Skip to main content

Windows RDP EUVDEUVD-2026-35683

| CVE-2026-45639 HIGH
Out-of-bounds Read (CWE-125)
2026-06-09 secure@microsoft.com GHSA-hpch-68rw-xfqq
7.5
CVSS 3.1 · Vendor: microsoft
Temporal: 6.5
Share

Severity by source

Vendor (microsoft) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CIRCL (temporal)
6.5 MEDIUM
cvss

Primary rating from Vendor (microsoft).

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
Jun 09, 2026 - 19:03 EUVD
Analysis Generated
Jun 09, 2026 - 18:06 vuln.today
CVE Published
Jun 09, 2026 - 17:17 nvd
HIGH 7.5

DescriptionCVE.org

Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.

AnalysisAI

Information disclosure in Microsoft Windows Remote Desktop Protocol (RDP) allows remote unauthenticated attackers to read out-of-bounds memory over the network, potentially exposing sensitive data from the RDP service process. The flaw is reachable without authentication or user interaction across any exposed RDP endpoint, and no public exploit identified at time of analysis. Microsoft has assigned the issue a CVSS 3.1 score of 7.5 reflecting high confidentiality impact with no integrity or availability effect.

Technical ContextAI

Remote Desktop Protocol (RDP) is Microsoft's proprietary protocol (typically over TCP/3389, with optional UDP transport) used by Windows for remote graphical sessions and implemented in the Terminal Services stack (termdd.sys / rdpcorets.dll and related components). The root cause is CWE-125 (Out-of-bounds Read), meaning the RDP parser reads memory past the bounds of an allocated buffer - typically due to insufficient validation of attacker-controlled length, offset, or PDU field values during message parsing. Such bugs in protocol parsers commonly leak adjacent process memory (uninitialized heap contents, pointers useful for ASLR bypass, or session data) back to the attacker in protocol responses or error paths. The Microsoft-assigned 'Buffer Overflow' and 'Information Disclosure' tags align with a parser-level read primitive rather than a write/code-execution issue.

RemediationAI

Apply the Microsoft security updates referenced in the MSRC advisory at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45639 - patch available per vendor advisory; the exact patched Windows build/KB numbers are listed in that advisory and should be cross-referenced against each affected SKU before deployment. Until patches are rolled out across the fleet, restrict TCP/UDP 3389 at the network edge and from untrusted internal segments, require RDP access only through a Remote Desktop Gateway with MFA, and enforce Network Level Authentication (NLA) on all RDP listeners to require a pre-auth handshake (trade-off: legacy clients without CredSSP support will lose access). For internet-exposed jump hosts that cannot be patched immediately, consider temporarily disabling the Remote Desktop service or blocking 3389 inbound at the firewall (trade-off: remote administration interrupted until alternate access is established).

CVE-2026-42985 HIGH
8.8 Jun 09

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled or

CVE-2025-48817 HIGH
8.8 Jul 08

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

CVE-2024-38131 HIGH
8.8 Aug 13

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerabil

CVE-2023-29362 HIGH
8.8 Jun 14

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2022-22017 HIGH
8.8 May 10

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2021-34535 HIGH
8.8 Aug 12

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotel

CVE-2021-1669 HIGH
8.8 Jan 12

Windows Remote Desktop Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remo

CVE-2024-49105 HIGH
8.4 Dec 12

Remote Desktop Client Remote Code Execution Vulnerability. Rated high severity (CVSS 8.4), this vulnerability is remotel

CVE-2025-27487 HIGH
8.0 Apr 08

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network. Rated

CVE-2019-0887 HIGH
8.0 Jul 15

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an

CVE-2022-41121 HIGH
7.8 Dec 13

Windows Graphics Component Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2026-44801 HIGH
7.5 Jun 09

Remote code execution in Microsoft Remote Desktop Client is possible when a victim connects to an attacker-controlled RD

Share

EUVD-2026-35683 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy