Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
6DescriptionCVE.org
Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an authorized attacker to elevate privileges locally.
AnalysisAI
Local privilege escalation in Windows Remote Desktop Licensing Service affects all supported Windows 10, Windows 11, and Windows Server versions (2012-2025) via missing authentication on a critical function. Authenticated local attackers with low privileges can exploit this CWE-306 authentication bypass to gain SYSTEM-level access with high impact to confidentiality, integrity, and availability (CVSS 7.8). Patch available per vendor; no public exploit identified at time of analysis. The wide foo
Technical ContextAI
This vulnerability stems from CWE-306 (Missing Authentication for Critical Function) in the Windows Remote Desktop Licensing Service, a component responsible for managing Remote Desktop Services (RDS) Client Access Licenses (CALs). The affected service exposes a privileged function callable by low-privileged local users without proper authentication checks. The CVSS vector AV:L/AC:L/PR:L/UI:N indicates local access with low complexity and low privileges required, meaning any authenticated domain or local user can invoke the vulnerable function. The S:U (unchanged scope) indicates the vulnerability is confined to the licensing service's privilege context, but the C:H/I:H/A:H ratings confirm full system compromise potential. Affected products span Windows Server 2012 (build 6.2.9200.0) through Windows Server 2025 (build 10.0.26100.0), Windows 10 versions 1607-22H2, and Windows 11 versions 22H3-26H1, encompassing both desktop and Server Core installations. The licensing service typically runs with elevated privileges, making it an attractive target for local privilege escalation in Remote Desktop Services deployments.
RemediationAI
Apply Microsoft security updates immediately via Windows Update or WSUS to patch the authentication bypass in Remote Desktop Licensing Service. Fixed versions are Windows 10 Version 1607 build 10.0.14393.9060 or later, Windows 10 Version 1809 build 10.0.17763.8644 or later, Windows 10 Version 21H2 build 10.0.19044.7184 or later, Windows 10 Version 22H2 build 10.0.19045.7184 or later, Windows 11 Version 22H3/23H2 build 10.0.22631.6936 or later, Windows 11 Version 24H2 build 10.0.26100.32690 or later, Windows 11 Version 25H2 build 10.0.26200.8246 or later, Windows 11 Version
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-22385