Microsoft has issued a critical security update to address CVE-2025-38656, a high-severity vulnerability affecting multiple Windows versions. Users should apply patches immediately to prevent potential exploitation.
Microsoft Releases Critical Security Update for CVE-2025-38656 Vulnerability
Microsoft has issued an emergency security update to address CVE-2025-38656, a critical vulnerability affecting Windows operating systems. The flaw, which received a CVSS score of 9.8 out of 10, could allow remote code execution without authentication.
Vulnerability Details
The vulnerability exists in the Windows Remote Desktop Services component, specifically in how it handles certain authentication requests. Attackers could exploit this flaw by sending specially crafted packets to vulnerable systems, potentially gaining complete control over affected machines.
Microsoft confirmed the vulnerability is being actively exploited in the wild, prompting the accelerated release of patches outside the normal Patch Tuesday schedule.
Affected Products
The security update applies to:
- Windows 10 version 1809 and later
- Windows 11 (all versions)
- Windows Server 2019 and 2022
- Windows Server 2025 (preview builds)
Home users and enterprise customers should verify their systems are receiving automatic updates or manually check for the latest security patches.
Mitigation Steps
Microsoft recommends the following immediate actions:
- Enable automatic updates if not already configured
- Apply the security update as soon as it becomes available
- For systems where patching isn't immediately possible, disable Remote Desktop Services temporarily
- Review firewall rules to restrict RDP access from untrusted networks
Enterprise administrators can find detailed deployment guidance in the Microsoft Security Update Guide at https://msrc.microsoft.com/update-guide.
Timeline
Microsoft released the security advisory on June 12, 2025, with patches becoming available the same day. The company coordinated with industry partners to ensure comprehensive coverage across affected systems.
Additional Resources
Users can access the following resources for more information:
Microsoft emphasizes that applying this update is critical for maintaining system security and preventing potential compromise through this actively exploited vulnerability.
Comments
Please log in or register to join the discussion