Primary

Context

Microsoft Remote Desktop Client Heap-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

A heap-based buffer overflow vulnerability has been identified in the Remote Desktop Client. This vulnerability allows an authorized attacker to execute code remotely over the network. The issue arises when a user connects to a compromised Remote Desktop Server, which can then execute commands on the user's machine without their consent. The vulnerability affects multiple Windows versions, including Windows 10, Windows 11, Windows Server 2022, and the Remote Desktop client for Windows Desktop.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected system.

Remediation

Security updates for this vulnerability are available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5055518, KB5055521, KB5055526, KB5055528, KB5055557, KB5055561, KB5055581, and KB5055523.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.0

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Microsoft Remote Desktop Client Heap-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating