Microsoft’s Could 2025 Patch Tuesday has addressed a number of essential vulnerabilities in Home windows Distant Desktop providers that might enable attackers to execute malicious code remotely. Safety consultants are urging customers to use these patches instantly to safeguard their techniques towards potential exploits.
Among the many 72 flaws mounted on this month’s safety replace, two essential Distant Desktop vulnerabilities stand out as notably regarding. CVE-2025-29966 and CVE-2025-29967 each contain heap-based buffer overflow vulnerabilities within the Distant Desktop Shopper and Gateway Service, respectively, permitting unauthorized attackers to execute arbitrary code over a community.
“Within the case of a Distant Desktop connection, an attacker with management of a Distant Desktop Server may set off a distant code execution on the RDP shopper machine when a sufferer connects to the attacker’s server with the susceptible Distant Desktop Shopper,” Microsoft defined in its safety advisory.
These vulnerabilities obtained “Vital” severity rankings with a excessive CVSS rating, indicating their potential affect on affected techniques. The failings particularly exploit weaknesses categorised underneath CWE-122: Heap-based Buffer Overflow, permitting attackers to deprave reminiscence in a method that allows code execution.
Huge Vary of Programs Affected
The vulnerabilities affect a number of variations of Home windows working techniques that make the most of Distant Desktop providers. Whereas Microsoft has not but reported energetic exploitation of those particular flaws within the wild, the corporate has categorised them with an “Exploitation Much less Seemingly” evaluation for now.
“Though these specific vulnerabilities haven’t been exploited but, related Distant Desktop flaws have been prime targets for attackers prior to now,” mentioned a cybersecurity researcher acquainted with the matter. “The potential for an unauthenticated attacker to realize distant code execution makes these vulnerabilities particularly harmful.”
These Distant Desktop vulnerabilities have been amongst 72 flaws addressed in Microsoft’s Could Patch Tuesday, which additionally mounted 5 actively exploited zero-day vulnerabilities, together with points in Home windows DWM Core Library, Home windows Frequent Log File System Driver, and Home windows Ancillary Operate Driver for WinSock.
Safety consultants advocate that organizations and particular person customers apply these patches instantly. The vulnerability might be exploited when customers connect with malicious Distant Desktop servers, placing shopper machines prone to full system compromise.
For techniques that can’t be instantly patched, consultants counsel limiting Distant Desktop connections to trusted servers solely and implementing further community safety measures to limit potential assault vectors.
The Could 2025 safety updates can be found by way of Home windows Replace, Home windows Server Replace Providers (WSUS), and the Microsoft Replace Catalog.
Vulnerability Assault Simulation on How Hackers Quickly Probe Web sites for Entry Factors – Free Webinar
