Microsoft Windows Server 2022 Vulnerabilities
Fix Microsoft Windows Server 2022 on Windows Server
63 entries · Windows Server · Sorted by severity
Showing 1–63 of 63 results
| Severity | Title | CVSS | |||||
|---|---|---|---|---|---|---|---|
CRITICAL | KB5009555: Windows Server 2022 Security Update (January 2022)Windows HTTP Protocol Stack (http.sys) — Wormable Unauthenticated Kernel RCEMicrosoft Windows Server 2022 | CVE-2022-21907 | 9.8 | Public proof-of-concept code available (exploit-db, Core Security). Microsoft labelled the vulnerability "wormable". No confirmed in-the-wild worm at time of writing. | Reboot Required | Script | |
CRITICAL | KB5012604: Windows Server 2022 Security Update (April 2022)Windows RPC Runtime Library — Wormable Unauthenticated RCE on TCP 445Microsoft Windows Server 2022 | CVE-2022-26809 | 9.8 | Public proof-of-concept code available (websecnl/CVE-2022-26809 on GitHub). Microsoft classified the vulnerability as wormable. Shodan counted 700,000+ internet-exposed hosts at disclosure. | Reboot Required | Script | |
CRITICAL | KB5049984: Windows Server 2022 Security Update (January 2025)NTLMv1 Authentication Implementation Flaw — Remote Privilege EscalationMicrosoft Windows Server 2022 | CVE-2025-21311 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis exists; treat as imminently weaponisable. | Reboot Required | Script | |
CRITICAL | KB5025230: Windows Server 2022 Security Update (April 2023)Microsoft Message Queuing (MSMQ) "QueueJumper" — Unauthenticated RCEMicrosoft Windows Server 2022 | CVE-2023-21554 | 9.8 | Public technical analysis and proof-of-concept widely available since April 2023 (Check Point Research, IBM X-Force, Bitdefender). Over 360,000 internet-exposed MSMQ services were estimated at risk at disclosure. | Reboot Required | Script | |
CRITICAL | KB5041160: Windows Server 2022 Security Update (August 2024)Windows Line Printer Daemon (LPD) Service — Use-After-Free RCEMicrosoft Windows Server 2022 | CVE-2024-38199 | 9.8 | Microsoft assessed exploitation as "more likely". Public proof-of-concept research has been published. | Reboot Required | Script | |
CRITICAL | KB5063880: Windows Server 2022 Security Update (August 2025)Remote Desktop Server Missing Authorization — Network Spoofing for Credential TheftMicrosoft Windows Server 2022 | CVE-2025-50171 | 9.1 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5082142: Windows Server 2022 Security Update (April 2026)Windows IKE Service Extensions Double-Free — Unauthenticated RCE via Crafted IKEv2 PacketMicrosoft Windows Server 2022 | CVE-2026-33824 | 9.8 | No public proof-of-concept or in-the-wild exploitation at time of writing. Microsoft assessed as critical severity. | Reboot Required | Script | |
CRITICAL | KB5009555: Windows Server 2022 Security Update (January 2022)Windows Hyper-V — Guest-VM Adjacent-Network Elevation of PrivilegeMicrosoft Windows Server 2022 | CVE-2022-21901 | 9.0 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5012604: Windows Server 2022 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (An NFS protocol parsing flaw)Microsoft Windows Server 2022 | CVE-2022-24491 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-24491 specifically. | Reboot Required | Script | |
CRITICAL | KB5013944: Windows Server 2022 Security Update (May 2022)Windows Network File System (NFS) — Unauthenticated RCE (A stack buffer overflow in NLM Portmap handling — GETADDR RPC response is crafted by the attacker)Microsoft Windows Server 2022 | CVE-2022-26937 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-26937 specifically. | Reboot Required | Script | |
CRITICAL | KB5013944: Windows Server 2022 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 2022 | CVE-2022-22012 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Exploit conditions are narrow (non-default MaxReceiveBuffer). | Reboot Required | Script | |
CRITICAL | KB5022842: Windows Server 2022 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Unauthenticated RCEMicrosoft Windows Server 2022 | CVE-2023-21690 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Companion CVE to CVE-2023-21689 and CVE-2023-21692 in the same patch cycle. | Reboot Required | Script | |
CRITICAL | KB5016627: Windows Server 2022 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 2022 | CVE-2022-35744 | 9.8 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5022842: Windows Server 2022 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2022 | CVE-2023-21689 | 9.8 | No confirmed in-the-wild exploitation at time of writing. One of three companion PEAP RCEs (CVE-2023-21689, -21690, -21692) patched together in February 2023. | Reboot Required | Script | |
CRITICAL | KB5022842: Windows Server 2022 Security Update (February 2023)Microsoft PEAP (Protected Extensible Authentication Protocol) — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2022 | CVE-2023-21692 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Companion CVE to CVE-2023-21689 and CVE-2023-21690 in the same patch cycle. | Reboot Required | Script | |
CRITICAL | KB5023705: Windows Server 2022 Security Update (March 2023)Windows ICMP Protocol Stack — Heap-Based Buffer Overflow Unauthenticated Kernel RCEMicrosoft Windows Server 2022 | CVE-2023-23415 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis available; classification of "low complexity" makes exploit development tractable. | Reboot Required | Script | |
CRITICAL | KB5025230: Windows Server 2022 Security Update (April 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 2022 | CVE-2023-28250 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5027225: Windows Server 2022 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An integer-underflow input-validation flaw)Microsoft Windows Server 2022 | CVE-2023-32014 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5027225: Windows Server 2022 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (An input-validation flaw)Microsoft Windows Server 2022 | CVE-2023-32015 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5028171: Windows Server 2022 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#1 of 3 in July 2023)Microsoft Windows Server 2022 | CVE-2023-35365 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RRAS servers are typically internet-exposed by design (VPN endpoints, DirectAccess), making them high-value targets even without a public PoC. | Reboot Required | Script | |
CRITICAL | KB5029250: Windows Server 2022 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2022 | CVE-2023-35385 | 9.8 | No confirmed in-the-wild exploitation at time of writing. MSMQ has been the focus of a sustained vulnerability-research effort following QueueJumper (CVE-2023-21554) — multiple companion RCEs have been disclosed in the same family. | Reboot Required | Script | |
CRITICAL | KB5034272: Windows Server 2022 Security Update (January 2024).NET / Visual Studio X.509 Chain-Building Bug — Authentication Bypass via Malformed SignatureMicrosoft Windows Server 2022 | CVE-2024-0057 | 9.1 | No confirmed in-the-wild exploitation at time of writing. Public Microsoft advisory. | Reboot Required | Script | |
CRITICAL | KB5013944: Windows Server 2022 Security Update (May 2022)Windows LDAP — Remote Code Execution (Requires Non-Default MaxReceiveBuffer)Microsoft Windows Server 2022 | CVE-2022-29130 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Exploit conditions are narrow (non-default MaxReceiveBuffer). | Reboot Required | Script | |
CRITICAL | KB5009555: Windows Server 2022 Security Update (January 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A stack-based buffer overflow in the ISAKMP VendorID payload handler (the 10-byte buffer is overflowed when a longer VendorID is sent))Microsoft Windows Server 2022 | CVE-2022-21849 | 9.8 | Public proof-of-concept research available (micropatches and PoCs published). No confirmed in-the-wild exploitation for this specific CVE at time of writing. | Reboot Required | Script | |
CRITICAL | KB5016627: Windows Server 2022 Security Update (August 2022)Windows Network File System (NFS) — Unauthenticated RCE (An NFSv4.1 ACL field-validation bug — incorrect ACE_Count handling under-allocates the response buffer (Server 2022 only))Microsoft Windows Server 2022 | CVE-2022-34715 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-34715 specifically. | Reboot Required | Script | |
CRITICAL | KB5017316: Windows Server 2022 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A flaw in how IKE / IPsec processes crafted IP packets when IKE and AuthIP IPsec Keying Modules are active)Microsoft Windows Server 2022 | CVE-2022-34721 | 9.8 | Public proof-of-concept research available (micropatches and PoCs published). In-the-wild exploitation has been reported. | Reboot Required | Script | |
CRITICAL | KB5029250: Windows Server 2022 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Integer-Overflow RCEMicrosoft Windows Server 2022 | CVE-2023-36910 | 9.8 | Public Automox worklet for mitigation. No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5068787: Windows Server 2022 Security Update (November 2025)Windows GDI+ (gdiplus.dll) Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2022 | CVE-2025-60724 | 9.8 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation, but the attack surface (Print Spooler accepting metafiles over RPC) is unauthenticated and the flaw is rated CVSS 9.8. | Reboot Required | Script | |
CRITICAL | KB5026370: Windows Server 2022 Security Update (May 2023)Windows Network File System (NFS) — Unauthenticated RCE in NFSv4.1 utf8string ParsingMicrosoft Windows Server 2022 | CVE-2023-24941 | 9.8 | Public technical analysis by Trend Micro and ZDI. No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5026370: Windows Server 2022 Security Update (May 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 2022 | CVE-2023-24943 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5027225: Windows Server 2022 Security Update (June 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A heap-based buffer overflow)Microsoft Windows Server 2022 | CVE-2023-29363 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5028171: Windows Server 2022 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#2 of 3 in July 2023)Microsoft Windows Server 2022 | CVE-2023-35366 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RRAS servers are typically internet-exposed by design (VPN endpoints, DirectAccess), making them high-value targets even without a public PoC. | Reboot Required | Script | |
CRITICAL | KB5028171: Windows Server 2022 Security Update (July 2023)Windows Routing and Remote Access Service (RRAS) — Unauthenticated Network RCE (#3 of 3 in July 2023)Microsoft Windows Server 2022 | CVE-2023-35367 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RRAS servers are typically internet-exposed by design (VPN endpoints, DirectAccess), making them high-value targets even without a public PoC. | Reboot Required | Script | |
CRITICAL | KB5028171: Windows Server 2022 Security Update (July 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2022 | CVE-2023-32057 | 9.8 | No confirmed in-the-wild exploitation at time of writing. MSMQ has been the focus of a sustained vulnerability-research effort following QueueJumper (CVE-2023-21554) — multiple companion RCEs have been disclosed in the same family. | Reboot Required | Script | |
CRITICAL | KB5031364: Windows Server 2022 Security Update (October 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated Network RCEMicrosoft Windows Server 2022 | CVE-2023-35349 | 9.8 | No confirmed in-the-wild exploitation at time of writing. MSMQ has been the focus of a sustained vulnerability-research effort following QueueJumper (CVE-2023-21554) — multiple companion RCEs have been disclosed in the same family. | Reboot Required | Script | |
CRITICAL | KB5032198: Windows Server 2022 Security Update (November 2023)Microsoft PEAP — Heap-Based Buffer Overflow RCE (November 2023)Microsoft Windows Server 2022 | CVE-2023-36028 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Companion to the February 2023 PEAP CVEs (CVE-2023-21689/-21690/-21692) in the same component family. | Reboot Required | Script | |
CRITICAL | KB5040437: Windows Server 2022 Security Update (July 2024)Remote Desktop Licensing Service — Unauthenticated Integer-Underflow RCEMicrosoft Windows Server 2022 | CVE-2024-38074 | 9.8 | Public technical analysis available ("MadLicense" research series). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5040437: Windows Server 2022 Security Update (July 2024)Remote Desktop Licensing Service — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2022 | CVE-2024-38076 | 9.8 | Companion to CVE-2024-38074 in the "MadLicense" research series. No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5041160: Windows Server 2022 Security Update (August 2024)Windows Reliable Multicast Transport Driver (RMCAST) — Use-After-Free RCEMicrosoft Windows Server 2022 | CVE-2024-38140 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Closely related to CVE-2025-21307 in the same component. | Reboot Required | Script | |
CRITICAL | KB5044281: Windows Server 2022 Security Update (October 2024)Windows Netlogon — Adjacent-Network Elevation of Privilege via DC Name ImpersonationMicrosoft Windows Server 2022 | CVE-2024-38124 | 9.0 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5046616: Windows Server 2022 Security Update (November 2024)Windows Kerberos KDC Proxy (KPSSVC) — Unauthenticated RCE via Integer OverflowMicrosoft Windows Server 2022 | CVE-2024-43639 | 9.8 | No confirmed in-the-wild exploitation at time of writing. ZDI published a technical analysis in March 2025. | Reboot Required | Script | |
CRITICAL | KB5073457: Windows Server 2022 Security Update (July 2025)SQLite (winsqlite3.dll) Memory Corruption — RCE via Crafted SQL AggregateMicrosoft Windows Server 2022 | CVE-2025-6965 | 9.8 | Discovered by Google's "Big Sleep" AI-assisted vulnerability research. Public proof-of-concept exists for upstream SQLite; in-the-wild exploitation not yet reported. | Reboot Required | Script | |
CRITICAL | KB5066782: Windows Server 2022 Security Update (October 2025)Microsoft Graphics Component Use-After-Free — Network-Reachable Elevation of Privilege (Exploited Zero-Day)Microsoft Windows Server 2022 | CVE-2025-49708 | 9.9 | Not currently listed in the CISA Known Exploited Vulnerabilities Catalogue. No confirmed in-the-wild exploitation of CVE-2025-49708 specifically at time of writing — though the same October 2025 patch cycle did include other Windows zero-days (CVE-2025-24990, CVE-2025-59230). Refer to the MSRC advisory and recent vendor research for current status. | Reboot Required | Script | |
CRITICAL | KB5087545: Windows Server 2022 Security Update (May 2026)Windows Hyper-V Use-After-Free — Guest-to-Host EscapeMicrosoft Windows Server 2022 | CVE-2026-40402 | 9.3 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5049983: Windows Server 2022 Security Update (January 2025)Windows Reliable Multicast Transport Driver (RMCAST) Use-After-Free — Unauthenticated Network RCEMicrosoft Windows Server 2022 | CVE-2025-21307 | 9.8 | Microsoft assessed exploitation as "more likely". No public proof-of-concept at time of writing. | Reboot Required | Script | |
CRITICAL | KB5062572: Windows Server 2022 Security Update (July 2025)SPNEGO NEGOEX Heap-Based Buffer Overflow — Wormable Unauthenticated RCE in LSASSMicrosoft Windows Server 2022 | CVE-2025-47981 | 9.8 | Microsoft assessed exploitation as "more likely" and described the flaw as wormable. Prioritise internet-facing systems and domain controllers. | Reboot Required | Script | |
CRITICAL | KB5087541: Windows Server 2022 Security Update (May 2026)Windows DNS Client Heap-Based Buffer Overflow — Unauthenticated RCE via Malicious DNS ResponseMicrosoft Windows Server 2022 | CVE-2026-41096 | 9.8 | Microsoft assessed exploitation as "more likely". No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5087545: Windows Server 2022 Security Update (May 2026)Windows Netlogon Stack-Based Buffer Overflow — Unauthenticated RCE on Domain ControllersMicrosoft Windows Server 2022 | CVE-2026-41089 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Patch every domain controller before any other system. | Reboot Required | Script | |
CRITICAL | KB5023705: Windows Server 2022 Security Update (March 2023)Windows HTTP Protocol Stack (http.sys) HTTP/3 Use-After-Free — Unauthenticated Kernel RCEMicrosoft Windows Server 2022 | CVE-2023-23392 | 9.8 | No confirmed in-the-wild exploitation at time of writing. HTTP/3 is not enabled by default in Windows Server 2022 — exposure is bounded by EnableHttp3 registry settings. | Reboot Required | Script | |
CRITICAL | KB5031364: Windows Server 2022 Security Update (October 2023)Windows IIS Server — Unauthenticated Authentication-Bypass Elevation of PrivilegeMicrosoft Windows Server 2022 | CVE-2023-36434 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Highlighted by Arctic Wolf as one of the two critical CVEs in the October 2023 Patch Tuesday. | Reboot Required | Script | |
CRITICAL | KB5017316: Windows Server 2022 Security Update (September 2022)Windows IKE Protocol Extensions — Unauthenticated RCE (A companion vulnerability to CVE-2022-34721 in the same IKE / IPsec protocol extensions (September 2022 patch cycle))Microsoft Windows Server 2022 | CVE-2022-34722 | 9.8 | Public proof-of-concept research available (micropatches and PoCs published). No confirmed in-the-wild exploitation for this specific CVE at time of writing. | Reboot Required | Script | |
CRITICAL | KB5007205: Windows Server 2022 Security Update (November 2021)Windows Hyper-V VMBus — Remote Code ExecutionMicrosoft Windows Server 2022 | CVE-2021-26443 | 9.0 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5063880: Windows Server 2022 Security Update (August 2025)Windows GDI+ Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2022 | CVE-2025-53766 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis from Check Point research is available. | Reboot Required | Script | |
CRITICAL | KB5032198: Windows Server 2022 Security Update (November 2023)Windows Pragmatic General Multicast (PGM) — Unauthenticated RCE (A buffer over-read)Microsoft Windows Server 2022 | CVE-2023-36397 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Part of a series of PGM RCEs (CVE-2023-24943, -28250, -29363, -32014, -32015, -36397) — exploit research transferable across the set. | Reboot Required | Script | |
CRITICAL | KB5012604: Windows Server 2022 Security Update (April 2022)Windows Network File System (NFS) — Unauthenticated RCE (A companion NFS RCE patched alongside CVE-2022-24491)Microsoft Windows Server 2022 | CVE-2022-24497 | 9.8 | Public PoC and analysis available (ZDI, Trend Micro, fortra). No confirmed in-the-wild exploitation at time of writing for CVE-2022-24497 specifically. | Reboot Required | Script | |
CRITICAL | KB5017316: Windows Server 2022 Security Update (September 2022)Windows TCP/IP IPv6 Reassembly — Unauthenticated RCE on IPsec Hosts ("EvilESP")Microsoft Windows Server 2022 | CVE-2022-34718 | 9.8 | Public technical analysis from IBM X-Force ("EvilESP"). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5029250: Windows Server 2022 Security Update (August 2023)Microsoft Message Queuing (MSMQ) — Unauthenticated RCE (Companion to CVE-2023-36910)Microsoft Windows Server 2022 | CVE-2023-36911 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Patched together with CVE-2023-36910 in August 2023. | Reboot Required | Script | |
CRITICAL | KB5016627: Windows Server 2022 Security Update (August 2022)Windows Point-to-Point Protocol (PPP) — Unauthenticated Network RCE on RRAS ServersMicrosoft Windows Server 2022 | CVE-2022-30133 | 9.8 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5023705: Windows Server 2022 Security Update (March 2023)Microsoft RPC Runtime — Integer-Underflow Unauthenticated RCEMicrosoft Windows Server 2022 | CVE-2023-21708 | 9.8 | No confirmed in-the-wild exploitation at time of writing. RPC RCEs in this class historically draw rapid exploit development. | Reboot Required | Script | |
HIGH | KB5082142: Windows Server 2022 Security Update (April 2026)Windows Remote Desktop Client — Remote Code Execution via Malicious RDP ServerMicrosoft Windows Server 2022 | CVE-2026-32157 | 8.8 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation. Exploitation requires the victim to initiate an RDP connection to attacker-controlled infrastructure. | Reboot Required | Script | |
HIGH | KB5082142: Windows Server 2022 Security Update (April 2026)Windows TCP/IP IPv6 Race Condition — Wormable Unauthenticated RCE on IPsec HostsMicrosoft Windows Server 2022 | CVE-2026-33827 | 8.1 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation. Microsoft rates it Critical and notes it is wormable on systems with IPv6 and IPsec enabled; the high attack complexity (winning a race) is the main barrier. | Reboot Required | Script | |
HIGH | KB5082142: Windows Server 2022 Security Update (April 2026)Windows Shell Security Feature Bypass — Network Security Control EvasionMicrosoft Windows Server 2022 | CVE-2026-32225 | 8.8 | Not in the CISA KEV catalogue at time of writing. No confirmed in-the-wild exploitation. Security-feature bypasses are typically used as one link in a multi-step attack chain rather than as a standalone exploit. | Reboot Required | Script | |
MEDIUM | KB5034129: Windows Server 2022 Security Update (January 2024)Windows BitLocker Security Feature Bypass — Encryption Bypass via Boot Manager / Recovery EnvironmentMicrosoft Windows Server 2022 | CVE-2024-20666 | 6.6 | Not in the CISA KEV catalogue at time of writing. Requires physical access to the device, which bounds the practical risk to lost/stolen/seized hardware and insider scenarios. | Reboot Required | Script |