Msrc Remote Desktop Client vulnerabilities

CVE-2025-58718 [HIGH] CWE-416 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the cont

CVE-2025-48817 [HIGH] CWE-23 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to co

CVE-2025-32715 [MEDIUM] CWE-125 Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability Description: Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network. FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According t

CVE-2025-29966 [HIGH] CWE-122 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine w

CVE-2025-29967 [HIGH] CWE-122 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client m

CVE-2025-27487 [HIGH] CWE-122 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires a user to remote into a server that is controlled by an attacker,

CVE-2025-26645 [HIGH] CWE-23 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability Description: Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an admin user on the client to co

CVE-2024-49105 [HIGH] CWE-284 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated attacker could exploit the vulnerability by triggering remote code execution (RCE) on the server via a Remote Desktop connection. Alternatively, an authenticated attacker could trigger guest-to-host RCE via a malicious program by connecting to the host using MMC. FAQ: According t

CVE-2024-38131 [HIGH] CWE-591 Clipboard Virtual Channel Extension Remote Code Execution Vulnerability Clipboard Virtual Channel Extension Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. FAQ: According to the CVSS metric, the

CVE-2024-21307 [HIGH] CWE-416 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R) and privileges required are none (PR:N). What does that mean for this vulnerability? An unauthorized attacker must wait for a user to initiate a connection. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Success

CVE-2023-29362 [HIGH] CWE-122 Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Remote Desktop Client: Remote Desktop Cli

CVE-2023-28267 [MEDIUM] CWE-126 Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? This vulnerability could be tr

CVE-2020-35538 [MEDIUM] CWE-476 A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability? One of the main benefits to our customers who choose to use the Azure Linux distro is th

CVE-2022-30221 [HIGH] Windows Graphics Component Remote Code Execution Vulnerability Windows Graphics Component Remote Code Execution Vulnerability FAQ: How would an attacker exploit this vulnerability? An attacker would have to convince a targeted user to connect to a malicious RDP server. Upon connecting, the malicious server could execute code on the victim's system in the context of the targeted user. FAQ: I am running Windows 7 Service Pack 1 or Windows Server 2008 R2 Service Pack 1. Is t

CVE-2022-22015 [MEDIUM] Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of initialized or uninitialized memory in the process heap. Windows Remote Desktop: Windows Remote Desktop Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Ex

CVE-2022-21990 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Windows Remote Desktop: Windows Remote Desktop M

CVE-2022-24503 [MEDIUM] Remote Desktop Protocol Client Information Disclosure Vulnerability Remote Desktop Protocol Client Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Windows Remote Desktop: Windows Remote Desktop Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publi

CVE-2022-21850 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Windows RDP: Windows RDP Microsoft: Microsoft C

CVE-2022-21851 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An authenticated user could be tricked into connecting to a malicious remote desktop server where the remote desktop host server sends a specially crafted PDU (Server RDP Preconnection) that targets the remote client's drive redirection virtual channel. The end result could lead to remote code execution o

CVE-2021-38666 [HIGH] Remote Desktop Client Remote Code Execution Vulnerability Remote Desktop Client Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacker's server with the vulnerable Remote Desktop Client. Windows RDP: Windows RDP Microsoft: Microsoft