Remote Desktop Client Remote Code Execution Vulnerability

Plan PatchCVSS 8.8CVE-2026-47289Jun 9, 2026

Microsoft

IT in OT - Windows Server and Active Directory are widely deployed in OT environments

Attack path

Attack VectorNetwork

Auth RequiredNone

ComplexityLow

User InteractionRequired

Summary

A heap-based buffer overflow vulnerability in Remote Desktop Client allows an unauthorized attacker to execute arbitrary code over a network without authentication. The vulnerability affects Remote Desktop Client on Windows 10 (versions 1607, 1809, 21H2, 22H2), Windows 11 (versions 23H2, 24H2, 25H2, 26H1), Windows Server 2016, 2019, 2022, and 2025. Exploitation is assessed as less likely but possible through specially crafted RDP messages.

What this means

What could happen

An attacker could execute arbitrary code on a Windows desktop or server through the Remote Desktop Client, potentially gaining full control of the system and any connected equipment it manages or monitors.

Who's at risk

This vulnerability affects IT staff, system administrators, and remote workers who use Windows Remote Desktop Client to access desktops and servers. It impacts all Windows 10, Windows 11, and Windows Server 2016 through 2025 systems. Any organization relying on RDP for remote system management or HMI (Human Machine Interface) access to control systems should prioritize patching.

How it could be exploited

An attacker sends a specially crafted Remote Desktop Protocol (RDP) message to a Windows system running an affected Remote Desktop Client. When the client processes the malicious message, the heap-based buffer overflow is triggered, allowing the attacker to execute code with the privileges of the user running the client.

Prerequisites

Network access to the Remote Desktop Client port (typically 3389)
No credentials required
User must be using or have Remote Desktop Client installed
Target system must be running one of the affected Windows versions

remotely exploitableno authentication requiredlow complexitydefault network exposure

Exploitability

Unlikely to be exploited — EPSS score 1.0%

Affected products (26)

26 with fix

ProductAffected VersionsFix Status

Windows 10 Version 1809 for 32-bit SystemsAll versionsBuild 10.0.17763.8880

Windows 10 Version 1809 for x64-based SystemsAll versionsBuild 10.0.17763.8880

Windows Server 2019All versionsBuild 10.0.17763.8880

Windows Server 2019 (Server Core installation)All versionsBuild 10.0.17763.8880

Windows Server 2022All versionsBuild 10.0.20348.5256

Remediation & Mitigation

0/4

Do now

0/2

WORKAROUNDRestrict RDP access to trusted networks only using firewall rules or VPN gateways

HARDENINGDisable RDP on systems that do not require remote access

Schedule — requires maintenance window

0/1

Patching may require device reboot — plan for process interruption

HOTFIXApply the June 2026 Windows security update to all Windows 10, Windows 11, and Windows Server systems listed in the advisory

Long-term hardening

0/1

HARDENINGImplement network segmentation to isolate systems running Remote Desktop Client from untrusted networks

CVEs (1)

CVE-2026-47289

View full vendor advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/b303efd9-4596-4926-9260-c88526eb9e32

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.