Security Update (August 2022)Windows Network File System (NFS) — Unauthenticated RCE (An NFSv4.1 ACL field-validation bug — incorrect ACE_Count handling under-allocates the response buffer (Server 2022 only))Microsoft Windows Server 20229.8
CRITICAL
KB5017316: Windows Server 2022 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A flaw in how IKE / IPsec processes crafted IP packets when IKE and AuthIP IPsec Keying Modules are active)Microsoft Windows Server 20229.8
CRITICAL
KB5029250: Windows Server 2022 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Integer-Overflow RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5068787: Windows Server 2022 Security Update (November 2025)Windows GDI+ (gdiplus.dll) Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 20229.8
CRITICAL
KB5026370: Windows Server 2022 Security Update (May 2023)Windows Network File System (NFS) — Unauthenticated RCE in NFSv4.1 utf8string ParsingMicrosoft Windows Server 20229.8
CRITICAL
KB5026370: Windows Server 2022 Security Update (May 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 20229.8
CRITICAL
KB5027225: Windows Server 2022 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 20229.8
CRITICAL
KB5028171: Windows Server 2022 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#2 of 3 in July 2023)Microsoft Windows Server 20229.8
CRITICAL
KB5028171: Windows Server 2022 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#3 of 3 in July 2023)Microsoft Windows Server 20229.8
CRITICAL
KB5028171: Windows Server 2022 Security Update (July 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5031364: Windows Server 2022 Security Update (October 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5032198: Windows Server 2022 Security Update (November 2023)Microsoft PEAP — Heap-Based Buffer Overflow RCE (November 2023)Microsoft Windows Server 20229.8
CRITICAL
KB5040437: Windows Server 2022 Security Update (July 2024)Remote Desktop Licensing Service — Unauthenticated Integer-Underflow RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5040437: Windows Server 2022 Security Update (July 2024)Remote Desktop Licensing Service — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5041160: Windows Server 2022 Security Update (August 2024)Windows Reliable Multicast Transport Driver (RMCAST) — Use-After-Free RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5044281: Windows Server 2022 Security Update (October 2024)Windows Netlogon — Adjacent-Network Elevation of Privilege via DC Name ImpersonationMicrosoft Windows Server 20229.0
CRITICAL
KB5046616: Windows Server 2022 Security Update (November 2024)Windows Kerberos KDC Proxy (KPSSVC) — Unauthenticated RCE via Integer OverflowMicrosoft Windows Server 20229.8
CRITICAL
KB5073457: Windows Server 2022 Security Update (July 2025)SQLite (winsqlite3.dll) Memory Corruption — RCE via Crafted SQL AggregateMicrosoft Windows Server 20229.8
CRITICAL
KB5066782: Windows Server 2022 Security Update (October 2025)Microsoft Graphics Component Use-After-Free — Network-Reachable Elevation of Privilege (Exploited Zero-Day)Microsoft Windows Server 20229.9
CRITICAL
KB5087545: Windows Server 2022 Security Update (May 2026)Windows Hyper-V Use-After-Free — Guest-to-Host EscapeMicrosoft Windows Server 20229.3
CRITICAL
KB5049983: Windows Server 2022 Security Update (January 2025)Windows Reliable Multicast Transport Driver (RMCAST) Use-After-Free — Unauthenticated Network RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5062572: Windows Server 2022 Security Update (July 2025)SPNEGO NEGOEX Heap-Based Buffer Overflow — Wormable Unauthenticated RCE in LSASSMicrosoft Windows Server 20229.8
CRITICAL
KB5087541: Windows Server 2022 Security Update (May 2026)Windows DNS Client Heap-Based Buffer Overflow — Unauthenticated RCE via Malicious DNS ResponseMicrosoft Windows Server 20229.8
CRITICAL
KB5087545: Windows Server 2022 Security Update (May 2026)Windows Netlogon Stack-Based Buffer Overflow — Unauthenticated RCE on Domain ControllersMicrosoft Windows Server 20229.8
CRITICAL
KB5023705: Windows Server 2022 Security Update (March 2023)Windows HTTP Protocol Stack (http.sys) HTTP/3 Use-After-Free — Unauthenticated Kernel RCEMicrosoft Windows Server 20229.8
CRITICAL
KB5031364: Windows Server 2022 Security Update (October 2023)Windows IIS Server — Unauthenticated Authentication-Bypass Elevation of PrivilegeMicrosoft Windows Server 20229.8
CRITICAL
KB5017316: Windows Server 2022 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A companion vulnerability to CVE-2022-34721 in the same IKE / IPsec protocol extensions (September 2022 patch cycle))Microsoft Windows Server 20229.8
CRITICAL
KB5007205: Windows Server 2022 Security Update (November 2021)Windows Hyper-V VMBus — Remote Code ExecutionMicrosoft Windows Server 20229.0
CRITICAL
KB5063880: Windows Server 2022 Security Update (August 2025)Windows GDI+ Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 20229.8
CRITICAL
KB5032198: Windows Server 2022 Security Update (November 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A buffer over-read)Microsoft Windows Server 20229.8
CRITICAL
KB5012604: Windows Server 2022 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (A companion NFS RCE patched alongside CVE-2022-24491)Microsoft Windows Server 20229.8
CRITICAL
KB5017316: Windows Server 2022 Security Update (September 2022)Windows TCP/IP IPv6 Reassembly — Unauthenticated RCE on IPsec Hosts ("EvilESP")Microsoft Windows Server 20229.8
CRITICAL
KB5029250: Windows Server 2022 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated RCE (Companion to CVE-2023-36910)Microsoft Windows Server 20229.8
CRITICAL
KB5016627: Windows Server 2022 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 20229.8
CRITICAL
KB5023705: Windows Server 2022 Security Update (March 2023)Microsoft RPC Runtime — Integer-Underflow Unauthenticated RCEMicrosoft Windows Server 20229.8
HIGH
KB5082142: Windows Server 2022 Security Update (April 2026)Windows Remote Desktop Client — Remote Code Execution via Malicious RDP ServerMicrosoft Windows Server 20228.8
HIGH
KB5082142: Windows Server 2022 Security Update (April 2026)Windows TCP/IP IPv6 Race Condition — Wormable Unauthenticated RCE on IPsec HostsMicrosoft Windows Server 20228.1
HIGH
KB5082142: Windows Server 2022 Security Update (April 2026)Windows Shell Security Feature Bypass — Network Security Control EvasionMicrosoft Windows Server 20228.8
MEDIUM
KB5034129: Windows Server 2022 Security Update (January 2024)Windows BitLocker Security Feature Bypass — Encryption Bypass via Boot Manager / Recovery EnvironmentMicrosoft Windows Server 20226.6