Microsoft has issued an urgent security advisory for CVE-2026-4645, a critical Windows vulnerability affecting all supported versions.
Microsoft Warns of Critical Windows Vulnerability CVE-2026-4645
Microsoft has issued an urgent security advisory for CVE-2026-4645, a critical Windows vulnerability affecting all supported versions. The flaw, rated 9.8 out of 10 on the CVSS scale, allows remote code execution without authentication.
What's Affected
- Windows 10 versions 1809 through 22H2
- Windows 11 versions 21H2 through 24H2
- Windows Server 2019 and 2022
- Windows Server 2025 (preview builds)
The vulnerability exists in the Windows Remote Desktop Protocol implementation, specifically in how it handles malformed RDP packets. Attackers can exploit this flaw by sending specially crafted packets to port 3389, potentially gaining complete system control.
Severity and Risk
Microsoft rates this as "Critical" severity. The vulnerability requires no user interaction and can be exploited remotely over the network. Organizations with exposed RDP endpoints face immediate risk.
"This is a wormable vulnerability," Microsoft stated in its advisory. "Successful exploitation could allow an attacker to take control of an affected system."
Immediate Actions Required
- Apply patches immediately - Microsoft released emergency patches on April 15, 2026
- Block RDP access - If RDP isn't needed, disable it entirely
- Network segmentation - Isolate RDP endpoints from the internet
- Enable NLA - Network Level Authentication adds a critical security layer
Patch Availability
The security update is available through:
- Windows Update (critical updates channel)
- Microsoft Update Catalog
- WSUS for enterprise environments
- Microsoft 365 Apps admin center
Timeline
- April 12, 2026: Microsoft received initial vulnerability report
- April 13, 2026: Confirmed critical severity
- April 14, 2026: Developed patches and tested fixes
- April 15, 2026: Emergency Patch Tuesday release
- April 16, 2026: Public disclosure and detailed guidance
Technical Details
The vulnerability stems from a heap-based buffer overflow in the rdpcorets.dll component. When processing certain RDP packet structures, the code fails to validate input lengths, allowing attackers to write arbitrary data beyond allocated memory boundaries.
Microsoft has not observed active exploitation in the wild as of April 16, 2026. However, given the critical nature and ease of exploitation, rapid patching is essential.
Additional Resources
Organizations should prioritize this update above all other security patches until systems are fully patched.
Comments
Please log in or register to join the discussion