CVE-2026-21533

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to February 2026 Patch Tuesday updates

Description An issue exists in Microsoft Windows Remote Desktop Services due to improper privilege management. This allows an authorized attacker to elevate privileges, potentially gaining SYSTEM-level access. The vulnerability is actively exploited in the wild, with reports of exploitation dating back to December 2025. The vulnerability is being sold on dark web forums for approximately $220,000. Exploitation requires no user interaction. The flaw stems from flawed privilege handling in RDS components. The vulnerability allows an attacker to modify service configuration keys to escalate privileges. It impacts confidentiality, integrity, and availability.

Recommendations Apply the February 2026 Patch Tuesday updates to all affected systems. Prioritize updates on RDS-enabled servers. Hunt for suspicious RDS-related registry and service modifications. Consider disabling Remote Desktop Services if not required.