CRITICAL🚩 CISA KEV⚡ EXPLOIT✓ PATCH🇵🇱 Wersja polska

CVE-2008-4250

CVSS 9.8v2.0pub. 2008-10-23upd. 2026-05-21

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Microsoft Windows 2000

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 2003

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Server 2008

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Vista

    OS
    Microsoft
    wszystkie wersje
  • Microsoft Windows Xp

    OS
    Microsoft
    wszystkie wersje

CISA KEV — detailsi

Vendori
Microsoft
Producti
Windows
Added to KEVi
May 20, 2026
Remediation deadline (US Federal)i
June 3, 2026(overdue)
Required action (CISA)i

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

CISA descriptioni

Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 czerwca 2026
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2020-1040CRITICAL9.0⚠ KEVten sam produkt

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...

CVE-2020-1350CRITICAL10.0⚠ KEVten sam produkt

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...

CVE-2020-0646CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...

CVE-2019-0708CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services wh...

CVE-2017-8543CRITICAL9.8⚠ KEVten sam produkt

Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, Windows Vista, Windows 7 SP1, Windows S...