Microsoft has released an emergency security update addressing CVE-2025-68973, a critical vulnerability affecting Windows systems that could allow remote code execution.
Microsoft has issued an urgent security update to address CVE-2025-68973, a critical vulnerability rated 9.8 out of 10 on the CVSS scale. The flaw affects Windows 10 version 21H2 through Windows 11 version 24H2, potentially allowing attackers to execute arbitrary code remotely without authentication.
The vulnerability exists in the Windows Remote Desktop Services component, where improper input validation could enable a specially crafted request to trigger memory corruption. Microsoft reports the flaw is being actively exploited in the wild, with initial reports indicating targeted attacks against enterprise environments.
Affected Products:
- Windows 10 version 21H2 and later
- Windows 11 version 21H2 through 24H2
- Windows Server 2022 and 2025
- Windows IoT versions 21H2+
CVSS Metrics:
- Base Score: 9.8 (Critical)
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
Mitigation Steps:
- Apply the February 2025 Patch Tuesday updates immediately
- Enable automatic updates if not already configured
- For systems that cannot be patched immediately, disable Remote Desktop Services temporarily
- Monitor network traffic for unusual RDP connection patterns
Microsoft recommends organizations prioritize this update across their infrastructure, particularly for internet-facing systems. The company has also released detection signatures for Microsoft Defender and Azure Sentinel to identify potential exploitation attempts.
The security update addresses the vulnerability by implementing proper input validation and memory handling within the Remote Desktop Services component. Microsoft credits an anonymous security researcher working with Trend Micro's Zero Day Initiative for reporting the issue.
Organizations should verify patch deployment through Windows Update history or using enterprise management tools. Microsoft has published additional technical details and deployment guidance in the Security Update Guide at docs.microsoft.com/security-updates.
Comments
Please log in or register to join the discussion