Windows Remote Desktop Services Vulnerability Allows Code Execution

Among the critical vulnerabilities are CVE-2025-24035 and CVE-2025-24045, both Remote Code Execution (RCE) vulnerabilities in Windows Remote Desktop Services (RDS). Microsoft has released its March security update, addressing 57 vulnerabilities across its product range, including six critical flaws. Successful exploitation of these vulnerabilities could allow an unauthorized attacker to execute code over a network, potentially leading to complete system compromise with high-severity impacts on system confidentiality, integrity, and availability. Windows Remote Desktop Services enables users to remotely access Windows applications and desktops from different devices via a network connection. These include vulnerabilities in Microsoft Management Console, Windows NTFS, and Windows Fast FAT system drivers. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The vulnerability affects multiple Windows server and desktop versions, making it a widespread risk. Microsoft has released patches for these vulnerabilities as part of its March Patch Tuesday update7. Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. CVE-2025-24045 is a more complex vulnerability to exploit, requiring an attacker to win a race condition.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 12 Mar 2025 12:05:20 +0000

Cyber News related to Windows Remote Desktop Services Vulnerability Allows Code Execution

The Virtual Desktop Revolution: Redefining Work an - A virtual desktop, also referred to as a virtual desktop infrastructure, is a virtualized computing environment that enables users to remotely access and control their desktops from any device with an internet connection. A user who logs in is given ...
1 year ago Feeds.dzone.com

Windows 10 Extended Security Updates Promised for Small Businesses and Home Users - Already common for enterprises, for the first time, individuals will also get the option to pay for extended security updates for a Windows operating system that's out of support. Windows 10 will stop getting free updates, including security fixes, ...
1 year ago Techrepublic.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Marketing Strategies for PaaS Services: Get Ahead of the Curve - With the ever-growing demand for cloud-based performance and services, Platform-as-a-Service (PaaS) is becoming increasingly critical for modern software development. PaaS is a cloud-based platform, providing businesses with an integrated suite of ...
2 years ago Hackread.com

CVE-2017-3180 - Multiple TIBCO Products are prone to multiple unspecified cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an ...
5 years ago

Zoom Mobile & Desktop App Flaw Let Attackers Escalate Privileges - The popular video conferencing software Zoom has security issues with its desktop and mobile apps that could allow for privilege escalation. An attacker may be able to obtain elevated privileges within the application or the operating system by ...
1 year ago Cybersecuritynews.com CVE-2023-43583 CVE-2023-43585 CVE-2023-43586 CVE-2023-36540 CVE-2023-36541 CVE-2023-36534 CVE-2023-39216 CVE-2023-39213

Securing Student Data in Cloud Services - In today's educational landscape, securing student data in cloud services is of utmost importance. One key aspect of securing student data in cloud services is ensuring proper data encryption. This article explores the various challenges and best ...
1 year ago Securityzap.com

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com

Microsoft No Longer Selling Windows 10 Licenses Redirects to Windows 11 Product Pages - Marking an end to an era, Microsoft is no longer directly selling Windows 10 product keys on their website, instead redirecting users to Windows 11 product pages. This month, Microsoft began displaying an alert on their Windows 10 Home and Pro ...
2 years ago Bleepingcomputer.com

GitHub Reports Code-Signing Certificate Theft in Security Breach - Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of ...
2 years ago Hackread.com

Windows Remote Desktop Services Vulnerability Allows Code Execution - Among the critical vulnerabilities are CVE-2025-24035 and CVE-2025-24045, both Remote Code Execution (RCE) vulnerabilities in Windows Remote Desktop Services (RDS). Microsoft has released its March security update, addressing 57 vulnerabilities ...
4 hours ago Cybersecuritynews.com CVE-2025-24035

Windows 11 24H2 now rolling out, here are the new features - Version 24H2 is now also accessible via Windows Server Update Services (including Configuration Manager), Windows Update for Business, and the Microsoft 365 admin center. Microsoft suggests that businesses start targeted rollouts to ensure ...
5 months ago Bleepingcomputer.com

Microsoft to let Windows 10 home users buy Extended Security Updates - Microsoft says that all Windows 10 customers will be able to pay for three extra years of security updates through the company's Extended Security Updates program after the end of support date. After Windows 10 reaches the end of support on October ...
1 year ago Bleepingcomputer.com

Getting a Remote Desktop Freeze? Microsoft Fixes Windows 11 Issue - Microsoft has released a patch to fix the Remote Desktop freeze bug in Windows 11. This bug caused computers to freeze after some users tried to connect using the Remote Desktop protocol. Microsoft's technical support team has been working on the ...
2 years ago Bleepingcomputer.com

Microsoft fixes Copilot issue blocking Windows 11 upgrades - Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. On Windows systems with more than one ...
1 year ago Bleepingcomputer.com CVE-2024-20666

Windows 11 to let admins mandate SMB encryption for outbound connections - Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. SMB encryption provides data end-to-end encryption and ...
1 year ago Bleepingcomputer.com

Microsoft issues two-year warning for end of Windows 10 The Register - Microsoft on Tuesday warned that full security support for Windows 10 will end on October 14, 2025, but offered a lifeline for customers unable or unwilling to upgrade two years hence. Extended Security Updates will keep Windows 10 systems ...
1 year ago Go.theregister.com

ACM will no longer cross sign certificates with Starfield Class 2 starting August 2024 - AWS Certificate Manager is a managed service that you can use to provision, manage, and deploy public and private TLS certificates for use with Elastic Load Balancing, Amazon CloudFront, Amazon API Gateway, and other integrated AWS services. Starting ...
8 months ago Aws.amazon.com

GitHub says hackers cloned code-signing certificates in breached repository - GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to ...
2 years ago Packetstormsecurity.com

CVE-2021-21381 - Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In Flatpack since version 0.9.4 and before version 1.10.2 has a vulnerability in the "file forwarding" feature which can be used by an ...
1 year ago

Microsoft introduces flighting for Windows Server insiders - Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. Starting today, admins will also have the option to have new Insider builds installed automatically after checking for updates ...
1 year ago Bleepingcomputer.com

Microsoft now force installing Windows 11 23H2 on eligible PCs - Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. The Windows 11 23H2 forced rollout phase announced by Redmond this week comes after systems running multiple ...
1 year ago Bleepingcomputer.com

CVE-2020-3588 - A vulnerability in virtualization channel messaging in Cisco Webex Meetings Desktop App for Windows could allow a local attacker to execute arbitrary code on a targeted system. This vulnerability occurs when this app is deployed in a virtual desktop ...
4 years ago

Windows 11 update KB5033375 released with upgraded Copilot AI-assistant - Microsoft has published a new update for Windows 11 versions 23H2 and 22H2 to fix security vulnerabilities and improve Copilot. 2861 and adds new features like Copilot for multiple displays and Alt-Tab. You can grab the Patch by going to Start > ...
1 year ago Bleepingcomputer.com

Windows Remote Desktop Services Vulnerability Allows Code Execution

Cyber News related to Windows Remote Desktop Services Vulnerability Allows Code Execution

Latest Cyber News

Cyber Trends (last 7 days)

Trending Cyber News (last 7 days)