Windows Remote Desktop Services Remote Code Execution Vulnerability
21Vexday Risk Score
No sign of exploitation. No public exploitation artifact known so far.
ssvc Trackcvss 8.8epss 0.9%
exploitation probability
0.9%top 46% of all CVEs
observed exploitation
nono source reports it
Use after free in Windows Remote Desktop Services allows an authorized attacker to execute code over a network.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Affected products
Microsoft · Windows 10 Version 21H2Microsoft · Windows 10 Version 22H2Microsoft · Windows 11 Version 24H2Microsoft · Windows 11 Version 25H2Microsoft · Windows 11 version 26H1Microsoft · Windows Server 2022Microsoft · Windows Server 2025Microsoft · Windows Server 2025 (Server Core installation)