cve-2026-42908

CVE-2026-42908 is a Windows Remote Desktop Protocol information disclosure vulnerability disclosed by Microsoft on June 9, 2026. The flaw involves an out-of-bounds read that could allow an unauthenticated attacker to disclose information over a network on affected Windows systems. While Microsoft rated it as a CVSS 7.5 high-severity issue, the impact is limited to information disclosure rather than remote code execution. However, administrators should not dismiss it, as memory leaks in modern Windows environments can serve as a stepping stone for further attacks. This tag covers discussions about the vulnerability, its implications, and patch guidance for Windows systems.