Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
AnalysisAI
Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.
Technical ContextAI
Remote Desktop Protocol (RDP) is Microsoft's proprietary protocol (typically over TCP/3389, with optional UDP transport) used by Windows for remote graphical sessions and implemented in the Terminal Services stack (termdd.sys / rdpcorets.dll and related components). The root cause is CWE-125 (Out-of-bounds Read), meaning the RDP parser reads memory past the bounds of an allocated buffer - typically due to insufficient validation of attacker-controlled length, offset, or PDU field values during message parsing. Such bugs in protocol parsers commonly leak adjacent process memory (uninitialized heap contents, pointers useful for ASLR bypass, or session data) back to the attacker in protocol responses or error paths. The Microsoft-assigned 'Buffer Overflow' and 'Information Disclosure' tags align with a parser-level read primitive rather than a write/code-execution issue.
RemediationAI
Apply the Microsoft security updates referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45639 - patch available per vendor advisory; the exact patched Windows build/KB numbers are listed in that advisory and should be cross-referenced against each affected SKU before deployment. Until patches are rolled out across the fleet, restrict TCP/UDP 3389 at the network edge and from untrusted internal segments, require RDP access only through a Remote Desktop Gateway with MFA, and enforce Network Level Authentication (NLA) on all RDP listeners to require a pre-auth handshake (trade-off: legacy clients without CredSSP support will lose access). For internet-exposed jump hosts that cannot be patched immediately, consider temporarily disabling the Remote Desktop service or blocking 3389 inbound at the firewall (trade-off: remote administration interrupted until alternate access is established).
More in Remote Desktop Client
View allRemote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabil
Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel
Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel
Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel
Windows Remote Desktop Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo
Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotel
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an
Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l
Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RD
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-35683
GHSA-hpch-68rw-xfqq