Windows Remote Desktop Protocol Vulnerabilities Leak Memory Context

EXECUTIVE SUMMARY:

Microsoft has disclosed two information disclosure vulnerabilities affecting the Windows Remote Desktop Protocol (RDP). Both flaws stem from out-of-bounds read conditions that can be exploited remotely by an unauthenticated attacker to access sensitive information from memory. Successful exploitation could expose memory addresses, credentials, session tokens, protocol state information, or other sensitive data residing in memory, potentially weakening security protections and aiding further attacks. While neither vulnerability directly enables code execution, the leaked information could facilitate subsequent exploitation of other vulnerabilities and increase the overall attack surface of exposed RDP services.[emaillocker id="1283"]

CVE-2026-42908 with a CVSS score of 7.8: An out‑of‑bounds read in the RDP stack enables an unauthenticated remote attacker to obtain local memory addresses, weakening exploit mitigations such as ASLR; exploitation requires only network access to the RDP service.

CVE-2026-45639 with a CVSS score of 7.5 : This vulnerability permits an unauthenticated attacker to read portions of process memory via crafted RDP traffic, potentially leaking credentials, session tokens, or protocol state; the prerequisite is exposure of the RDP endpoint to the attacker.

RECOMMENDATION:

• We recommend you to update Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability to below version:
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-42908
• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45639

REFERENCES:

The following reports contain further technical details:

https://cybersecuritynews.com/windows-remote-desktop-protocol-vulnerabilities/