High
A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Remote code execution
Microsoft
Refer to Microsoft advisory for the complete list of affected products and respective patches.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1374