📦

windows_server_2008

Vendor: microsoft

Login to add this product to WatchStack
Actively Exploited 141 CISA KEV List
PoC / Exploits 454 Code Available
Total RCEs 810 Remote Access
Total CVEs 16698 Total Indexed
Avg. EPSS 8.39% Exploit Prob.
Latest CVE CVE-2026-20940 Jan 13

Security Vulnerability Index

Page 9 / 1670
7.0 CVSS
CVE-2025-55678

Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally.

EPSS: 0.27%
7.4 CVSS
CVE-2025-55335

Use after free in Windows NTFS allows an unauthorized attacker to elevate privileges locally.

EPSS: 0.24%
7.8 CVSS
CVE-2025-24990
Exploit Found

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

EPSS: 5.79%
7.8 CVSS
CVE-2025-24052

Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update. Fax modem hardware dependent on this specific driver will no longer work on Windows. Microsoft recommends removing any existing dependencies on this hardware.

EPSS: 2.31%
8.8 CVSS
CVE-2025-55234
Exploit Found

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks: Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server Hardening—SMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures.

EPSS: 18.83%
6.7 CVSS
CVE-2025-55226

Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.

EPSS: 0.45%
6.5 CVSS
CVE-2025-55225

Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.

EPSS: 1.14%
8.8 CVSS
CVE-2025-54918
Exploit Found

Improper authentication in Windows NTLM allows an authorized attacker to elevate privileges over a network.

EPSS: 18.71%
4.3 CVSS
CVE-2025-54917

Protection mechanism failure in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.

EPSS: 0.85%
7.8 CVSS
CVE-2025-54916

Stack-based buffer overflow in Windows NTFS allows an authorized attacker to execute code locally.

EPSS: 2.16%