Microsoft Remote Desktop Client Heap-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A heap-based buffer overflow vulnerability has been identified in the Remote Desktop Client. This vulnerability allows an unauthorized attacker to execute code remotely over a network. It is present in multiple Windows versions, including various releases of Windows 10, Windows 11, Windows Server 2022, Windows Server 2019, and several other Windows Server versions. The vulnerability arises from a race condition that can be exploited when a victim connects to an attacking server using the Remote Desktop Client.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, an attacker must control a Remote Desktop Server and exploit a race condition when a victim connects to the server using the vulnerable Remote Desktop Client. This can be done by timing the execution of malicious code to coincide with the establishment of the Remote Desktop connection.

Remediation

Users can apply the security update provided by Microsoft to address this vulnerability. Instructions for downloading the security update are available on the Microsoft Update Catalog.