Microsoft Remote Desktop
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Microsoft Remote Desktop.
Recent Microsoft Remote Desktop Security Advisories
| Advisory | Title | Published |
|---|---|---|
| CVE-2026-21533 | CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability | February 10, 2026 |
| CVE-2025-60703 | CVE-2025-60703 Windows Remote Desktop Services Elevation of Privilege Vulnerability | November 11, 2025 |
| CVE-2025-58737 | CVE-2025-58737 Remote Desktop Protocol Remote Code Execution Vulnerability | October 14, 2025 |
| CVE-2025-58718 | CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability | October 14, 2025 |
| CVE-2025-59202 | CVE-2025-59202 Windows Remote Desktop Services Elevation of Privilege Vulnerability | October 14, 2025 |
| CVE-2025-55340 | CVE-2025-55340 Windows Remote Desktop Protocol Security Feature Bypass | October 14, 2025 |
| CVE-2025-53722 | CVE-2025-53722 Windows Remote Desktop Services Denial of Service Vulnerability | August 12, 2025 |
| CVE-2025-50171 | CVE-2025-50171 Remote Desktop Spoofing Vulnerability | August 12, 2025 |
| CVE-2025-48817 | CVE-2025-48817 Remote Desktop Client Remote Code Execution Vulnerability | July 8, 2025 |
| CVE-2025-48814 | CVE-2025-48814 Remote Desktop Licensing Service Security Feature Bypass Vulnerability | July 8, 2025 |
By the Year
In 2026 there have been 0 vulnerabilities in Microsoft Remote Desktop. Last year, in 2025 Remote Desktop had 7 security vulnerabilities published. Right now, Remote Desktop is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 7 | 8.36 |
| 2024 | 2 | 8.60 |
| 2023 | 5 | 6.78 |
| 2022 | 5 | 7.00 |
| 2021 | 3 | 8.33 |
| 2020 | 1 | 7.80 |
| 2019 | 3 | 9.20 |
It may take a day or so for new Remote Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Microsoft Remote Desktop Security Vulnerabilities
Oct 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-58718
8.8 - High
- October 14, 2025
Use after free in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Dangling pointer
Jul 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-48817
8.8 - High
- July 08, 2025
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Relative Path Traversal
Jun 2025: Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2025-32715
6.5 - Medium
- June 10, 2025
Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.
Out-of-bounds Read
May 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-29967
8.8 - High
- May 13, 2025
Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
May 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-29966
8.8 - High
- May 13, 2025
Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.
Heap-based Buffer Overflow
Apr 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-27487
8 - High
- April 08, 2025
Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.
Heap-based Buffer Overflow
Mar 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-26645
8.8 - High
- March 11, 2025
Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
Relative Path Traversal
Microsoft Remote Desktop Client RCE - CVE-2024-49105
CVE-2024-49105
8.4 - High
- December 12, 2024
Remote Desktop Client Remote Code Execution Vulnerability
Authorization
CB-VC RCE in Microsoft RDP
CVE-2024-38131
8.8 - High
- August 13, 2024
Clipboard Virtual Channel Extension Remote Code Execution Vulnerability
Sensitive Data Storage in Improperly Locked Memory
Microsoft RDP Security Feature Bypass (CVE-2023-32043)
CVE-2023-32043
6.8 - Medium
- July 11, 2023
Windows Remote Desktop Security Feature Bypass Vulnerability
Microsoft Remote Desktop Client RCE via Deserialization
CVE-2023-29362
8.8 - High
- June 14, 2023
Remote Desktop Client Remote Code Execution Vulnerability
Microsoft Windows RDP Security Feature Bypass
CVE-2023-29352
6.5 - Medium
- June 14, 2023
Windows Remote Desktop Security Feature Bypass Vulnerability
Microsoft Remote Desktop App Windows Info Disclosure CVE-2023-28290
CVE-2023-28290
5.3 - Medium
- May 09, 2023
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
Microsoft RDP Client Info Disclosure CVE-2023-28267
CVE-2023-28267
6.5 - Medium
- April 11, 2023
Remote Desktop Protocol Client Information Disclosure Vulnerability
WinGfx EoP Vulnerability
CVE-2022-41121
7.8 - High
- December 13, 2022
Windows Graphics Component Elevation of Privilege Vulnerability
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2022-22015
6.5 - Medium
- May 10, 2022
Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-26940
6.5 - Medium
- May 10, 2022
Remote Desktop Protocol Client Information Disclosure Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-22017
8.8 - High
- May 10, 2022
Remote Desktop Client Remote Code Execution Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-24503
5.4 - Medium
- March 09, 2022
Remote Desktop Protocol Client Information Disclosure Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-38665
7.4 - High
- November 10, 2021
Remote Desktop Protocol Client Information Disclosure Vulnerability
Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535
8.8 - High
- August 12, 2021
Remote Desktop Client Remote Code Execution Vulnerability
Jan 2021: Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669
8.8 - High
- January 12, 2021
Windows Remote Desktop Security Feature Bypass Vulnerability
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it
CVE-2020-0919
7.8 - High
- April 15, 2020
An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.
Improper Privilege Management
Aug 2019: Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1181
9.8 - Critical
- August 14, 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
Aug 2019: Remote Desktop Services Remote Code Execution Vulnerability
CVE-2019-1182
9.8 - Critical
- August 14, 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would need to send a specially crafted request to the target systems Remote Desktop Service via RDP. The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests.
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection
CVE-2019-0887
8 - High
- July 15, 2019
A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Microsoft Remote Desktop or by Microsoft? Click the Watch button to subscribe.
