Software Detail

Software Informaton Top

Operating Systems

Software Detail

Windows Server

Number Of NVD

5091

CRITICAL

122

HIGH

3461

MEDIUM

1438

LOW

URL	https://www.microsoft.com/
Explanation	Server products offered by Microsoft. For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support). You may need to deploy the latest updates to be eligible for support. For some products, the support organization may be less than 10 years. For consumer and multimedia products, five years of mainstream support at the supported Service Pack level. The above text is excerpted from Microsoft's Fixed Lifecycle Policy.
Tag	商用ライセンス有り Microsoft

Add Information URL

No	Type	Name	URL
1			https://support.microsoft.com//lifecycle/search
2			https://www.microsoft.com/ja-jp/cloud-platform/windows-server
3			https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy
4			https://docs.microsoft.com/ja-jp/windows-server/get-started/windows-server-release-info

List Of Product [ Click to show release history and vulnerability information ]

No	Name	Latest Version	Release date	Initial release	Normal Support	Security Support Service Pack Support	Extended for a fee	Critical	High	Medium	Low
4901	Windows Server 2022	21H2	Nov. 2, 2021	Nov. 2, 2021	Oct. 13, 2026		Oct. 14, 2031	53	1279	421	5
4902	Windows Server 2019	1809	Oct. 2, 2018	Nov. 13, 2018	Jan. 9, 2024		Jan. 9, 2029	94	2460	885	11
4903	Windows Server 2016	20H2	Oct. 20, 2020	Oct. 15, 2016	Jan. 11, 2022		Jan. 12, 2027	103	2553	1010	15
4904	Windows Server 2012		Oct. 30, 2012	Oct. 30, 2012	Oct. 9, 2018		Oct. 10, 2023	94	2178	911	50
4905	Windows Server 2008 R2（ Service Pack 1適用）			Feb. 22, 2011		Jan. 14, 2020		0	0	0	0
4906	Windows Server 2008（Service Pack 2適用）			April 29, 2009		Jan. 14, 2020		0	0	0	0
4907	Microsoft Windows Server 2003（Service Pack 2適用）			May 28, 2003	July 13, 2010		July 14, 2015	0	128	53	15
4908	Microsoft Windows Storage Server 2003			May 5, 2003	Oct. 11, 2011		Oct. 9, 2016	0	128	53	15
4909	Microsoft Windows 2000（Service Pack 4適用）			March 31, 2000	June 30, 2005		July 13, 2010	2	40	19	0

NVD Vulnerability Information

CRITICAL
HIGH
MEDIUM
LOW

No	CVSS3 CVSS2	Level Attach Vector	Title	CWE	CVE	cpe23Uri	Update date Published date	Show Affected	Exploit PoC Search
4901	- 7.2	HIGH	The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which a…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2008-2252	cpe:2.3:o:microsoft:windows_server_2008:-:* cpe:2.3:o:microsoft:windows_server_2008:-:* cpe:2.3:o:microsoft:windo…	2026-04-23 09:35 2008-10-15	Show	GitHub Exploit DB Packet Storm

4902	- 9.3	HIGH	gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Offi…	CWE-399 Resource Management Errors	CVE-2008-3013	cpe:2.3:o:microsoft:windows_server_2008:-:*	2026-04-23 09:35 2008-09-11	Show	GitHub Exploit DB Packet Storm

4903	- 9.3	HIGH	Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argum…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2008-3008	cpe:2.3:o:microsoft:windows_2003_server:-:sp2 cpe:2.3:o:microsoft:windows_2003_server:-:sp2 cpe:2.3:o:microsoft:w…	2026-04-23 09:35 2008-09-11	Show	GitHub Exploit DB Packet Storm

4904	- 5.4	MEDIUM	Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Mul…	CWE-20 Improper Input Validation	CVE-2008-1441	cpe:2.3:o:microsoft:windows_server_2008:-:* cpe:2.3:o:microsoft:windows_server_2008:-:* cpe:2.3:o:microsoft:windo…	2026-04-23 09:35 2008-06-12	Show	GitHub Exploit DB Packet Storm

4905	- 7.2	HIGH	The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a craf…	CWE-20 Improper Input Validation	CVE-2008-1451	cpe:2.3:o:microsoft:windows_2003_server:-:sp2 cpe:2.3:o:microsoft:windows_2003_server:-:sp1 cpe:2.3:o:microsoft:w…	2026-04-23 09:35 2008-06-12	Show	GitHub Exploit DB Packet Storm

4906	- 9.3	HIGH	Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in HRTBEAT.OCX allows remote attackers to execute arbitrary code via the Host argument to an unspecified method.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2007-6255	cpe:2.3:o:microsoft:windows_2000:-:sp4	2026-04-23 09:35 2008-04-23	Show	GitHub Exploit DB Packet Storm

4907	7.5 8.8	HIGH Network	The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.	CWE-330 Use of Insufficiently Random Values	CVE-2008-0087	cpe:2.3:o:microsoft:windows_2000:-:sp4	2026-04-23 09:35 2008-04-9	Show	GitHub Exploit DB Packet Storm

4908	8.1 9.3	HIGH Network	Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arb…	CWE-119 CWE-190 Incorrect Access of Indexable Resource ('Range Error') Integer Overflow or Wraparound	CVE-2008-1083	cpe:2.3:o:microsoft:windows_server_2008:-:* cpe:2.3:o:microsoft:windows_server_2008:-:*	2026-04-23 09:35 2008-04-9	Show	GitHub Exploit DB Packet Storm

4909	- 7.2	HIGH	Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vec…	CWE-94 Code Injection	CVE-2008-1084	cpe:2.3:o:microsoft:windows_server_2008:-:*	2026-04-23 09:35 2008-04-9	Show	GitHub Exploit DB Packet Storm

4910	- 6.8	MEDIUM	Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a…	CWE-20 Improper Input Validation	CVE-2008-0088	cpe:2.3:o:microsoft:windows_2003_server:sp2:* cpe:2.3:o:microsoft:windows_2003_server:sp1:*	2026-04-23 09:35 2008-02-13	Show	GitHub Exploit DB Packet Storm