Vulnerabilities > Microsoft > Windows Server 2012

DATE CVE VULNERABILITY TITLE RISK
2016-07-13 CVE-2016-3251 Information Exposure vulnerability in Microsoft products
The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
2.8
2016-07-13 CVE-2016-3250 Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 10 and Windows Server 2012
The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.3
2016-07-13 CVE-2016-3249 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3252, CVE-2016-3254, and CVE-2016-3286.
local
low complexity
microsoft CWE-264
7.3
2016-07-13 CVE-2016-3239 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka "Windows Print Spooler Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-264
7.8
2016-07-13 CVE-2016-3238 7PK - Security Features vulnerability in Microsoft products
The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows man-in-the-middle attackers to execute arbitrary code by providing a crafted print driver during printer installation, aka "Windows Print Spooler Remote Code Execution Vulnerability."
network
high complexity
microsoft CWE-254
8.1
2016-06-16 CVE-2016-3236 Data Processing Errors vulnerability in Microsoft products
The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-19
critical
9.8
2016-06-16 CVE-2016-3232 Information Exposure vulnerability in Microsoft Windows Server 2012 R2
The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
5.0
2016-06-16 CVE-2016-3230 Improper Input Validation vulnerability in Microsoft products
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."
local
low complexity
microsoft CWE-20
5.0
2016-06-16 CVE-2016-3228 Improper Input Validation vulnerability in Microsoft Windows Server 2008 and Windows Server 2012
Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."
network
low complexity
microsoft CWE-20
8.8
2016-06-16 CVE-2016-3227 Unspecified vulnerability in Microsoft Windows Server 2012 R2
Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability."
network
low complexity
microsoft
critical
9.8