CVE-2025-59202: Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.

high7CVSS 3.1

AVLACHPRLUINSUCHIHAH

Use after free in Windows Remote Desktop Services allows an authorized attacker to elevate privileges locally.

Affected

44 ranges· showing 25

Vendor	Product	Version range	Fixed in
microsoft	windows_10_1607	< 10.0.14393.8519	10.0.14393.8519
microsoft	windows_10_1809	< 10.0.17763.7919	10.0.17763.7919
microsoft	windows_10_21h2	< 10.0.19044.6456	10.0.19044.6456
microsoft	windows_10_22h2	< 10.0.19045.6456	10.0.19045.6456
microsoft	windows_10_version_1607	>= 10.0.14393.0 < 10.0.14393.8519	10.0.14393.8519
microsoft	windows_10_version_1809	>= 10.0.17763.0 < 10.0.17763.7919	10.0.17763.7919
microsoft	windows_10_version_21h2	>= 10.0.19044.0 < 10.0.19044.6456	10.0.19044.6456
microsoft	windows_10_version_22h2	>= 10.0.19045.0 < 10.0.19045.6456	10.0.19045.6456
microsoft	windows_11_22h2	< 10.0.22621.6060	10.0.22621.6060
microsoft	windows_11_23h2	<= 10.0.22631.6060	—
microsoft	windows_11_24h2	< 10.0.26100.6899	10.0.26100.6899
microsoft	windows_11_25h2	< 10.0.26200.6899	10.0.26200.6899
microsoft	windows_11_version_22h2	>= 10.0.22621.0 < 10.0.22621.6060	10.0.22621.6060
microsoft	windows_11_version_22h3	>= 10.0.22631.0 < 10.0.22631.6060	10.0.22631.6060
microsoft	windows_11_version_23h2	>= 10.0.22631.0 < 10.0.22631.6060	10.0.22631.6060
microsoft	windows_11_version_24h2	>= 10.0.26100.0 < 10.0.26100.6899	10.0.26100.6899
microsoft	windows_11_version_25h2	>= 10.0.26200.0 < 10.0.26200.6899	10.0.26200.6899
microsoft	windows_server_2012	—	—
microsoft	windows_server_2012	>= 6.2.9200.0 < 6.2.9200.25722	6.2.9200.25722
microsoft	windows_server_2012_r2	>= 6.3.9600.0 < 6.3.9600.22824	6.3.9600.22824
microsoft	windows_server_2016	<= 10.0.14393.8519	—
microsoft	windows_server_2016	>= 10.0.14393.0 < 10.0.14393.8519	10.0.14393.8519
microsoft	windows_server_2019	< 10.0.17763.7919	10.0.17763.7919
microsoft	windows_server_2019	>= 10.0.17763.0 < 10.0.17763.7919	10.0.17763.7919
microsoft	windows_server_2022	< 10.0.20348.4294	10.0.20348.4294