CVE-2026-58626

Microsoft · Windows

A use after free vulnerability in Windows Remote Desktop Services allows an authenticated attacker to execute code over a network.

Executive summary

An authenticated attacker could execute arbitrary code via a use after free vulnerability in Windows Remote Desktop Services, presenting a high risk of remote system compromise.

Vulnerability

This is a use after free vulnerability (CWE-416) within Windows Remote Desktop Services. The vulnerability can be triggered by an authenticated attacker over a network connection to execute code.

Business impact

Given the CVSS score of 8.8, this vulnerability poses a severe threat to business continuity and data security. An attacker who successfully exploits this service could gain full control over the remote desktop environment, facilitating data exfiltration or the installation of malicious software.

Remediation

Immediate Action: Apply the vendor-supplied security patches to all affected Windows Server and client installations immediately.

Proactive Monitoring: Audit RDP service logs for signs of abnormal behavior or unauthorized attempts to leverage the Remote Desktop service.

Compensating Controls: Limit access to Remote Desktop Services through network segmentation or VPN requirements to minimize exposure to potentially malicious actors.

Exploitation status

Public Exploit Available: No (exploit_available: false)

Analyst recommendation

Security teams must prioritize this patch for all servers and workstations running Remote Desktop Services. Applying the vendor update is the most effective method to eliminate the vulnerability and protect the environment from potential code execution attacks.