Microsoft Remote Desktop Client

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Remote Desktop Client.

Recent Microsoft Remote Desktop Client Security Advisories

Advisory	Title	Published
CVE-2025-58718	CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability	October 14, 2025
CVE-2025-48817	CVE-2025-48817 Remote Desktop Client Remote Code Execution Vulnerability	July 8, 2025
CVE-2025-29967	CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability	May 13, 2025
CVE-2025-29966	CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability	May 13, 2025
CVE-2025-27487	CVE-2025-27487 Remote Desktop Client Remote Code Execution Vulnerability	April 8, 2025
CVE-2025-26645	CVE-2025-26645 Remote Desktop Client Remote Code Execution Vulnerability	March 11, 2025
CVE-2024-49105	CVE-2024-49105 Remote Desktop Client Remote Code Execution Vulnerability	December 10, 2024
CVE-2024-43599	CVE-2024-43599 Remote Desktop Client Remote Code Execution Vulnerability	October 8, 2024
CVE-2024-43533	CVE-2024-43533 Remote Desktop Client Remote Code Execution Vulnerability	October 8, 2024
CVE-2024-21307	Remote Desktop Client Remote Code Execution Vulnerability	January 9, 2024

By the Year

In 2026 there have been 0 vulnerabilities in Microsoft Remote Desktop Client. Last year, in 2025 Remote Desktop Client had 5 security vulnerabilities published. Right now, Remote Desktop Client is on track to have less security vulnerabilities in 2026 than it did last year.

Year	Vulnerabilities	Average Score
2026	0	0.00
2025	5	8.04
2024	4	8.38
2023	4	7.40
2022	5	7.00
2021	3	8.33
2020	0	0.00
2019	1	8.00

It may take a day or so for new Remote Desktop Client vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Remote Desktop Client Security Vulnerabilities

Jul 2025: Remote Desktop Spoofing Vulnerability
CVE-2025-33054 8.1 - High - July 08, 2025

Insufficient UI warning of dangerous operations in Remote Desktop Client allows an unauthorized attacker to perform spoofing over a network.

Insufficient UI Warning of Dangerous Operations

Jul 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-48817 8.8 - High - July 08, 2025

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Relative Path Traversal

Jun 2025: Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2025-32715 6.5 - Medium - June 10, 2025

Out-of-bounds read in Remote Desktop Client allows an unauthorized attacker to disclose information over a network.

Out-of-bounds Read

Apr 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-27487 8 - High - April 08, 2025

Heap-based buffer overflow in Remote Desktop Client allows an authorized attacker to execute code over a network.

Heap-based Buffer Overflow

Mar 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-26645 8.8 - High - March 11, 2025

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Relative Path Traversal

Microsoft Remote Desktop Client RCE - CVE-2024-49105
CVE-2024-49105 8.4 - High - December 12, 2024

Remote Desktop Client Remote Code Execution Vulnerability

Authorization

Microsoft RDC Client RCE Vulnerability
CVE-2024-43599 8.8 - High - October 08, 2024

Remote Desktop Client Remote Code Execution Vulnerability

Dangling pointer

CB-VC RCE in Microsoft RDP
CVE-2024-38131 8.8 - High - August 13, 2024

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability

Sensitive Data Storage in Improperly Locked Memory

MS Remote Desktop Client RCE Vulnerability
CVE-2024-21307 7.5 - High - January 09, 2024

Remote Desktop Client Remote Code Execution Vulnerability

Race Condition

Microsoft Remote Desktop Client RCE via Deserialization
CVE-2023-29362 8.8 - High - June 14, 2023

Remote Desktop Client Remote Code Execution Vulnerability

Microsoft Windows RDP Security Feature Bypass
CVE-2023-29352 6.5 - Medium - June 14, 2023

Windows Remote Desktop Security Feature Bypass Vulnerability

Remote Desktop Client RCE via crafted .rdp
CVE-2023-24905 7.8 - High - May 09, 2023

Remote Desktop Client Remote Code Execution Vulnerability

Microsoft RDP Client Info Disclosure CVE-2023-28267
CVE-2023-28267 6.5 - Medium - April 11, 2023

Remote Desktop Protocol Client Information Disclosure Vulnerability

WinGfx EoP Vulnerability
CVE-2022-41121 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2022-22015 6.5 - Medium - May 10, 2022

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-22017 8.8 - High - May 10, 2022

Remote Desktop Client Remote Code Execution Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-26940 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-24503 5.4 - Medium - March 09, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-38665 7.4 - High - November 10, 2021

Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535 8.8 - High - August 12, 2021

Remote Desktop Client Remote Code Execution Vulnerability

Jan 2021: Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669 8.8 - High - January 12, 2021

Windows Remote Desktop Security Feature Bypass Vulnerability

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection
CVE-2019-0887 8 - High - July 15, 2019

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Remote Desktop Client or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Remote Desktop Client
Product

Microsoft Remote Desktop Client

Don't miss out!

Recent Microsoft Remote Desktop Client Security Advisories

By the Year

Recent Microsoft Remote Desktop Client Security Vulnerabilities

Jul 2025: Remote Desktop Spoofing Vulnerability CVE-2025-33054 8.1 - High - July 08, 2025

Jul 2025: Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-48817 8.8 - High - July 08, 2025

Jun 2025: Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2025-32715 6.5 - Medium - June 10, 2025

Apr 2025: Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-27487 8 - High - April 08, 2025

Mar 2025: Remote Desktop Client Remote Code Execution Vulnerability CVE-2025-26645 8.8 - High - March 11, 2025

Microsoft Remote Desktop Client RCE - CVE-2024-49105 CVE-2024-49105 8.4 - High - December 12, 2024

Microsoft RDC Client RCE Vulnerability CVE-2024-43599 8.8 - High - October 08, 2024

CB-VC RCE in Microsoft RDP CVE-2024-38131 8.8 - High - August 13, 2024

MS Remote Desktop Client RCE Vulnerability CVE-2024-21307 7.5 - High - January 09, 2024

Microsoft Remote Desktop Client RCE via Deserialization CVE-2023-29362 8.8 - High - June 14, 2023

Microsoft Windows RDP Security Feature Bypass CVE-2023-29352 6.5 - Medium - June 14, 2023

Remote Desktop Client RCE via crafted .rdp CVE-2023-24905 7.8 - High - May 09, 2023

Microsoft RDP Client Info Disclosure CVE-2023-28267 CVE-2023-28267 6.5 - Medium - April 11, 2023

WinGfx EoP Vulnerability CVE-2022-41121 7.8 - High - December 13, 2022

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2022-22015 6.5 - Medium - May 10, 2022

Remote Desktop Client Remote Code Execution Vulnerability CVE-2022-22017 8.8 - High - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2022-26940 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2022-24503 5.4 - Medium - March 09, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2021-38665 7.4 - High - November 10, 2021

Remote Desktop Client Remote Code Execution Vulnerability CVE-2021-34535 8.8 - High - August 12, 2021

Jan 2021: Windows Remote Desktop Security Feature Bypass Vulnerability CVE-2021-1669 8.8 - High - January 12, 2021

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection CVE-2019-0887 8 - High - July 15, 2019

Stay on top of Security Vulnerabilities

Microsoft Vendor

Microsoft Remote Desktop ClientProduct

Jul 2025: Remote Desktop Spoofing Vulnerability
CVE-2025-33054 8.1 - High - July 08, 2025

Jul 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-48817 8.8 - High - July 08, 2025

Jun 2025: Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2025-32715 6.5 - Medium - June 10, 2025

Apr 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-27487 8 - High - April 08, 2025

Mar 2025: Remote Desktop Client Remote Code Execution Vulnerability
CVE-2025-26645 8.8 - High - March 11, 2025

Microsoft Remote Desktop Client RCE - CVE-2024-49105
CVE-2024-49105 8.4 - High - December 12, 2024

Microsoft RDC Client RCE Vulnerability
CVE-2024-43599 8.8 - High - October 08, 2024

CB-VC RCE in Microsoft RDP
CVE-2024-38131 8.8 - High - August 13, 2024

MS Remote Desktop Client RCE Vulnerability
CVE-2024-21307 7.5 - High - January 09, 2024

Microsoft Remote Desktop Client RCE via Deserialization
CVE-2023-29362 8.8 - High - June 14, 2023

Microsoft Windows RDP Security Feature Bypass
CVE-2023-29352 6.5 - Medium - June 14, 2023

Remote Desktop Client RCE via crafted .rdp
CVE-2023-24905 7.8 - High - May 09, 2023

Microsoft RDP Client Info Disclosure CVE-2023-28267
CVE-2023-28267 6.5 - Medium - April 11, 2023

WinGfx EoP Vulnerability
CVE-2022-41121 7.8 - High - December 13, 2022

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability
CVE-2022-22015 6.5 - Medium - May 10, 2022

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2022-22017 8.8 - High - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-26940 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2022-24503 5.4 - Medium - March 09, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability
CVE-2021-38665 7.4 - High - November 10, 2021

Remote Desktop Client Remote Code Execution Vulnerability
CVE-2021-34535 8.8 - High - August 12, 2021

Jan 2021: Windows Remote Desktop Security Feature Bypass Vulnerability
CVE-2021-1669 8.8 - High - January 12, 2021

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection
CVE-2019-0887 8 - High - July 15, 2019

Microsoft
Vendor

Microsoft Remote Desktop Client
Product