The Microsoft Security Response Center (MSRC) has taken decisive action by releasing critical security updates aimed at mitigating a significant vulnerability within the Windows Remote Desktop Gateway (RD) service. This vulnerability, designated as CVE-2025-26677, poses a risk of enabling unauthorized attackers to instigate denial of service (DoS) conditions, which could severely disrupt remote access capabilities in enterprise environments.
In addition to addressing the DoS vulnerability, Microsoft has also rolled out patches for another concerning issue related to the RD Gateway, identified as CVE-2025-29831. This vulnerability has the potential to allow remote code execution, raising alarms about possible operational disruptions or threats to system integrity.
Remote Desktop Gateway Service DoS Vulnerability – CVE-2025-26677
A technical examination reveals that the root of this vulnerability lies in uncontrolled resource consumption within the Remote Desktop Gateway Service. This flaw permits remote attackers, without any authentication, to deplete system resources, leading to service disruptions over network connections.
Classified under the Common Weakness Enumeration as CWE-400 (Uncontrolled Resource Consumption), this vulnerability is particularly alarming due to its exploitability without user interaction. A security expert noted, “Organizations that depend heavily on remote desktop services for their daily operations could experience significant disruptions if targeted.”
Microsoft has rated this vulnerability as “High” severity, assigning it a CVSS base score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C). This score reflects the vulnerability’s network attack vector, low complexity of attack, and the potential for high impact on availability, although it does not compromise data confidentiality or integrity.
Multiple versions of Windows Server are affected, including Windows Server 2016, Server 2019, Server 2022, and the newly released Server 2025. Microsoft has provided security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to rectify the issue across all impacted platforms.
While Microsoft’s exploitability assessment suggests that active exploitation of this vulnerability is currently “less likely,” system administrators are strongly urged to implement the patches without delay as part of their routine security maintenance.
The discovery of this flaw is credited to security researchers k0shl and ʌ!ɔ⊥ojv from Kunlun Lab, who responsibly reported it to Microsoft through a coordinated vulnerability disclosure process.
| Risk Factors | Details |
| Affected Products | Windows Server 2016, Windows Server 2019, Windows Server 2022, Windows Server 2025 (Core and Standard) |
| Impact | Denial of Service (DoS) |
| Exploit Prerequisites | No privileges or user interaction required; network-based attack; low complexity |
| CVSS 3.1 Score | 7.5 (Important) |
Remote Desktop Gateway RCE Vulnerability – CVE-2025-29831
Another vulnerability affecting the same service component is CVE-2025-29831, which could enable remote code execution through a Use After Free weakness. This vulnerability also carries a CVSS score of 7.5 and necessitates user interaction, specifically requiring an admin user to stop or restart the service.
Organizations are advised to prioritize the patching of both vulnerabilities during their maintenance windows. While no exploits have been observed in the wild at this time, gateway services of this nature are frequently targeted by threat actors seeking network entry points.
Given the critical role that Remote Desktop Gateway services play in providing secure connections to internal resources for remote workers, organizations utilizing Windows Server with the Remote Desktop Gateway role enabled and exposed to the internet should act swiftly.
| Risk Factors | Details |
| Affected Products | Windows Server 2008 R2, 2012/R2, 2016 (Core/Standard), 2019 (Core/Standard), 2022 (Core/Standard), 2025 (Core/Standard) |
| Impact | Remote Code Execution (RCE) |
| Exploit Prerequisites | Network-based attack (AV:N); High complexity (AC:H); User interaction required (admin must restart) |
| CVSS 3.1 Score | 7.5 (Important) |
According to Microsoft’s Security Update Guide, exploitation of CVE-2025-26677 occurs when an attacker “triggers resource exhaustion” in the service, suggesting a relatively straightforward attack methodology once identified by potential threat actors.
Organizations utilizing the affected Windows Server versions should implement Microsoft’s security updates immediately and consider reviewing network configurations to limit the exposure of Remote Desktop Gateway services to trusted networks only.
