Microsoft has issued a critical security update addressing CVE-2025-69647, a severe vulnerability affecting multiple Windows operating systems that could allow remote code execution.
Microsoft Releases Critical Security Update for CVE-2025-69647
Microsoft has issued an emergency security update to address CVE-2025-69647, a critical vulnerability affecting multiple Windows operating systems. The flaw, which carries a CVSS score of 9.8, could allow remote attackers to execute arbitrary code on vulnerable systems without authentication.
Vulnerability Details
The vulnerability exists in the Windows Remote Desktop Services component, specifically in how it handles certain types of authentication requests. Attackers can exploit this flaw by sending specially crafted packets to port 3389 (the default RDP port) on vulnerable systems.
Affected Products
According to Microsoft's Security Update Guide, the following products are affected:
- Windows 10 Version 1809 and later
- Windows Server 2019 and later
- Windows 11 (all versions)
- Windows Server 2022 and later
Systems running older versions of Windows that are no longer supported by Microsoft are also vulnerable but will not receive patches.
Severity and Risk
Microsoft has classified this as a "Critical" severity update, the highest rating in their security bulletin system. The vulnerability is being actively exploited in the wild, with multiple threat intelligence reports indicating that ransomware groups have begun incorporating exploits for this flaw into their toolkits.
Mitigation Steps
Administrators should immediately:
- Apply the security update released on March 11, 2025
- Block TCP port 3389 at network boundaries if RDP is not required
- Enable Network Level Authentication (NLA) if RDP must remain accessible
- Review Windows Event Logs for suspicious authentication attempts
Update Availability
The security update is available through Windows Update and Microsoft Update Catalog. Enterprise customers can also download the patches directly from the Microsoft Download Center.
Microsoft recommends rebooting affected systems after installation to ensure all components are properly updated. The company notes that this update may require multiple restarts on domain controllers and systems with complex configurations.
Timeline
Microsoft was notified of the vulnerability on February 15, 2025, by an independent security researcher. The company developed a fix within 14 days and coordinated with industry partners before public disclosure on March 11, 2025.
Additional Resources
Organizations are strongly encouraged to prioritize patching this vulnerability due to its critical severity and active exploitation in the wild.
Comments
Please log in or register to join the discussion