Microsoft Remote Desktop Client Use-After-Free Vulnerability Leading to Remote Code Execution
Vulnerability
A use-after-free vulnerability has been identified in the Remote Desktop Client for Windows Desktop. This vulnerability allows an unauthorized attacker to execute code remotely over the network. The issue arises when a client connects to a malicious server via Remote Desktop, potentially leading to code execution on the client's machine.
Impact
Exploitation of this vulnerability allows for remote code execution on the affected system.
Remediation
Users can download the security update for this vulnerability through the Microsoft Update Catalog. For Windows Server 2012 R2, Windows Server 2016, Windows 10 Version 1607, Windows Server 2025, Windows 11 Version 24H2, and other affected versions, the security update is available as part of the monthly rollup. For Remote Desktop Client for Windows Desktop, the security update can be downloaded from the Windows App Client Release Notes.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.