Out-of-Bounds Read Vulnerability in Windows Remote Desktop Protocol
CVE-2026-42908
Key Information:
- Vendor
Microsoft
- Vendor
- CVE Published:
- 9 June 2026
What is CVE-2026-42908?
CVE-2026-42908 is an out-of-bounds read vulnerability in Microsoft's Windows Remote Desktop Protocol (RDP). RDP is a protocol that allows users to remotely access another computer over a network, providing graphical interface capabilities and facilitating remote management. The vulnerability arises from a flaw in the way RDP handles certain data, which could be exploited by an unauthorized attacker to access sensitive information transmitted over the network. This can lead to significant compromise of data confidentiality and integrity, making organizations vulnerable to data leaks and unauthorized access.
Potential impact of CVE-2026-42908
-
Information Disclosure: The most immediate risk is the potential for unauthorized access to sensitive information. An attacker could exploit this vulnerability to retrieve data that should be protected, including user credentials, confidential communications, or proprietary data.
-
Network Security Compromise: As RDP is commonly used for remote access to enterprise systems, an exploit could lead to broader network security issues. If attackers can gather sensitive information, they may use that data to launch further attacks against the network or to gain escalated access.
-
Reputational Damage: Organizations affected by this vulnerability may suffer reputational harm due to breaches or disclosures of confidential information. The public perception of an organization's commitment to cybersecurity can be severely damaged, leading to loss of customer trust and potential financial consequences.
Affected Version(s)
Windows 10 Version 1607 32-bit Systems 10.0.14393.0 < 10.0.14393.9234
Windows 10 Version 1809 32-bit Systems 10.0.17763.0 < 10.0.17763.8880
Windows 10 Version 21H2 32-bit Systems 10.0.19044.0 < 10.0.19044.7417