Microsoft Remote Desktop Client Heap-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A heap-based buffer overflow vulnerability has been identified in the Remote Desktop Client for Windows Desktop, as well as in various Windows 11 and Windows Server 2022 versions. This vulnerability allows an unauthorized attacker to execute code remotely over a network. The issue arises from a race condition that can be exploited when a victim connects to an attacking server using the vulnerable Remote Desktop Client.

Impact

Exploitation of this vulnerability could lead to remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, an attacker must have control of a Remote Desktop Server and exploit a race condition when a victim connects to the server using the vulnerable Remote Desktop Client. This will trigger the buffer overflow, allowing the attacker to execute arbitrary code on the victim's machine.

Remediation

Users can download the security update for this vulnerability via the Microsoft Update Catalog. Security update KB5095051 is available for Windows 11 versions 26H1, 24H2, 23H2, and 25H2, as well as for Windows Server 2025 and Windows Server 2022 (Server Core installation).