Tag Archives: RDS

March “In the Trend of VM” (#25): once again, vulnerabilities are only in Microsoft products

March “In the Trend of VM” (#25): once again, vulnerabilities are only in Microsoft products. I present the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. As in February, it turned out to be quite compact and focused on a single vendor.

🗞 Post on Habr (rus)
🗒 Digest on the PT website (rus)

All four vulnerabilities are from the February Microsoft Patch Tuesday, and all are actively being exploited in the wild:

🔻 RCE – Windows Shell (CVE-2026-21510)
🔻 RCE – Microsoft Word (CVE-2026-21514)

💬 Microsoft classified the two vulnerabilities above as Security Feature Bypass, but in fact, they are Remote Code Execution.

🔻 EoP – Windows Remote Desktop Services (CVE-2026-21533)
🔻 EoP – Desktop Window Manager (CVE-2026-21519)

🟥 The full list of trending vulnerabilities can be found on the portal

About Elevation of Privilege – Windows RDS (CVE-2026-21533) vulnerability

Leave a reply

About Elevation of Privilege – Windows RDS (CVE-2026-21533) vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Remote Desktop Services (RDS) is a component of Microsoft Windows that allows a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection using the Remote Desktop Protocol (RDP). Improper Privilege Management (CWE-269) in Windows Remote Desktop allows a local attacker to gain SYSTEM privileges. According to CrowdStrike, the exploit binary modifies a service configuration key, allowing the attacker to elevate privileges and “add a new user to the Administrator group”.

👾 Microsoft reports exploitation of the vulnerability in the wild. The vulnerability has been listed in the CISA KEV since February 10.

🛠 No public exploits are available yet, but there are reports of the exploit being advertised for sale for $220,000 on a dark forum.

На русском

February Microsoft Patch Tuesday

Leave a reply

February Microsoft Patch Tuesday. A total of 55 vulnerabilities, half as many as in January. There are as many as six (❗️) vulnerabilities being exploited in the wild:

🔻 SFB/RCE – Windows Shell (CVE-2026-21510)
🔻 SFB/RCE – Microsoft Word (CVE-2026-21514)
🔻 SFB – MSHTML Framework (CVE-2026-21513)
🔻 EoP – Windows Remote Desktop Services (CVE-2026-21533)
🔻 EoP – Desktop Window Manager (CVE-2026-21519)
🔻 DoS – Windows Remote Access Connection Manager (CVE-2026-21525)

There is also one vulnerability with a public exploit:

🔸 DoS – libjpeg (CVE-2023-2804)

Notable remaining vulnerabilities:

🔹 RCE – Windows Notepad (CVE-2026-20841)
🔹 Spoofing – Outlook (CVE-2026-21511)
🔹 EoP – Windows Kernel (CVE-2026-21231, CVE-2026-21239, CVE-2026-21245), Windows AFD.sys (CVE-2026-21236, CVE-2026-21238, CVE-2026-21241)

🗒 Full Vulristics report

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: RDS

March “In the Trend of VM” (#25): once again, vulnerabilities are only in Microsoft products

About Elevation of Privilege – Windows RDS (CVE-2026-21533) vulnerability

February Microsoft Patch Tuesday