Microsoft Remote Desktop

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Microsoft Remote Desktop.

Recent Microsoft Remote Desktop Security Advisories

Advisory	Title	Published
CVE-2025-32715	CVE-2025-32715 Remote Desktop Protocol Client Information Disclosure Vulnerability	June 10, 2025
CVE-2025-32710	CVE-2025-32710 Windows Remote Desktop Services Remote Code Execution Vulnerability	June 10, 2025
CVE-2025-29831	CVE-2025-29831 Windows Remote Desktop Services Remote Code Execution Vulnerability	May 13, 2025
CVE-2025-26677	CVE-2025-26677 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	May 13, 2025
CVE-2025-30394	CVE-2025-30394 Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability	May 13, 2025
CVE-2025-29967	CVE-2025-29967 Remote Desktop Client Remote Code Execution Vulnerability	May 13, 2025
CVE-2025-29966	CVE-2025-29966 Remote Desktop Client Remote Code Execution Vulnerability	May 13, 2025
CVE-2025-27487	CVE-2025-27487 Remote Desktop Client Remote Code Execution Vulnerability	April 8, 2025
CVE-2025-27482	CVE-2025-27482 Windows Remote Desktop Services Remote Code Execution Vulnerability	April 8, 2025
CVE-2025-27480	CVE-2025-27480 Windows Remote Desktop Services Remote Code Execution Vulnerability	April 8, 2025

By the Year

In 2025 there have been 2 vulnerabilities in Microsoft Remote Desktop with an average score of 8.8 out of ten. Last year, in 2024 Remote Desktop had 2 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Remote Desktop in 2025 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2025 is greater by 0.20.

Year	Vulnerabilities	Average Score
2025	2	8.80
2024	2	8.60
2023	4	6.78
2022	5	7.00
2021	3	8.33
2020	1	7.80
2019	1	8.00
2018	0	0.00

It may take a day or so for new Remote Desktop vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Remote Desktop Security Vulnerabilities

Heap-based buffer overflow in Windows Remote Desktop

CVE-2025-29966 8.8 - High - May 13, 2025

Heap-based buffer overflow in Windows Remote Desktop allows an unauthorized attacker to execute code over a network.

Memory Corruption

Relative path traversal in Remote Desktop Client

CVE-2025-26645 8.8 - High - March 11, 2025

Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Authorization

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2024-49105 8.4 - High - December 12, 2024

Remote Desktop Client Remote Code Execution Vulnerability

Authorization

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability

CVE-2024-38131 8.8 - High - August 13, 2024

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability

Sensitive Data Storage in Improperly Locked Memory

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2023-29362 8.8 - High - June 14, 2023

Remote Desktop Client Remote Code Execution Vulnerability

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2023-29352 6.5 - Medium - June 14, 2023

Windows Remote Desktop Security Feature Bypass Vulnerability

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

CVE-2023-28290 5.3 - Medium - May 09, 2023

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2023-28267 6.5 - Medium - April 11, 2023

Remote Desktop Protocol Client Information Disclosure Vulnerability

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-41121 7.8 - High - December 13, 2022

Windows Graphics Component Elevation of Privilege Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2022-22017 8.8 - High - May 10, 2022

Remote Desktop Client Remote Code Execution Vulnerability

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

CVE-2022-22015 6.5 - Medium - May 10, 2022

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2022-26940 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2022-24503 5.4 - Medium - March 09, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2021-38665 7.4 - High - November 10, 2021

Remote Desktop Protocol Client Information Disclosure Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2021-34535 8.8 - High - August 12, 2021

Remote Desktop Client Remote Code Execution Vulnerability

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2021-1669 8.8 - High - January 12, 2021

Windows Remote Desktop Security Feature Bypass Vulnerability

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it

CVE-2020-0919 7.8 - High - April 15, 2020

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it allows an attacker to load unsigned binaries, aka 'Microsoft Remote Desktop App for Mac Elevation of Privilege Vulnerability'.

Improper Privilege Management

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection

CVE-2019-0887 8 - High - July 15, 2019

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection, aka 'Remote Desktop Services Remote Code Execution Vulnerability'.

Directory traversal

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Windows 11 or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

Microsoft Remote Desktop
Product

Microsoft Remote Desktop

Don't miss out!

Recent Microsoft Remote Desktop Security Advisories

By the Year

Recent Microsoft Remote Desktop Security Vulnerabilities

Heap-based buffer overflow in Windows Remote Desktop CVE-2025-29966 8.8 - High - May 13, 2025

Relative path traversal in Remote Desktop Client CVE-2025-26645 8.8 - High - March 11, 2025

Remote Desktop Client Remote Code Execution Vulnerability CVE-2024-49105 8.4 - High - December 12, 2024

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability CVE-2024-38131 8.8 - High - August 13, 2024

Remote Desktop Client Remote Code Execution Vulnerability CVE-2023-29362 8.8 - High - June 14, 2023

Windows Remote Desktop Security Feature Bypass Vulnerability CVE-2023-29352 6.5 - Medium - June 14, 2023

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability CVE-2023-28290 5.3 - Medium - May 09, 2023

Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2023-28267 6.5 - Medium - April 11, 2023

Windows Graphics Component Elevation of Privilege Vulnerability CVE-2022-41121 7.8 - High - December 13, 2022

Remote Desktop Client Remote Code Execution Vulnerability CVE-2022-22017 8.8 - High - May 10, 2022

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability CVE-2022-22015 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2022-26940 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2022-24503 5.4 - Medium - March 09, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability CVE-2021-38665 7.4 - High - November 10, 2021

Remote Desktop Client Remote Code Execution Vulnerability CVE-2021-34535 8.8 - High - August 12, 2021

Windows Remote Desktop Security Feature Bypass Vulnerability CVE-2021-1669 8.8 - High - January 12, 2021

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it CVE-2020-0919 7.8 - High - April 15, 2020

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection CVE-2019-0887 8 - High - July 15, 2019

Stay on top of Security Vulnerabilities

Microsoft Vendor

Microsoft Remote DesktopProduct

Heap-based buffer overflow in Windows Remote Desktop

CVE-2025-29966 8.8 - High - May 13, 2025

Relative path traversal in Remote Desktop Client

CVE-2025-26645 8.8 - High - March 11, 2025

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2024-49105 8.4 - High - December 12, 2024

Clipboard Virtual Channel Extension Remote Code Execution Vulnerability

CVE-2024-38131 8.8 - High - August 13, 2024

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2023-29362 8.8 - High - June 14, 2023

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2023-29352 6.5 - Medium - June 14, 2023

Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability

CVE-2023-28290 5.3 - Medium - May 09, 2023

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2023-28267 6.5 - Medium - April 11, 2023

Windows Graphics Component Elevation of Privilege Vulnerability

CVE-2022-41121 7.8 - High - December 13, 2022

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2022-22017 8.8 - High - May 10, 2022

Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability

CVE-2022-22015 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2022-26940 6.5 - Medium - May 10, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2022-24503 5.4 - Medium - March 09, 2022

Remote Desktop Protocol Client Information Disclosure Vulnerability

CVE-2021-38665 7.4 - High - November 10, 2021

Remote Desktop Client Remote Code Execution Vulnerability

CVE-2021-34535 8.8 - High - August 12, 2021

Windows Remote Desktop Security Feature Bypass Vulnerability

CVE-2021-1669 8.8 - High - January 12, 2021

An elevation of privilege vulnerability exists in Remote Desktop App for Mac in the way it

CVE-2020-0919 7.8 - High - April 15, 2020

A remote code execution vulnerability exists in Remote Desktop Services - formerly known as Terminal Services - when an authenticated attacker abuses clipboard redirection

CVE-2019-0887 8 - High - July 15, 2019

Microsoft
Vendor

Microsoft Remote Desktop
Product