The remote Windows host is missing security update 5082063. It is, therefore, affected by multiple vulnerabilities

  - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.
    (CVE-2026-33824)

  - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature     over a network. (CVE-2026-32225)

  - Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
    (CVE-2026-32157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

KB5082063: Windows Server 2025 Security Update (April 2026)

medium Nessus Plugin ID 306454

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.6 Apr 29, 2026, 1:01 AM CISA reference CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:A") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Plugin Feed: 202604290101
Version 1.5 Apr 27, 2026, 11:43 AM CVSS metrics ("CVSSv3 score" set to 7.8) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H") CVSSv3 score source (changed from "CVE-2026-32091" to "CVE-2026-26167") Plugin Feed: 202604271143
Version 1.4 Apr 23, 2026, 10:40 AM CVSS metrics ("CVSSv3 score" set to 7.0) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv3 score source (set to "CVE-2026-32091") Plugin Feed: 202604231040
Version 1.3 Apr 20, 2026, 10:26 PM Plugin metadata (Add IAVM Info) Plugin Feed: 202604202226
Version 1.2 Apr 17, 2026, 9:54 AM CVSS metrics ("Cvssv4 score" set to 5.6) CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:P") CVSS metrics ("Cvssv4 vector" set to "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N") CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") CVSSv4 severity (based on CVE-2023-20585, severity decreased from "High" to "Medium") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202604170954
Version 1.1 Apr 14, 2026, 10:48 PM New Plugin Feed: 202604142248