A zero-day vulnerability in Windows Remote Desktop Services A zero-day elevation of privilege vulnerability in Windows Remote Desktop Services (RDS) that attackers are using in the wild to obtain SYSTEM-level access has been fixed by Microsoft (CVE-2026-21533) This article explores privilege vulnerability windows. . The February 2026 Patch Tuesday updates, which were made available on February 10, fixed the vulnerability, which results from poor privilege management.

With a local attack vector, low complexity, and minimal privilege requirements, CVE-2026-21533 has a CVSS v3.1 base score of 7.8 (High). It has a high impact on confidentiality, integrity, and availability while requiring no user interaction. Microsoft rates it as "Important," pointing out that there is an official fix available and the exploitation is operational. RDS components' improper handling of privileges is the source of the vulnerability.

An exploit binary that replaces a service configuration registry key with one controlled by the attacker was discovered by CrowdStrike. Privilege escalation is made possible by this change, which grants full SYSTEM privileges to a new user who joins the Administrators group. It is perfect for post-exploitation in RDP environments since attackers require initial low-privileged local access.

"Threat actors who have the exploit binaries will probably step up their efforts to use or sell CVE-2026-21533 in the near future," cautioned Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. RDS systems are prime targets for lateral movement, but there is currently no specific adversary attribution. Systems Affected The vulnerability affects many versions of Windows, mostly servers that have RDS enabled.

Product KB Article Build Number: Windows Server 2025 10.0.26100.32370 KB5075899, KB5075942 Windows 11 24H2 (ARM64/x64) 10.0.26100.7840 KB5077181, KB5077212 2022 Windows Server 10.0.20348.4773 KB5075906, KB5075943 Windows 11 23H2 (ARM64/x64) 10.0.22631.6649 Windows Server 2019 KB5075941 10.0.17763.8389 KB5075904 Windows 10 22H2 (different versions) KB5075912 Windows Server 2016 10.0.19045.6937 10.0.14393.8868 KB5075999 R2 of Windows Server 2012 6.3.9600.23022 KB5075970 Windows Server 2012, Windows 10 21H2/1607/1809, and Windows 11 25H2/26H1 are other versions. Microsoft recommends using Windows Update or the Microsoft Update Catalog to deploy the Monthly Rollup or Security Updates right away. Targeted KBs guarantee compatibility for Server Core installations.

Check builds after installation, such as Windows Server 2025 10.0.26100.32370. Steps for Mitigation If not in use, disable RDS and limit to reliable networks. Monitor registry changes in RDS services and enforce least privilege.

For unusual privilege escalations, implement EDR. Because RDS is sensitive, test patches in staging environments. With five additional exploited vulnerabilities among the 55 flaws found in Patch Tuesday, this zero-day underscores the continued risks associated with legacy Windows deployments.

RDS hardening should be an organization's top priority in order to prevent post-breach escalation. X, LinkedIn, and LinkedIn for daily ZeroOwl. To have your stories featured, get in touch with us.