Skip to main content

Remote Desktop Client For Windows Desktop EUVDEUVD-2026-22545

| CVE-2026-32157 HIGH
Use After Free (CWE-416)
2026-04-14 microsoft GHSA-5468-67hp-7rjg
8.8
CVSS 3.1 · NVD
Temporal: 7.7
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CIRCL (temporal)
7.7 HIGH
cvss

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Re-analysis Queued
Apr 17, 2026 - 15:22 vuln.today
cvss_changed
Analysis Generated
Apr 14, 2026 - 19:20 vuln.today
EUVD ID Assigned
Apr 14, 2026 - 17:46 euvd
EUVD-2026-22545
Analysis Generated
Apr 14, 2026 - 17:46 vuln.today
Patch released
Apr 14, 2026 - 17:46 nvd
Patch available
CVE Published
Apr 14, 2026 - 16:57 nvd
HIGH 8.8

DescriptionCVE.org

Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

AnalysisAI

Remote code execution in Microsoft Remote Desktop Client for Windows allows unauthenticated network attackers to execute arbitrary code by delivering a malicious connection file or server response, requiring user interaction. This use-after-free vulnerability (CWE-416) affects Windows 10 (versions 1607-22H2), Windows 11 (22H3-26H1), Windows Server (2012-2025), and standalone Remote Desktop client versions below 2.0.1070.0. With CVSS 8.8 (network-accessible, no authentication required, low comple

Technical ContextAI

This vulnerability stems from a use-after-free condition (CWE-416) in the Remote Desktop Protocol client implementation, where memory is accessed after being freed during connection handling. The flaw affects Microsoft's Remote Desktop Client across multiple Windows platforms including the standalone Remote Desktop client for Windows Desktop (versions prior to 2.0.1070.0), Windows App Client for Windows Desktop, and integrated RDP clients in Windows 10 (builds 14393.x through 19045.x), Windows 11 (builds 22631.x through 28000.x), and Windows Server editions from 2012 through 2025. Use-after-free vulnerabilities occur when memory management errors allow dereferenced pointers to access freed memory regions, creating conditions where attackers can manipulate memory contents to redirect program execution. In RDP client context, this likely occurs during connection negotiation, session establishment, or processing of server-provided graphics/clipboard data, making it exploitable through malicious RDP servers or man-in-the-middle scenarios where connection parameters are manipulated.

RemediationAI

Apply vendor-released patches immediately through Windows Update or WSUS infrastructure. For standalone Remote Desktop Client for Windows Desktop, upgrade to version 2.0.1070.0 or later via Microsoft Store or direct download from Microsoft. For Windows 10 systems, apply cumulative updates raising builds to at minimum 10.0.14393.9060 (version 1607), 10.0.17763.8644 (version 1809), 10.0.19044.7184 (version 21H2), or 10.0.19045.7184 (version 22H2). Windows 11 deployments require updates to builds 10.0.22631.6936 or higher (22H3/23H2), 10.0.26100.32690 or higher (24H2), 10.0.26200.8246 or higher (25H2), or 10.0.28000.1836 or higher (26H1). Windows Server platforms require updates to specified minimum builds for each version as detailed in affected products section. Interim mitigation strategies include restricting RDP client connections to only trusted, verified servers through Group Policy or firewall rules, blocking external RDP connection file (.rdp) attachments at email gateways, and implementing application control policies to prevent execution of unsigned RDP configuration files. Detailed patch guidance available at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32157.

Share

EUVD-2026-22545 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy