Primary

Context

Microsoft Windows Server Update Service Improper Input Validation Vulnerability Allowing Network Tampering

Vulnerability

A vulnerability exists in Windows Server Update Service due to improper input validation, which allows an unauthorized attacker to tamper with data over the network. This issue affects multiple versions of Windows Server, including 2012 R2, 2016, 2019, 2022, and 2025, as well as the 2022 23H2 edition and the Server Core installations of these versions.

Impact

Exploitation of this vulnerability could lead to unauthorized tampering with data over the network, potentially causing a denial-of-service condition by disrupting the availability of the update service.

Remediation

Users can download the security update for this vulnerability through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5082126, KB5082127, KB5082198, KB5082063, KB5082142, and KB5082123.

Added: Apr 14, 2026, 10:55 PM

Updated: Apr 14, 2026, 10:55 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

5.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Windows Server Update Service Improper Input Validation Vulnerability Allowing Network Tampering

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating