The remote Windows host is missing security update 5082126. It is, therefore, affected by multiple vulnerabilities

  - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature     over a network. (CVE-2026-32225)

  - Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
    (CVE-2026-32157)

  - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows     TCP/IP allows an unauthorized attacker to execute code over a network. (CVE-2026-33827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5082126: Windows Server 2012 R2 Security Update (April 2026)

high Nessus Plugin ID 306448

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Apr 29, 2026, 1:01 AM CISA reference CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202604290101
Version 1.2 Apr 20, 2026, 10:26 PM Plugin metadata (Add IAVM Info) Plugin Feed: 202604202226
Version 1.1 Apr 14, 2026, 10:48 PM New Plugin Feed: 202604142248