Microsoft Windows Server 2022 Vulnerabilities
Fix Microsoft Windows Server 2022 on Windows Server
19 entries · Windows Server · Sorted by severity
Showing 1–19 of 19 results
| Severity | Title | CVSS | |||||
|---|---|---|---|---|---|---|---|
CRITICAL | KB5009555: Windows Server 2022 Security Update (January 2022)Windows HTTP Protocol Stack (http.sys) — Wormable Unauthenticated Kernel RCEMicrosoft Windows Server 2022 | CVE-2022-21907 | 9.8 | Public proof-of-concept code available (exploit-db, Core Security). Microsoft labelled the vulnerability "wormable". No confirmed in-the-wild worm at time of writing. | Reboot Required | Script | |
CRITICAL | KB5012604: Windows Server 2022 Security Update (April 2022)Windows RPC Runtime Library — Wormable Unauthenticated RCE on TCP 445Microsoft Windows Server 2022 | CVE-2022-26809 | 9.8 | Public proof-of-concept code available (websecnl/CVE-2022-26809 on GitHub). Microsoft classified the vulnerability as wormable. Shodan counted 700,000+ internet-exposed hosts at disclosure. | Reboot Required | Script | |
CRITICAL | KB5049984: Windows Server 2022 Security Update (January 2025)NTLMv1 Authentication Implementation Flaw — Remote Privilege EscalationMicrosoft Windows Server 2022 | CVE-2025-21311 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis exists; treat as imminently weaponisable. | Reboot Required | Script | |
CRITICAL | KB5025230: Windows Server 2022 Security Update (April 2023)Microsoft Message Queuing (MSMQ) "QueueJumper" — Unauthenticated RCEMicrosoft Windows Server 2022 | CVE-2023-21554 | 9.8 | Public technical analysis and proof-of-concept widely available since April 2023 (Check Point Research, IBM X-Force, Bitdefender). Over 360,000 internet-exposed MSMQ services were estimated at risk at disclosure. | Reboot Required | Script | |
CRITICAL | KB5041160: Windows Server 2022 Security Update (August 2024)Windows Line Printer Daemon (LPD) Service — Use-After-Free RCEMicrosoft Windows Server 2022 | CVE-2024-38199 | 9.8 | Microsoft assessed exploitation as "more likely". Public proof-of-concept research has been published. | Reboot Required | Script | |
CRITICAL | KB5063880: Windows Server 2022 Security Update (August 2025)Remote Desktop Server Missing Authorization — Network Spoofing for Credential TheftMicrosoft Windows Server 2022 | CVE-2025-50171 | 9.1 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5082142: Windows Server 2022 Security Update (April 2026)Windows IKE Service Extensions Double-Free — Unauthenticated RCE via Crafted IKEv2 PacketMicrosoft Windows Server 2022 | CVE-2026-33824 | 9.8 | No public proof-of-concept or in-the-wild exploitation at time of writing. Microsoft assessed as critical severity. | Reboot Required | Script | |
CRITICAL | KB5040437: Windows Server 2022 Security Update (July 2024)Remote Desktop Licensing Service — Unauthenticated Integer-Underflow RCEMicrosoft Windows Server 2022 | CVE-2024-38074 | 9.8 | Public technical analysis available ("MadLicense" research series). No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5040437: Windows Server 2022 Security Update (July 2024)Remote Desktop Licensing Service — Heap-Based Buffer Overflow RCEMicrosoft Windows Server 2022 | CVE-2024-38076 | 9.8 | Companion to CVE-2024-38074 in the "MadLicense" research series. No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5041160: Windows Server 2022 Security Update (August 2024)Windows Reliable Multicast Transport Driver (RMCAST) — Use-After-Free RCEMicrosoft Windows Server 2022 | CVE-2024-38140 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Closely related to CVE-2025-21307 in the same component. | Reboot Required | Script | |
CRITICAL | KB5046616: Windows Server 2022 Security Update (November 2024)Windows Kerberos KDC Proxy (KPSSVC) — Unauthenticated RCE via Integer OverflowMicrosoft Windows Server 2022 | CVE-2024-43639 | 9.8 | No confirmed in-the-wild exploitation at time of writing. ZDI published a technical analysis in March 2025. | Reboot Required | Script | |
CRITICAL | KB5073457: Windows Server 2022 Security Update (July 2025)SQLite (winsqlite3.dll) Memory Corruption — RCE via Crafted SQL AggregateMicrosoft Windows Server 2022 | CVE-2025-6965 | 9.8 | Discovered by Google's "Big Sleep" AI-assisted vulnerability research. Public proof-of-concept exists for upstream SQLite; in-the-wild exploitation not yet reported. | Reboot Required | Script | |
CRITICAL | KB5066782: Windows Server 2022 Security Update (October 2025)Microsoft Graphics Component Use-After-Free — Network-Reachable Elevation of Privilege (Exploited Zero-Day)Microsoft Windows Server 2022 | CVE-2025-49708 | 9.9 | Not currently listed in the CISA Known Exploited Vulnerabilities Catalogue. No confirmed in-the-wild exploitation of CVE-2025-49708 specifically at time of writing — though the same October 2025 patch cycle did include other Windows zero-days (CVE-2025-24990, CVE-2025-59230). Refer to the MSRC advisory and recent vendor research for current status. | Reboot Required | Script | |
CRITICAL | KB5087545: Windows Server 2022 Security Update (May 2026)Windows Hyper-V Use-After-Free — Guest-to-Host EscapeMicrosoft Windows Server 2022 | CVE-2026-40402 | 9.3 | No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5049983: Windows Server 2022 Security Update (January 2025)Windows Reliable Multicast Transport Driver (RMCAST) Use-After-Free — Unauthenticated Network RCEMicrosoft Windows Server 2022 | CVE-2025-21307 | 9.8 | Microsoft assessed exploitation as "more likely". No public proof-of-concept at time of writing. | Reboot Required | Script | |
CRITICAL | KB5062572: Windows Server 2022 Security Update (July 2025)SPNEGO NEGOEX Heap-Based Buffer Overflow — Wormable Unauthenticated RCE in LSASSMicrosoft Windows Server 2022 | CVE-2025-47981 | 9.8 | Microsoft assessed exploitation as "more likely" and described the flaw as wormable. Prioritise internet-facing systems and domain controllers. | Reboot Required | Script | |
CRITICAL | KB5063880: Windows Server 2022 Security Update (August 2025)Windows GDI+ Heap-Based Buffer Overflow — Unauthenticated RCE via Crafted MetafileMicrosoft Windows Server 2022 | CVE-2025-53766 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Public technical analysis from Check Point research is available. | Reboot Required | Script | |
CRITICAL | KB5087541: Windows Server 2022 Security Update (May 2026)Windows DNS Client Heap-Based Buffer Overflow — Unauthenticated RCE via Malicious DNS ResponseMicrosoft Windows Server 2022 | CVE-2026-41096 | 9.8 | Microsoft assessed exploitation as "more likely". No confirmed in-the-wild exploitation at time of writing. | Reboot Required | Script | |
CRITICAL | KB5087545: Windows Server 2022 Security Update (May 2026)Windows Netlogon Stack-Based Buffer Overflow — Unauthenticated RCE on Domain ControllersMicrosoft Windows Server 2022 | CVE-2026-41089 | 9.8 | No confirmed in-the-wild exploitation at time of writing. Patch every domain controller before any other system. | Reboot Required | Script |