About Elevation of Privilege – Windows RDS (CVE-2026-21533) vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Remote Desktop Services (RDS) is a component of Microsoft Windows that allows a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection using the Remote Desktop Protocol (RDP). Improper Privilege Management (CWE-269) in Windows Remote Desktop allows a local attacker to gain SYSTEM privileges. According to CrowdStrike, the exploit binary modifies a service configuration key, allowing the attacker to elevate privileges and “add a new user to the Administrator group”.
👾 Microsoft reports exploitation of the vulnerability in the wild. The vulnerability has been listed in the CISA KEV since February 10.
🛠 No public exploits are available yet, but there are reports of the exploit being advertised for sale for $220,000 on a dark forum.
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.