This session explores a vulnerability in the RDP client (mstsc.exe) that leverages classic hacking techniques. By exploiting how resources are loaded, attackers can achieve Remote Code Execution (RCE). The issue highlights critical risks across systems. A security patch, CVE-2023-24905, has been released to address this vulnerability.