CyberSecurityBoard
Sponsor Register Login

Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code

“An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code,” Microsoft explained in their advisory. Identified as CVE-2025-27480, this use-after-free vulnerability in the Remote Desktop Gateway Service has received a CVSS score of 8.1, indicating its high severity and potential impact on enterprise environments worldwide. The vulnerability has been assigned a critical CVSS vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C, indicating that while the attack complexity is high due to the need to win a race condition, no privileges or user interaction are required for exploitation. This heap-based buffer overflow vulnerability carries a CVSS score of 8.0 and could enable attackers controlling a malicious RDP server to execute code on a client machine when a user connects to it. “This vulnerability CVE-2025-27480 underscores the continued risk posed by remote access services,” said a cybersecurity analyst at Kunlun Lab, whose researcher was credited with discovering the vulnerability. The Remote Desktop Gateway service vulnerability occurs when the application incorrectly handles objects in memory, leading to a use-after-free condition. Unlike CVE-2025-27480, this second vulnerability requires user interaction (UI:R) and low privileges (PR:L), meaning exploitation would only occur if a user actively connects to a compromised server. The vulnerability CVE-2025-27480, classified as Use After Free, allows an unauthorized attacker to execute malicious code over a network by exploiting a memory management issue. The race condition aspect of the vulnerability requires precise timing by potential attackers, which slightly reduces the immediate risk but does not diminish the overall severity. Microsoft also disclosed CVE-2025-27487, an “Important” rated vulnerability affecting the Remote Desktop Client. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 09 Apr 2025 09:50:09 +0000


Cyber News related to Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code

The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com
Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com
Windows 11 January 2025 Preview Update Disconnects Remote Desktop Sessions - Microsoft’s January 2025 Windows preview update (KB5050094) for Windows 11 version 24H2 has caused significant issues with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS). The policy, named “Windows 11 24H2 ...
3 weeks ago Cybersecuritynews.com
Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213
Microsoft fixes Remote Desktop issues caused by Windows updates - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a ...
2 weeks ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com
Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com
CVE-2017-3180 - Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an ...
5 years ago
Microsoft: Recent Windows updates cause Remote Desktop issues - "After installing the January 2025 Windows preview update (KB5050094) and later updates, users might experience unexpected disconnections with Remote Desktop Protocol (RDP) sessions, including Remote Desktop Services (RDS)," the company said in a new ...
3 weeks ago Bleepingcomputer.com
Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com
Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com
Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code - “An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary ...
1 week ago Cybersecuritynews.com CVE-2025-27480
5 Lessons Learned from Windows Remote Desktop Honeypot Report - Recently, the SANS Institute released their annual Windows Remote Desktop Honeypot Report, providing comprehensive insights into the nature of malicious activity in a Windows environment. In order to understand how your own Windows network can be ...
2 years ago Bleepingcomputer.com
GitHub Reports Code-Signing Certificate Theft in Security Breach - Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of ...
2 years ago Hackread.com
Recent Windows Server 2025 updates cause Remote Desktop freezes - ​Microsoft says a known issue is causing Remote Desktop freezes on Windows Server 2025 systems after installing security updates released since the February 2025 Patch Tuesday. "After installing the February 2025 Security update ...
3 weeks ago Bleepingcomputer.com
GitHub says hackers cloned code-signing certificates in breached repository - GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to ...
2 years ago Packetstormsecurity.com
Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
2 years ago Bleepingcomputer.com
Microsoft fixes Copilot issue blocking Windows 11 upgrades - Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. On Windows systems with more than one ...
1 year ago Bleepingcomputer.com CVE-2024-20666
Microsoft issues two-year warning for end of Windows 10 The Register - Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence. Extended Security Updates will keep Windows 10 systems ...
1 year ago Go.theregister.com
CVE-2021-21381 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an ...
1 year ago
CVE-2020-3588 - A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop ...
4 years ago
Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
6 months ago Bleepingcomputer.com
Microsoft introduces flighting for Windows Server insiders - Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. Starting today, admins will also have the option to have new Insider builds installed automatically after checking for updates ...
1 year ago Bleepingcomputer.com
Microsoft now force installing Windows 11 23H2 on eligible PCs - Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. The Windows 11 23H2 forced rollout phase announced by Redmond this week comes after systems running multiple ...
1 year ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)