Microsoft Remote Desktop Client Heap-Based Buffer Overflow Vulnerability Allowing Remote Code Execution

A heap-based buffer overflow vulnerability has been identified in the Remote Desktop Client. This vulnerability allows an unauthorized attacker to execute code remotely over a network. It affects multiple versions of the Remote Desktop Client for Windows Desktop, as well as various Windows operating systems including Windows 10, Windows 11, and several versions of Windows Server. The vulnerability arises from a buffer overflow in the handling of Remote Desktop connections, which could be exploited by an attacker controlling a Remote Desktop Server when a victim connects using the vulnerable client.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, connect to a Remote Desktop Server that is controlled by an attacker, using a vulnerable version of the Remote Desktop Client. The buffer overflow will be triggered, allowing for remote code execution on the machine.

Remediation

Users can download the security update for this vulnerability via the Microsoft Update Catalog. Specific update details can be found in the Microsoft Knowledge Base articles KB5094122, KB5094123, KB5094125, KB5094126, KB5093998, and KB5094127.