CVE-2025-24045 – This vulnerability in Windows Remote Desktop Se... (How to Fix)

Q: What is the severity of CVE-2025-24045?

CVE-2025-24045 has a CVSS score of 8.1 (HIGH). This vulnerability in Windows Remote Desktop Services allows attackers to access sensitive data stored in improperly locked memory, potentially leading to remote code execution. It affects systems running vulnerable versions of Windows with RDS enabled. Attackers can exploit this over a network connection.

📋 TL;DR

This vulnerability in Windows Remote Desktop Services allows attackers to access sensitive data stored in improperly locked memory, potentially leading to remote code execution. It affects systems running vulnerable versions of Windows with RDS enabled. Attackers can exploit this over a network connection.

💻 Affected Systems

Products:

Windows Remote Desktop Services

Versions: Specific versions to be confirmed via Microsoft advisory

Operating Systems: Windows Server, Windows Client versions with RDS enabled

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with Remote Desktop Services enabled are vulnerable. Workstations with Remote Desktop enabled may also be affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining administrative privileges and persistent access to the network.

🟠

Likely Case

Data exfiltration and limited code execution leading to lateral movement within the network.

🟢

If Mitigated

Attack blocked at network perimeter with no internal systems vulnerable.

🌐 Internet-Facing: HIGH - RDS services exposed to internet are directly vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could exploit this for lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires network access to RDS service. Memory manipulation techniques needed for exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: To be determined from Microsoft's monthly security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045

Restart Required: No

Instructions:

1. Check Microsoft's security update guide for CVE-2025-24045. 2. Apply the appropriate Windows security update for your version. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable Remote Desktop Services

Windows

Temporarily disable RDS if not required for operations

Disable via Group Policy or Services.msc

Network Segmentation

Windows

Restrict RDS access to specific IP ranges using firewall rules

New-NetFirewallRule -DisplayName "Restrict RDP" -Direction Inbound -LocalPort 3389 -Protocol TCP -Action Allow -RemoteAddress "Trusted_IP_Range"

🧯 If You Can't Patch

Implement strict network access controls to RDS ports (TCP 3389)
Enable Network Level Authentication (NLA) for all RDS connections

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for CVE-2025-24045 patch or use Microsoft's security update guide

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify patch installation via Windows Update history or systeminfo command showing latest security updates

📡 Detection & Monitoring

Log Indicators:

Windows Security Event ID 4625 (failed logon) followed by unusual process creation
RDS connection attempts from unexpected sources

Network Indicators:

Unusual RDP traffic patterns
Multiple failed authentication attempts on port 3389

SIEM Query:

source="windows_security" event_id=4625 AND destination_port=3389 | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-24045

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-591

EPSS Score: 0.53% exploit probability (66.6th percentile)

Published: March 11, 2025

Last Updated: July 3, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24045 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-24045, you might also want to check these: