CVE-2023-24905

Name of the Vulnerable Software and Affected Versions Windows 10 version 22H2

Description The issue exists due to insufficient input validation in the Remote Desktop Client of the Windows operating system. This allows an attacker to execute arbitrary code, potentially impacting the system. The vulnerability can be exploited by chaining DLL Hijacking and Format String techniques, enabling remote code execution on the Windows RDP Client.

Recommendations For Windows 10 version 22H2, consider disabling the Remote Desktop Client until a patch is available to prevent potential exploitation. Restrict access to the Remote Desktop Client to minimize the risk of arbitrary code execution. Avoid using the Remote Desktop Client on devices with ARM architecture until the issue is resolved.