| Windows Server | Number Of NVD | 5091 | CRITICAL | 122 | HIGH | 3461 | MEDIUM | 1438 | LOW | 70 |
| URL | https://www.microsoft.com/ | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Explanation | Server products offered by Microsoft. For business, developer, and desktop operating system products, 10 years of support at the supported Service Pack level (with a minimum of 5 years of mainstream support, followed by a minimum of 5 years of extended support). You may need to deploy the latest updates to be eligible for support. For some products, the support organization may be less than 10 years. For consumer and multimedia products, five years of mainstream support at the supported Service Pack level. The above text is excerpted from Microsoft's Fixed Lifecycle Policy. |
||||||||
| Tag | |||||||||
| No | Type | Name | URL |
|---|---|---|---|
| 1 | https://support.microsoft.com//lifecycle/search | ||
| 2 | https://www.microsoft.com/ja-jp/cloud-platform/windows-server | ||
| 3 | https://support.microsoft.com/ja-jp/hub/4095338/microsoft-lifecycle-policy | ||
| 4 | https://docs.microsoft.com/ja-jp/windows-server/get-started/windows-server-release-info |
| No | Name | Latest Version | Release date | Initial release | Normal Support | Security Support Service Pack Support |
Extended for a fee |
Critical | High | Medium | Low |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 81 | Windows Server 2022 | 21H2 | Nov. 2, 2021 | Nov. 2, 2021 | Oct. 13, 2026 | Oct. 14, 2031 | 53 | 1279 | 421 | 5 | |
| 82 | Windows Server 2019 | 1809 | Oct. 2, 2018 | Nov. 13, 2018 | Jan. 9, 2024 | Jan. 9, 2029 | 94 | 2460 | 885 | 11 | |
| 83 | Windows Server 2016 | 20H2 | Oct. 20, 2020 | Oct. 15, 2016 | Jan. 11, 2022 | Jan. 12, 2027 | 103 | 2553 | 1010 | 15 | |
| 84 | Windows Server 2012 | Oct. 30, 2012 | Oct. 30, 2012 | Oct. 9, 2018 | Oct. 10, 2023 | 94 | 2178 | 911 | 50 | ||
| 85 | Windows Server 2008 R2( Service Pack 1適用) | Feb. 22, 2011 | Jan. 14, 2020 | 0 | 0 | 0 | 0 | ||||
| 86 | Windows Server 2008(Service Pack 2適用) | April 29, 2009 | Jan. 14, 2020 | 0 | 0 | 0 | 0 | ||||
| 87 | Microsoft Windows Server 2003(Service Pack 2適用) | May 28, 2003 | July 13, 2010 | July 14, 2015 | 0 | 128 | 53 | 15 | |||
| 88 | Microsoft Windows Storage Server 2003 | May 5, 2003 | Oct. 11, 2011 | Oct. 9, 2016 | 0 | 128 | 53 | 15 | |||
| 89 | Microsoft Windows 2000(Service Pack 4適用) | March 31, 2000 | June 30, 2005 | July 13, 2010 | 2 | 40 | 19 | 0 |
| No | CVSS3 CVSS2 |
Level Attach Vector |
Title | CWE | CVE | cpe23Uri | or higher | or less | more than | less than | Update date Published date |
Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 81 |
7.8 - |
HIGH
Local |
Access of resource using incompatible type ('type confusion') in Windows OLE allows an authorized attacker to elevate privileges locally. |
CWE-843
Type Confusion |
CVE-2026-26162 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 04:31 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 82 |
7.8 - |
HIGH
Local |
Untrusted pointer dereference in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally. |
CWE-20 CWE-822 Improper Input Validation Untrusted Pointer Dereference |
CVE-2026-26161 | cpe:2.3:o:microsoft:windows_server_2019:*:* | 10.0.17763.8644 |
2026-04-25 04:32 2026-04-15 |
Show | GitHub Exploit DB Packet Storm | |||
| 83 |
7.8 - |
HIGH
Local |
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. |
CWE-306
Missing Authentication for Critical Function |
CVE-2026-26160 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 04:53 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 84 |
7.8 - |
HIGH
Local |
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally. |
CWE-306
Missing Authentication for Critical Function |
CVE-2026-26159 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 04:54 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 85 |
7.8 - |
HIGH
Local |
Heap-based buffer overflow in Windows Hyper-V allows an unauthorized attacker to execute code locally. |
CWE-20 CWE-122 CWE-125 Improper Input Validation Heap-based Buffer Overflow Out-of-bounds Read |
CVE-2026-26156 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 05:00 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 86 |
6.5 - |
MEDIUM
Network |
Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability |
CWE-126
Buffer Over-read |
CVE-2026-26155 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 05:02 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 87 |
7.5 - |
HIGH
Network |
Improper input validation in Windows Server Update Service allows an unauthorized attacker to perform tampering over a network. |
CWE-20
Improper Input Validation |
CVE-2026-26154 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 05:02 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 88 |
7.8 - |
HIGH
Local |
Out-of-bounds read in Windows Encrypting File System (EFS) allows an authorized attacker to elevate privileges locally. |
CWE-125
Out-of-bounds Read |
CVE-2026-26153 | cpe:2.3:o:microsoft:windows_server_2019:*:* | 10.0.17763.8644 |
2026-04-25 05:03 2026-04-15 |
Show | GitHub Exploit DB Packet Storm | |||
| 89 |
7.0 - |
HIGH
Local |
Insecure storage of sensitive information in Windows Cryptographic Services allows an authorized attacker to elevate privileges locally. |
CWE-922
Insecure Storage of Sensitive Information |
CVE-2026-26152 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 05:05 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |
| 90 |
7.1 - |
HIGH
Network |
Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. |
CWE-357
Insufficient UI Warning of Dangerous Operations |
CVE-2026-26151 |
cpe:2.3:o:microsoft:windows_server_2019:*:* cpe:2.3:o:microsoft:windows_server_2016:*:* cpe:2.3:o:microsoft:windo… |
|
|
|
10.0.17763.8644 10.0.14393.9060 |
2026-04-25 05:06 2026-04-15 |
Show | GitHub Exploit DB Packet Storm |