KB5082063: Windows Server 2025 Security Update (April 2026)

🗓️ 14 Apr 2026 00:00:00Reported by TenableType

Windows Server 2025 is missing security update 5082063, exposing three remote vulnerabilities.

Reporter	Title	Published	Views	Family All 1541
GithubExploit	Exploit for Race Condition in Microsoft	22 Apr 202612:13	–	githubexploit
GithubExploit	Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft	5 Jun 202612:14	–	githubexploit
GithubExploit	Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft	5 Jun 202614:25	–	githubexploit
GithubExploit	Exploit for CVE-2026-33824	16 Apr 202614:01	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Microsoft	7 May 202601:44	–	githubexploit
GithubExploit	Exploit for Double Free in Microsoft	18 May 202613:44	–	githubexploit
GithubExploit	Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft	4 Jun 202601:52	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Microsoft	27 Apr 202613:32	–	githubexploit
GithubExploit	Exploit for Improper Input Validation in Microsoft	22 Apr 202612:35	–	githubexploit
GithubExploit	Exploit for Double Free in Microsoft	5 Jun 202605:53	–	githubexploit

Source	Link
support	www.support.microsoft.com/help/5082063
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.

#
# The descriptive text and package checks in this plugin were
# extracted from the Microsoft Security Updates API. The text
# itself is copyright (C) Microsoft Corporation.
##

include('compat.inc');

if (description)
{
  script_id(306454);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/04/28");

  script_cve_id(
    "CVE-2023-20585",
    "CVE-2026-20806",
    "CVE-2026-20928",
    "CVE-2026-20930",
    "CVE-2026-23670",
    "CVE-2026-25184",
    "CVE-2026-25250",
    "CVE-2026-26151",
    "CVE-2026-26152",
    "CVE-2026-26153",
    "CVE-2026-26154",
    "CVE-2026-26155",
    "CVE-2026-26156",
    "CVE-2026-26159",
    "CVE-2026-26160",
    "CVE-2026-26161",
    "CVE-2026-26162",
    "CVE-2026-26163",
    "CVE-2026-26165",
    "CVE-2026-26166",
    "CVE-2026-26167",
    "CVE-2026-26168",
    "CVE-2026-26169",
    "CVE-2026-26170",
    "CVE-2026-26172",
    "CVE-2026-26173",
    "CVE-2026-26174",
    "CVE-2026-26175",
    "CVE-2026-26176",
    "CVE-2026-26177",
    "CVE-2026-26178",
    "CVE-2026-26179",
    "CVE-2026-26180",
    "CVE-2026-26181",
    "CVE-2026-26182",
    "CVE-2026-26183",
    "CVE-2026-26184",
    "CVE-2026-27906",
    "CVE-2026-27907",
    "CVE-2026-27908",
    "CVE-2026-27909",
    "CVE-2026-27910",
    "CVE-2026-27911",
    "CVE-2026-27912",
    "CVE-2026-27914",
    "CVE-2026-27915",
    "CVE-2026-27916",
    "CVE-2026-27917",
    "CVE-2026-27918",
    "CVE-2026-27919",
    "CVE-2026-27920",
    "CVE-2026-27921",
    "CVE-2026-27922",
    "CVE-2026-27923",
    "CVE-2026-27925",
    "CVE-2026-27926",
    "CVE-2026-27927",
    "CVE-2026-27928",
    "CVE-2026-27929",
    "CVE-2026-27930",
    "CVE-2026-27931",
    "CVE-2026-32068",
    "CVE-2026-32069",
    "CVE-2026-32070",
    "CVE-2026-32071",
    "CVE-2026-32072",
    "CVE-2026-32073",
    "CVE-2026-32074",
    "CVE-2026-32075",
    "CVE-2026-32076",
    "CVE-2026-32077",
    "CVE-2026-32078",
    "CVE-2026-32079",
    "CVE-2026-32080",
    "CVE-2026-32081",
    "CVE-2026-32082",
    "CVE-2026-32083",
    "CVE-2026-32084",
    "CVE-2026-32085",
    "CVE-2026-32086",
    "CVE-2026-32087",
    "CVE-2026-32088",
    "CVE-2026-32089",
    "CVE-2026-32090",
    "CVE-2026-32091",
    "CVE-2026-32093",
    "CVE-2026-32149",
    "CVE-2026-32150",
    "CVE-2026-32151",
    "CVE-2026-32152",
    "CVE-2026-32153",
    "CVE-2026-32154",
    "CVE-2026-32155",
    "CVE-2026-32156",
    "CVE-2026-32157",
    "CVE-2026-32158",
    "CVE-2026-32159",
    "CVE-2026-32160",
    "CVE-2026-32162",
    "CVE-2026-32163",
    "CVE-2026-32164",
    "CVE-2026-32165",
    "CVE-2026-32181",
    "CVE-2026-32183",
    "CVE-2026-32202",
    "CVE-2026-32212",
    "CVE-2026-32214",
    "CVE-2026-32215",
    "CVE-2026-32217",
    "CVE-2026-32218",
    "CVE-2026-32219",
    "CVE-2026-32220",
    "CVE-2026-32221",
    "CVE-2026-32222",
    "CVE-2026-32223",
    "CVE-2026-32225",
    "CVE-2026-33096",
    "CVE-2026-33098",
    "CVE-2026-33099",
    "CVE-2026-33100",
    "CVE-2026-33101",
    "CVE-2026-33104",
    "CVE-2026-33824",
    "CVE-2026-33826",
    "CVE-2026-33827",
    "CVE-2026-33829"
  );
  script_xref(name:"MSKB", value:"5082063");
  script_xref(name:"MSFT", value:"MS26-5082063");
  script_xref(name:"IAVA", value:"2026-A-0342");
  script_xref(name:"IAVA", value:"2026-A-0343");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2026/05/12");

  script_name(english:"KB5082063: Windows Server 2025 Security Update (April 2026)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The remote Windows host is missing security update 5082063. It is, therefore, affected by multiple vulnerabilities

  - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
    (CVE-2026-33824)

  - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature
    over a network. (CVE-2026-32225)

  - Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
    (CVE-2026-32157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://support.microsoft.com/help/5082063");
  script_set_attribute(attribute:"solution", value:
"Apply Security Update 5082063");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:A");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-33824");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-26167");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2023-20585");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/04/14");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/04/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows_server_2025");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Windows : Microsoft Bulletins");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("smb_check_rollup.nasl", "smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
  script_require_keys("SMB/MS_Bulletin_Checks/Possible");
  script_require_ports(139, 445, "Host/patch_management_checks");

  exit(0);
}

include('smb_func.inc');
include('smb_hotfixes.inc');
include('smb_hotfixes_fcheck.inc');
include('smb_reg_query.inc');

get_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');

var bulletin = 'MS26-04';
var kbs = make_list(
  '5082063'
);

if (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit('SMB/Registry/Enumerated');
get_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);

if (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

var share = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

# This plugin is for Windows Server 2025 only (version 4th component >= 32000)
# Windows 11 24H2/25H2 systems (< 32000) should use the KB5083769 plugin instead
var os_build = get_kb_item('SMB/WindowsVersionBuild');
if (os_build == '26100')
{
  var systemroot = hotfix_get_systemroot();
  var path = hotfix_append_path(path:systemroot + "\system32", value:"ntoskrnl.exe");
  var fver = hotfix_get_fversion(path:path);
  if (!isnull(fver) && fver['error'] == HCF_OK && !isnull(fver['version']))
  {
    var ver_parts = split(fver['version'], sep:'.', keep:FALSE);
    if (max_index(ver_parts) >= 4 && int(ver_parts[3]) < 32000)
    {
      # Windows 11 24H2/25H2 system - this plugin doesn't apply
      hotfix_check_fversion_end();
      audit(AUDIT_HOST_NOT, 'affected (Windows 11 - use KB5083769)');
    }
  }
}

if (
  smb_check_rollup(os:'10',
                   os_build:26100,
                   rollup_date:'04_2026',
                   bulletin:bulletin,
                   rollup_kb_list:[5082063])
)
{
  replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, hotfix_get_audit_report());
}

28 Apr 2026 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 45.6

CVSS 3.17.8 - 9.8

EPSS0.21074

SSVC