CVE-2026-54990

Microsoft · Windows 11 / Windows Server 2025

A heap-based buffer overflow in the Microsoft Windows Remote Desktop Client allows an unauthenticated remote attacker to execute arbitrary code over the network.

Executive summary

A critical heap-based buffer overflow in the Remote Desktop Client of Windows 11 and Windows Server 2025 creates a high risk of remote code execution.

Vulnerability

The vulnerability is a heap-based buffer overflow within the Remote Desktop Client, which can be triggered by an unauthenticated attacker to achieve code execution.

Business impact

The ability for an unauthenticated attacker to execute code remotely on a Windows system constitutes a critical security risk. With a CVSS score of 9.8, a successful exploit could result in full system compromise, allowing attackers to install malware, modify data, or create new administrative accounts, causing significant operational disruption.

Remediation

Immediate Action: Apply the latest cumulative security updates for Windows 11 and Windows Server 2025 as provided by Microsoft.

Proactive Monitoring: Review RDP traffic logs for unusual connection patterns or anomalous activity originating from unauthorized sources.

Compensating Controls: Limit exposure of RDP services to the public internet by using a secure gateway or VPN, and ensure that NLA (Network Level Authentication) is strictly enforced.

Exploitation status

Public Exploit Available: No confirmed public exploit available.

Analyst recommendation

Organizations should treat this vulnerability with high urgency and deploy the relevant Microsoft patches across all affected Windows endpoints and servers. Prioritize systems that have RDP ports exposed to the internet or wide internal networks to reduce the attack surface.