Microsoft has issued an urgent security advisory for CVE-2025-68358, a critical Windows vulnerability affecting multiple operating system versions. The flaw allows remote code execution and requires immediate patching.
Critical Windows Vulnerability CVE-2025-68358 Requires Immediate Patching
Microsoft has released an emergency security advisory for CVE-2025-68358, a critical vulnerability in Windows operating systems that allows remote code execution without authentication. The flaw affects Windows 10, Windows 11, and Windows Server 2019/2022 versions.
Vulnerability Details
The vulnerability exists in the Windows Remote Procedure Call (RPC) service, specifically in how it handles specially crafted network packets. Attackers can exploit this flaw to execute arbitrary code with system privileges, potentially taking complete control of affected systems.
CVSS Score: 9.8/10 (Critical)
Affected Products
- Windows 10 (all versions)
- Windows 11 (all versions)
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025 (preview builds)
Mitigation Steps
Microsoft recommends immediate action:
Apply Security Updates Immediately
- Windows Update: KB5034441 (released March 2025)
- Manual download available from Microsoft Update Catalog
Temporary Network Controls
- Block inbound RPC traffic on ports 135, 139, 445
- Restrict external access to affected systems
Monitor for Exploitation
- Enable Windows Defender Advanced Threat Protection
- Review system logs for unusual RPC activity
Timeline
- March 12, 2025: Vulnerability discovered by Microsoft Security Response Center
- March 15, 2025: Patch development completed
- March 18, 2025: Security update released
- March 20, 2025: Public disclosure
Technical Analysis
The flaw stems from improper input validation in the RPC runtime library. When processing malformed RPC requests, the service fails to check buffer boundaries, allowing attackers to overwrite adjacent memory regions. This can lead to arbitrary code execution in the context of the SYSTEM account.
Exploitation requires no authentication, making this particularly dangerous for internet-facing Windows servers. The vulnerability can be triggered remotely without user interaction.
Related Resources
What to Do Next
Organizations should prioritize patching critical infrastructure first, including domain controllers, file servers, and remote access systems. Test patches in non-production environments before broad deployment. Monitor Microsoft's security advisories for any updates or additional mitigations.
For assistance with vulnerability management or patch deployment, contact Microsoft Support or your IT service provider immediately.
Comments
Please log in or register to join the discussion