The vulnerability in the Windows Remote Desktop Protocol is an out‑of‑bounds read that enables an unauthorized attacker to retrieve sensitive data from the target system. This weakness can expose portions of memory that should remain private, potentially revealing credential hashes or other confidential information. The flaw does not grant execution privileges or modify state, but the leak of memory contents can be enough for an attacker to conduct credential stuffing or further lateral movement.

Microsoft Remote Desktop client for Windows Desktop is affected, as are multiple Windows 10 releases (1607, 1809, 21H2, 22H2) and several Windows 11 releases (23H2, 24H2, 25H2, 26H1). The same issue impacts Windows Server editions from 2012 through 2025, including both full and core installations. Each of these products is listed as vulnerable to the out-of-bounds read in the Windows RDP stack.

The CVSS score of 7.5 indicates a high severity for this information‑disclosure flaw, and the EPSS score is currently not available, suggesting no public data on exploit frequency yet. The vulnerability is not catalogued in CISA’s KEV, implying no known active exploitation. Attackers would need network access to an RDP session on the affected host, but once established, the read flaw can leak memory data without authentication, making it a serious threat to confidentiality for remote users.