CVE-2026-58626
Microsoft · Windows
A use after free vulnerability in Windows Remote Desktop Services allows an authenticated attacker to execute code over a network.
Executive summary
An authenticated attacker could execute arbitrary code via a use after free vulnerability in Windows Remote Desktop Services, presenting a high risk of remote system compromise.
Vulnerability
This is a use after free vulnerability (CWE-416) within Windows Remote Desktop Services. The vulnerability can be triggered by an authenticated attacker over a network connection to execute code.
Business impact
Given the CVSS score of 8.8, this vulnerability poses a severe threat to business continuity and data security. An attacker who successfully exploits this service could gain full control over the remote desktop environment, facilitating data exfiltration or the installation of malicious software.
Remediation
Immediate Action: Apply the vendor-supplied security patches to all affected Windows Server and client installations immediately.
Proactive Monitoring: Audit RDP service logs for signs of abnormal behavior or unauthorized attempts to leverage the Remote Desktop service.
Compensating Controls: Limit access to Remote Desktop Services through network segmentation or VPN requirements to minimize exposure to potentially malicious actors.
Exploitation status
Public Exploit Available: No (exploit_available: false)
Analyst recommendation
Security teams must prioritize this patch for all servers and workstations running Remote Desktop Services. Applying the vendor update is the most effective method to eliminate the vulnerability and protect the environment from potential code execution attacks.