Vulnerabilities > Microsoft > Windows Server 2012 > High

DATE CVE VULNERABILITY TITLE RISK
2016-04-12 CVE-2016-0145 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products
The font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold and 1511; Office 2007 SP3 and 2010 SP2; Word Viewer; .NET Framework 3.0 SP2, 3.5, and 3.5.1; Skype for Business 2016; Lync 2010; Lync 2010 Attendee; Lync 2013 SP1; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability."
network
low complexity
microsoft CWE-119
8.8
2016-04-12 CVE-2016-0143 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167.
local
low complexity
microsoft CWE-264
7.8
2016-04-12 CVE-2016-0090 Information Exposure vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
7.1
2016-04-12 CVE-2016-0089 Information Exposure vulnerability in Microsoft Windows 10, Windows 8.1 and Windows Server 2012
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
7.1
2016-03-09 CVE-2016-0121 Improper Input Validation vulnerability in Microsoft products
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
network
low complexity
microsoft CWE-20
8.8
2016-03-09 CVE-2016-0117 Improper Input Validation vulnerability in Microsoft products
The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability."
local
low complexity
microsoft CWE-20
7.8
2016-03-09 CVE-2016-0101 Improper Input Validation vulnerability in Microsoft products
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."
network
low complexity
microsoft CWE-20
8.8
2016-03-09 CVE-2016-0099 Classic Buffer Overflow vulnerability in Microsoft products
The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
local
low complexity
microsoft CWE-120
7.8
2016-03-09 CVE-2016-0098 Improper Input Validation vulnerability in Microsoft products
Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 allow remote attackers to execute arbitrary code via crafted media content, aka "Windows Media Parsing Remote Code Execution Vulnerability."
network
low complexity
microsoft CWE-20
8.8
2016-03-09 CVE-2016-0096 Permissions, Privileges, and Access Controls vulnerability in Microsoft products
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095.
local
low complexity
microsoft CWE-264
7.8