AI description
CVE-2026-42908 is an information disclosure vulnerability impacting the Windows Remote Desktop Protocol (RDP). This flaw stems from an out-of-bounds read condition within the RDP stack. An unauthenticated attacker can exploit this vulnerability remotely over a network without requiring any user interaction. Successful exploitation of CVE-2026-42908 can lead to the exposure of sensitive memory contents. This type of information disclosure can weaken modern exploit mitigations, such as Address Space Layout Randomization (ASLR), potentially making other vulnerabilities easier to exploit. Microsoft addressed this issue in its security updates released on June 9, 2026.
- Description
- Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network.
- Source
- secure@microsoft.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- secure@microsoft.com
- CWE-125
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
12
Microsoft’s security updates released June 9, 2026 patches out-of-bounds reads in the RDP stack of CVE-2026-42908 and CVE-2026-45639 #ITSecurity
@seaarepea
10 Jun 2026
25 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Windowsのリモートデスクトッププロトコル(RDP)に、情報漏えいにつながる脆弱性CVE-2026-42908およびCVE-2026-45639が見つかり、Microsoftが2026年6月9日のセキュリティ更新で修正した。 いずれも認証不要でネットワー
@yousukezan
10 Jun 2026
3176 Impressions
7 Retweets
26 Likes
10 Bookmarks
0 Replies
2 Quotes
⚠️ Windows RDP Vulnerabilities Allow Attacker to Expose Sensitive Data Source: https://t.co/o3yYiODgjC Windows systems are impacted by two new Remote Desktop Protocol (RDP) information disclosure vulnerabilities, CVE-2026-42908 and CVE-2026-45639. Both issues were resolve
@The_Cyber_News
10 Jun 2026
4328 Impressions
36 Retweets
116 Likes
30 Bookmarks
3 Replies
2 Quotes