remote desktop services

Winsage
May 15, 2025
Microsoft's May 2025 Patch Tuesday addressed 72 vulnerabilities in Windows Remote Desktop services, including two critical vulnerabilities, CVE-2025-29966 and CVE-2025-29967, which are heap-based buffer overflow issues. These flaws allow unauthorized attackers to execute arbitrary code over a network, posing significant risks. The vulnerabilities have been rated as "Critical" and classified under CWE-122. They affect various versions of Windows operating systems utilizing Remote Desktop services. Although there have been no reported active exploitations, experts warn of the potential dangers, urging users to apply patches immediately. The update also addressed five actively exploited zero-day vulnerabilities in other Windows components. Patches are available through Windows Update, WSUS, and the Microsoft Update Catalog.
Winsage
May 15, 2025
The Microsoft Security Response Center (MSRC) has released critical security updates to address a significant vulnerability in the Windows Remote Desktop Gateway service, identified as CVE-2025-26677, which allows unauthorized attackers to cause denial of service (DoS) conditions. This vulnerability is rated as "High" severity with a CVSS score of 7.5 and affects multiple versions of Windows Server, including 2016, 2019, 2022, and 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue. Additionally, another vulnerability, CVE-2025-29831, has been identified that could enable remote code execution (RCE) through a Use After Free weakness, also rated with a CVSS score of 7.5. This vulnerability requires user interaction, specifically an admin user to stop or restart the service, and affects Windows Server versions 2008 R2, 2012/R2, 2016, 2019, 2022, and 2025. Organizations are advised to prioritize patching both vulnerabilities and to review network configurations to limit exposure of Remote Desktop Gateway services. The vulnerabilities were discovered by security researchers from Kunlun Lab.
Winsage
April 16, 2025
Windows operating systems have numerous background services that can consume system resources and slow down performance. Users can improve responsiveness by disabling non-essential services. 1. Windows Search: Indexes files and data for quick searches; can tax CPU and RAM. To disable: press Ctrl + R, type services.msc, locate Windows Search, stop the service, and set Startup type to Disabled or Manual. 2. SysMain (formerly Superfetch): Preloads frequently used applications into memory but can lead to unnecessary disk activity on SSDs. To disable: access services.msc, find SysMain, stop the service, and set Startup Type to Disabled. 3. Windows Update Delivery Optimization: Shares update files with other PCs, consuming bandwidth. To disable: go to Settings -> Windows Update -> Advanced Options and turn it off. 4. Remote Desktop Services: Enables remote connections, which can drain resources and pose security risks. To disable: locate Remote Desktop Services in services.msc, stop it, and set Startup type to Disabled. 5. Connected User Experiences and Telemetry: Collects usage data and can transmit sensitive information. To disable: turn off the service and navigate to Settings -> Privacy & Security -> Diagnostics & Feedback to disable Diagnostic data. Additional services that may be disabled include Print Spooler, Fax, Bluetooth Support, and Windows Error Reporting Service for further performance optimization.
Winsage
April 9, 2025
Microsoft's Patch Tuesday updates addressed over 120 vulnerabilities, including one actively exploited flaw (CVE-2025-29824) and 11 critical issues. CVE-2025-29824 is an elevation of privilege vulnerability in the Windows Common Log File System Driver, targeted by the group Storm-2460 to deploy ransomware called PipeMagic, affecting victims in the US, Spain, Venezuela, and Saudi Arabia. This vulnerability has a CVSS score of 7.8 and allows attackers to escalate privileges due to a use-after-free flaw. Patches for Windows Server and Windows 11 have been released, but Windows 10 users are still awaiting a fix, with Microsoft promising updates soon. Among the critical vulnerabilities addressed, all allow for remote code execution (RCE). Notable vulnerabilities include: - CVE-2025-26670: LDAP Client RCE, Critical, CVSS 8.1 - CVE-2025-27752: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-29791: Microsoft Excel RCE, Critical, CVSS 7.8 - CVE-2025-27745: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27748: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27749: Microsoft Office RCE, Critical, CVSS 7.8 - CVE-2025-27491: Windows Hyper-V RCE, Critical, CVSS 7.1 - CVE-2025-26663: Windows LDAP RCE, Critical, CVSS 8.1 - CVE-2025-27480: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-27482: Windows RDP RCE, Critical, CVSS 8.1 - CVE-2025-26686: Windows TCP/IP RCE, Critical, CVSS 7.5 - CVE-2025-29809: Windows Kerberos Security Feature Bypass, Important, CVSS 7.1 Dustin Childs from ZDI noted that CVE-2025-29809 requires additional measures beyond standard patching. CVE-2025-26663 and CVE-2025-26670 are considered wormable, necessitating prompt updates, especially for networks exposing LDAP services. Adobe released over 50 fixes for vulnerabilities in products like Cold Fusion, After Effects, and Photoshop, with some issues in Cold Fusion classified as critical. AMD updated advisories regarding GPU access and various Ryzen AI software vulnerabilities.
Winsage
April 8, 2025
April 2025 Patch Tuesday introduced fixes for over 120 vulnerabilities, including a critical zero-day vulnerability (CVE-2025-29824) that is actively exploited. CVE-2025-29824 is a user-after-free vulnerability in the Windows Common Log File System (CLFS), allowing privilege escalation to SYSTEM on compromised Windows machines. Microsoft has patched 32 CLFS vulnerabilities since 2022, with six exploited in the wild. Updates for Windows 10 are not yet available. Other notable vulnerabilities include CVE-2025-26663 and CVE-2025-26670, both unauthenticated user-after-free vulnerabilities in Windows LDAP, and CVE-2025-27480 and CVE-2025-27482 in Windows Remote Desktop Services. None of these vulnerabilities have been patched for Windows 10 systems, but updates are forthcoming. Microsoft reversed its decision to discontinue driver update synchronization to WSUS servers, confirming that WSUS will continue to synchronize driver updates.
Winsage
March 28, 2025
Microsoft has addressed an issue affecting Remote Desktop Protocol (RDP) and Remote Desktop Services (RDS) connections for users connecting from Windows 11 24H2 to RDS hosts on earlier versions of Windows Server 2016, which arose after installing Windows updates since January 2025. Users reported disconnections after 65 seconds when establishing UDP connections. Affected users were advised to install the KB5053656 preview update to resolve the issue, which will be generally available with next month's cumulative updates. Additionally, Microsoft is working on fixing another issue causing Remote Desktop freezes on Windows Server 2025 and is investigating connection errors related to data restoration on Windows 11 24H2 systems. A bug causing USB printers to print random text has also been resolved.
Winsage
March 27, 2025
Microsoft released the KB5053657 update on Tuesday to address an issue in Windows 11 where certain USB printers were printing random text. This update is applicable only to Windows 11 23H2 and 22H2 versions, while users of Windows 11 24H2 do not have an equivalent update yet. The USB printer issue originated from a problematic update released in January 2025, which affected multiple patches. Microsoft clarified that the update fixes issues with USB connected dual-mode printers that might output incorrect text. Additionally, complications from the January update for Windows 11 24H2 have caused Remote Desktop Protocol (RDP) disconnections. Microsoft is implementing a Known Issue Rollback to revert the problematic changes, with a permanent solution expected in a future update for Windows 11 24H2.
Winsage
March 27, 2025
Microsoft has acknowledged a significant issue affecting Remote Desktop functionality on Windows Server 2025 systems, which arose after the installation of security updates released since February 2025. Users may experience freezes in Remote Desktop sessions shortly after connecting, with unresponsive mouse and keyboard inputs requiring a disconnect and reconnect to regain functionality. This issue also affects Windows 11 24H2 systems, but Microsoft addressed it for Windows 11 users with an optional update (KB5052093) released on February 25. A fix for Windows Server 2025 devices is planned for an upcoming update. Additionally, Microsoft has implemented Known Issue Rollback (KIR) to reverse problematic non-security updates related to Remote Desktop and Remote Desktop Services (RDS) connection issues from Windows 11 24H2 updates since January 2025. Users may experience Remote Desktop Protocol (RDP) disconnections lasting up to 65 seconds when connecting from Windows 11 24H2 devices to RDS hosts on Windows Server 2016 systems. A permanent fix for RDP disconnection issues is planned for next month's cumulative updates. Microsoft is also investigating connection errors on Windows 11 24H2 systems related to restoring data from SMB network shares or Backup & Replication servers.
Winsage
March 26, 2025
Microsoft has informed users about issues with Remote Desktop and Remote Desktop Services (RDS) connections after recent Windows updates since January 2025. Users may experience unexpected disconnections during Remote Desktop Protocol (RDP) sessions following the January preview update (KB5050094) and the March 2025 security update (KB5053598). Specifically, users connecting from Windows 11 24H2 PCs to RDS hosts on Windows Server 2016 or earlier may be disconnected after about 65 seconds. Microsoft has introduced a solution through its Known Issue Rollback (KIR) feature, requiring administrators to install and configure the Windows 11 24H2 and Windows Server 2025 KB5053598 250314_20401 KIR group policy. A restart of affected devices is necessary to apply the new settings. A permanent fix will be included in a future Windows update.
Winsage
March 12, 2025
A total of 57 unique vulnerabilities have been addressed in Microsoft's latest security updates, including six zero-day exploits that require immediate attention. The Windows operating system accounts for the majority of these vulnerabilities. Among them is a critical security feature bypass (CVE-2025-26633) with a CVSS rating of 7.0, which requires user interaction for exploitation. Three additional zero-day vulnerabilities are found in the Windows NTFS, including two information disclosure vulnerabilities (CVE-2025-24984 and CVE-2025-24991) and a critical remote-code execution vulnerability (CVE-2025-24993). Another zero-day vulnerability (CVE-2025-24985) affects the Windows Fast FAT driver with a CVSS score of 7.8 and also requires user interaction. The final zero-day vulnerability (CVE-2025-24983) is an elevation-of-privilege flaw with a CVSS score of 7.0. Additionally, a notable public disclosure involves a remote-code execution vulnerability in Microsoft Access (CVE-2025-26630) with a CVSS score of 7.8. Microsoft has also republished four older vulnerabilities with updates. Furthermore, Microsoft is preparing to implement stricter authentication measures for Windows machines, transitioning to mandatory "Enforcement" mode for certain vulnerabilities next month.
Search