Microsoft Remote Desktop Client Relative Path Traversal Remote Code Execution Vulnerability

A relative path traversal vulnerability has been identified in Microsoft Remote Desktop Client. This issue allows an unauthorized attacker to execute code on a victim's machine over the network. The vulnerability arises when a Remote Desktop connection is established with a malicious server, potentially leading to remote code execution on the client side.

Impact

Exploitation of this vulnerability allows for remote code execution on the affected client machine.

Reproduction

To reproduce this vulnerability, connect to a Remote Desktop Server controlled by an attacker using a vulnerable version of the Remote Desktop Client. The connection must be initiated by an admin user on the client machine.

Remediation

Users can apply the security update available through the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5062552, KB5062554, KB5062572, KB5062557, and KB5062624.