Microsoft launched safety patches addressing a major vulnerability in Home windows Distant Desktop Providers that would permit unauthorized attackers to launch denial of service assaults over community connections.
The vulnerability, designated as CVE-2025-53722, impacts a number of Home windows variations spanning from legacy techniques to the most recent Home windows Server 2025 and Home windows 11 24H2 releases.
Key Takeaways1. Essential Home windows RDS flaw lets distant attackers set off DoS.2. Community‑based mostly, low complexity assault vector.3. Microsoft patched it on Aug 12, 2025.
Home windows RDP DoS Vulnerability
The vulnerability stems from uncontrolled useful resource consumption in Home windows Distant Desktop Providers, categorised beneath CWE-400 by the Widespread Weak spot Enumeration system.
Safety researchers have assigned the flaw a CVSS 3.1 base rating of seven.5, indicating excessive severity with the potential for important system disruption.
The assault vector presents significantly regarding traits, requiring no authentication or person interplay whereas sustaining low assault complexity.
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C reveals that attackers can exploit this vulnerability remotely over community connections with out requiring elevated privileges.
Whereas the vulnerability doesn’t compromise knowledge confidentiality or integrity, it poses a excessive availability affect, doubtlessly rendering affected techniques utterly inaccessible by way of useful resource exhaustion assaults.
Erik Egsgard from Discipline Impact receives acknowledgment for locating and responsibly disclosing this vulnerability by way of coordinated disclosure processes.
Microsoft’s exploitability evaluation at present charges the chance of exploitation as “Much less Seemingly,” although no public exploits or energetic assaults have been documented on the time of disclosure.
Threat FactorsDetailsAffected Merchandise– Home windows Server 2008 R2 (SP1)- Home windows Server 2012 / 2012 R2- Home windows Server 2016- Home windows Server 2019- Home windows Server 2022- Home windows Server 2025- Home windows 10 (variations 1607, 1809, 21H2, 22H2)- Home windows 11 (variations 22H2, 23H2, 24H2)ImpactDenial of Service (DoS)Exploit PrerequisitesNo authentication required, no person interplay, community‑based mostly assault, low complexity.CVSS 3.1 Score7.5 (Excessive)
Safety Updates
Microsoft has launched complete safety updates addressing CVE-2025-53722 throughout 33 totally different Home windows configurations, together with each commonplace installations and Server Core deployments.
Essential patches embody KB5063880 and KB5063812 for Home windows Server 2022, KB5063878 and KB5064010 for Home windows Server 2025, and KB5063875 for Home windows 11 variations 22H2 and 23H2.
Legacy techniques obtain equal consideration, with patches KB5063947 and KB5063927 addressing Home windows Server 2008 R2 techniques, whereas KB5063950 covers Home windows Server 2012 R2 installations.
Organizations working Home windows 10 techniques throughout numerous variations can apply KB5063709 for 21H2 and 22H2 releases, and KB5063871 for model 1607 techniques.
System directors ought to prioritize instant patch deployment, significantly in environments the place Distant Desktop Providers face exterior community publicity.
The vulnerability’s network-based assault vector and low complexity necessities make unpatched techniques engaging targets for disruption campaigns concentrating on enterprise continuity and operational availability.
Enhance your SOC and assist your crew defend what you are promoting with free top-notch menace intelligence: Request TI Lookup Premium Trial.
