PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-45639 Microsoft CVE debrief

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-09T17:17:30.770Z and has not been modified since then. The NVD entry is currently Analyzed. This out-of-bounds read vulnerability in Windows Remote Desktop client for Windows Desktop allows unauthorized attackers to disclose information over a network. The vulnerability has a CVSS score of 7.5 and is classified under CWE-125. Affected products include Microsoft Remote Desktop client for Windows Desktop, Windows 10, Windows 11, and various Windows Server versions. Security teams should assess and mitigate this vulnerability due to its high severity and potential impact.

Vendor
Microsoft
Product
Remote Desktop client for Windows Desktop
CVSS
HIGH 7.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-09
Original CVE updated
2026-06-19
Advisory published
2026-06-09
Advisory updated
2026-06-19

Who should care

Security teams responsible for Windows Remote Desktop client for Windows Desktop and related Windows versions should prioritize assessment and mitigation of CVE-2026-45639 due to its high CVSS score of 7.5 and potential for information disclosure. The affected products include Microsoft Remote Desktop client for Windows Desktop, Windows 10, Windows 11, and various Windows Server versions. Security teams should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

CVE-2026-45639 is a high-severity vulnerability in the Windows Remote Desktop client for Windows Desktop, allowing an unauthorized attacker to disclose information over a network through an out-of-bounds read. The vulnerability has a CVSS score of 7.5 and is classified under CWE-125. Affected products include Microsoft Remote Desktop client for Windows Desktop, Windows 10, Windows 11, and various Windows Server versions. The vulnerability can be mitigated by applying vendor patches or updates, and implementing compensating controls such as network segmentation and monitoring.

Defensive priority

High priority due to potential for information disclosure and high CVSS score. Defenders should review compensating controls for exposed systems while remediation is scheduled and verified, and check relevant monitoring, detection, and logs for exposed assets that need extra review. The vulnerability can be mitigated by applying vendor patches or updates, and implementing compensating controls such as network segmentation and monitoring. Security teams should plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.

Recommended defensive actions

  • Inventory and assess Windows Remote Desktop client for Windows Desktop and related Windows versions for vulnerability
  • Apply vendor patches or updates as available
  • Implement compensating controls such as network segmentation and monitoring
  • Verify and enforce secure configuration and authentication for Remote Desktop connections

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, its impact, and affected products. Vendor advisory is available from Microsoft. The vulnerability has been analyzed and there are no known instances of exploitation. However, defenders should verify the affected scope and apply patches or updates as available. The evidence is limited to the CVE record and NVD detail, and further verification is recommended.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-09T17:17:30.770Z and has not been modified since then. The NVD entry is currently Analyzed.