PatchSiren cyber security CVE debrief
CVE-2026-45639 Microsoft CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-09T17:17:30.770Z and has not been modified since then. The NVD entry is currently Analyzed. This out-of-bounds read vulnerability in Windows Remote Desktop client for Windows Desktop allows unauthorized attackers to disclose information over a network. The vulnerability has a CVSS score of 7.5 and is classified under CWE-125. Affected products include Microsoft Remote Desktop client for Windows Desktop, Windows 10, Windows 11, and various Windows Server versions. Security teams should assess and mitigate this vulnerability due to its high severity and potential impact.
- Vendor
- Microsoft
- Product
- Remote Desktop client for Windows Desktop
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-09
- Original CVE updated
- 2026-06-19
- Advisory published
- 2026-06-09
- Advisory updated
- 2026-06-19
Who should care
Security teams responsible for Windows Remote Desktop client for Windows Desktop and related Windows versions should prioritize assessment and mitigation of CVE-2026-45639 due to its high CVSS score of 7.5 and potential for information disclosure. The affected products include Microsoft Remote Desktop client for Windows Desktop, Windows 10, Windows 11, and various Windows Server versions. Security teams should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
CVE-2026-45639 is a high-severity vulnerability in the Windows Remote Desktop client for Windows Desktop, allowing an unauthorized attacker to disclose information over a network through an out-of-bounds read. The vulnerability has a CVSS score of 7.5 and is classified under CWE-125. Affected products include Microsoft Remote Desktop client for Windows Desktop, Windows 10, Windows 11, and various Windows Server versions. The vulnerability can be mitigated by applying vendor patches or updates, and implementing compensating controls such as network segmentation and monitoring.
Defensive priority
High priority due to potential for information disclosure and high CVSS score. Defenders should review compensating controls for exposed systems while remediation is scheduled and verified, and check relevant monitoring, detection, and logs for exposed assets that need extra review. The vulnerability can be mitigated by applying vendor patches or updates, and implementing compensating controls such as network segmentation and monitoring. Security teams should plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
Recommended defensive actions
- Inventory and assess Windows Remote Desktop client for Windows Desktop and related Windows versions for vulnerability
- Apply vendor patches or updates as available
- Implement compensating controls such as network segmentation and monitoring
- Verify and enforce secure configuration and authentication for Remote Desktop connections
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, its impact, and affected products. Vendor advisory is available from Microsoft. The vulnerability has been analyzed and there are no known instances of exploitation. However, defenders should verify the affected scope and apply patches or updates as available. The evidence is limited to the CVE record and NVD detail, and further verification is recommended.
Official resources
-
CVE-2026-45639 CVE record
CVE.org
-
CVE-2026-45639 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
[email protected] - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-09T17:17:30.770Z and has not been modified since then. The NVD entry is currently Analyzed.