Microsoft has patched a critical flaw in its Remote Desktop Client that could allow attackers to execute malicious code on victims’ systems.

Disclosed on October 14, 2025, as CVE-2025-58718, the vulnerability stems from a use-after-free error, earning an “Important” severity rating.

While not yet exploited in the wild, security experts warn that it poses a significant risk to Windows users relying on remote access tools.

The flaw affects the Remote Desktop Client, a core component for connecting to remote machines. An unauthorized attacker could leverage it over a network by tricking a user into connecting to a malicious RDP server.

Windows Remote Desktop Client RCE Vulnerability

Once connected, the server exploits the use-after-free bug to run arbitrary code in the user’s context, potentially leading to full system compromise.

This requires user interaction, such as clicking a phishing link or accepting a bogus connection, but demands no privileges from the attacker.

The Common Vulnerability Scoring System (CVSS) rates it at 8.8 out of 10, highlighting high impacts on confidentiality, integrity, and availability.

Microsoft classifies exploitation as “less likely” due to the need for port redirection, which is disabled by default.

Users should apply the October 2025 Patch Tuesday updates immediately to mitigate risks. Enable automatic updates and avoid connecting to untrusted RDP servers.

For organizations, segmenting networks and training on phishing awareness can further reduce exposure. As remote work persists, this vulnerability underscores the ongoing need for vigilant endpoint security.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Windows Remote Desktop Client Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.

Google has rolled out an urgent security update for its Chrome browser, addressing a high-severity use-after-free vulnerability that could allow attackers to execute arbitrary code on users’ systems.

The patch is included in version 141.0.7390.107 for Linux and 141.0.7390.107/.108 for Windows and macOS, which began deploying to the Stable channel this week.

Full release notes detail the changes, with the update expected to reach most users over the coming days or weeks.

Chrome Use After Free Vulnerability

The flaw, tracked as CVE-2025-11756, resides in Chrome’s Safe Browsing feature, a core component designed to protect users from malicious websites and phishing attempts.

Discovered by independent researcher “as nine” on September 25, 2025, the vulnerability earned a $7,000 bounty under Google’s Vulnerability Reward Program.

Use-after-free errors occur when software continues to reference memory that has already been freed, potentially leading to crashes, data corruption, or exploitation.

In this case, attackers could leverage the bug to inject and run malicious code, bypassing security sandboxes and compromising the entire browser environment.

Google classifies the issue as high severity, emphasizing its potential for remote exploitation without user interaction. Simply visiting a rigged webpage could trigger the attack.

While no widespread exploits have been reported in the wild, the company restricted bug details initially to ensure most users update before details go public.

This aligns with Chrome’s proactive security stance, where access to full disclosures is often delayed until patches propagate.

The fix was enhanced by Google’s suite of detection tools, including AddressSanitizer, MemorySanitizer, and libFuzzer, which assist in identifying memory-related bugs early in development.

Google also extended thanks to external researchers for their contributions during the cycle, preventing other flaws from slipping into stable releases.

Users should update Chrome immediately via the browser’s settings menu or automatic rollout. As browser-based threats evolve, this incident underscores the importance of timely patching in defending against sophisticated attacks.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Chrome Use After Free Vulnerability Let Attackers Execute Arbitrary Code appeared first on Cyber Security News.