HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-42993Published Modified CNA microsoft

CVE-2026-42993: Remote Desktop Client Remote Code Execution Vulnerability

Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.

Metrics

CVSS v3.1
7.5
Severity
HIGH
Fixed in
10.0.19044.7417
Affected Products
10

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A heap-based buffer overflow vulnerability exists in the Microsoft Remote Desktop Client across multiple versions of Windows 10, Windows 11, and Windows Server 2022. The flaw is reachable over the network without authentication, but requires the victim to interact with a malicious server or link, and exploitation depends on meeting specific memory-layout conditions (high attack complexity). Successful exploitation gives an attacker full remote code execution on the victim's machine. Patched-image rebuilds at the applicable fix versions are available on HarborGuard for environments running affected versions.

HarborGuard Coverage

Detection

Detection capability is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images in connected registries and CI/CD pipelines, including custom-built images derived from affected Windows base layers.

Available
Triage

HarborGuard scores this CVE at CVSS 7.5 (HIGH) and applies per-environment compliance policy weighting to prioritize alert routing, directing findings to the appropriate team inbox within each customer organization.

Available
Patch

Patched-image rebuilds at the applicable fix versions (10.0.19044.7417, 10.0.19045.7417, 10.0.20348.5256, 10.0.22631.7219, 10.0.26100.8655) are available on HarborGuard for environments running affected base images. For customers who opt into auto-remediation, HarborGuard triggers a rebuild at the patched version, runs a regression test suite, and opens a PR against affected workloads automatically.

Available

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the victim's Remote Desktop Client over the network, typically by hosting or controlling a malicious RDP server that the client connects to.

  • AuthenticationNot required

    No authentication or account credentials are required on the attacker's side; the attacker operates as an unauthenticated party relative to the target system.

  • Victim interactionRequired

    The victim must take an action such as opening a malicious RDP file or connecting to an attacker-controlled server, making social engineering a prerequisite for exploitation.

  • Attack complexityDetail

    Attack complexity is high, meaning the attacker must satisfy specific memory-layout or timing conditions beyond basic delivery, making reliable exploitation harder to achieve consistently.

Blast Radius

  • The attacker executes arbitrary code in the context of the logged-in user on the victim's machine.
  • Confidential data accessible to that user account, including files, credentials, and session tokens, can be read or exfiltrated.
  • The attacker can modify or delete files and persistent data owned by the compromised user.
  • The affected Remote Desktop Client process and any dependent services can be crashed or rendered unavailable.

How HarborGuard Handles This

Available on HarborGuard: detection fires within minutes of CVE publication for any customer image built on an affected Windows base layer (Windows 10 21H2/22H2, Windows 11 23H2/24H2/25H2/26H1, or Windows Server 2022). Triage is scored at CVSS 7.5 HIGH and routed according to each environment's compliance policy. Patched-image rebuilds at the relevant fix versions are available immediately. For customers who opt into auto-remediation, HarborGuard performs the rebuild, executes the configured regression test suite, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual sign-off, the rebuilt image is staged and the PR is held for approval.

See how HarborGuard automates this

Fix available

10.0.19044.741710.0.19045.741710.0.20348.525610.0.22631.721910.0.26100.865510.0.26100.3299510.0.26200.865510.0.28000.2269
Patch commits
Affected packages
  • Microsoft / Windows 10 Version 21H2
    < 10.0.19044.7417 (from 10.0.19044.0)
  • Microsoft / Windows 10 Version 22H2
    < 10.0.19045.7417 (from 10.0.19045.0)
  • Microsoft / Windows 11 version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 23H2
    < 10.0.22631.7219 (from 10.0.22631.0)
  • Microsoft / Windows 11 Version 24H2
    < 10.0.26100.8655 (from 10.0.26100.0)
  • Microsoft / Windows 11 Version 25H2
    < 10.0.26200.8655 (from 10.0.26200.0)
  • Microsoft / Windows 11 version 26H1
    < 10.0.28000.2269 (from 10.0.28000.0)
  • Microsoft / Windows Server 2022
    < 10.0.20348.5256 (from 10.0.20348.0)
  • Microsoft / Windows Server 2025
    < 10.0.26100.32995 (from 10.0.26100.0)
  • Microsoft / Windows Server 2025 (Server Core installation)
    < 10.0.26100.32995 (from 10.0.26100.0)
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
References