U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:microsoft:windows_server_2016:1903:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,372 matching records.
Displaying matches 1,341 through 1,360.
Vuln ID Summary CVSS Severity
CVE-2017-0051

Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099.

Published: March 16, 2017; 8:59:01 PM -0400
V4.0:(not available)
V3.0: 5.4 MEDIUM
V2.0: 2.9 LOW
CVE-2017-0050

The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."

Published: March 16, 2017; 8:59:01 PM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-0043

Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."

Published: March 16, 2017; 8:59:01 PM -0400
V4.0:(not available)
V3.0: 5.3 MEDIUM
V2.0: 2.9 LOW
CVE-2017-0042

Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; Windows RT 8.1; Windows 7 SP1; Windows 2008 SP2 and R2 SP1, Windows Server 2016; Windows Vista SP2; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "Windows Media Player Information Disclosure Vulnerability."

Published: March 16, 2017; 8:59:01 PM -0400
V4.0:(not available)
V3.0: 3.1 LOW
V2.0: 2.6 LOW
CVE-2017-0026

The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-0025

The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047.

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-0024

The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082.

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-0022

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server 2016; and Windows Vista SP2 improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site, aka "Microsoft XML Information Disclosure Vulnerability."

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2017-0021

Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095.

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 9.0 CRITICAL
V2.0: 7.7 HIGH
CVE-2017-0016

Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability."

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 5.9 MEDIUM
V2.0: 7.1 HIGH
CVE-2017-0014

The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108.

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 7.5 HIGH
V2.0: 7.6 HIGH
CVE-2017-0007

Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows remote attackers to modify PowerShell script without invalidating associated signatures, aka "PowerShell Security Feature Bypass Vulnerability."

Published: March 16, 2017; 8:59:00 PM -0400
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2017-0038

gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process heap memory via a crafted EMF file, as demonstrated by an EMR_SETDIBITSTODEVICE record with modified Device Independent Bitmap (DIB) dimensions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3216, CVE-2016-3219, and/or CVE-2016-3220.

Published: February 20, 2017; 11:59:00 AM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-7274

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."

Published: December 20, 2016; 1:59:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-7273

The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."

Published: December 20, 2016; 1:59:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-7272

The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."

Published: December 20, 2016; 1:59:00 AM -0500
V4.0:(not available)
V3.0: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-7271

The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafted application, aka "Secure Kernel Mode Elevation of Privilege Vulnerability."

Published: December 20, 2016; 1:59:00 AM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2016-7260

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Published: December 20, 2016; 1:59:00 AM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-7259

The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Published: December 20, 2016; 1:59:00 AM -0500
V4.0:(not available)
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2016-7258

The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 mishandles page-fault system calls, which allows local users to obtain sensitive information from arbitrary processes via a crafted application, aka "Windows Kernel Memory Address Information Disclosure Vulnerability."

Published: December 20, 2016; 1:59:00 AM -0500
V4.0:(not available)
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW