Among the 72 flaws fixed in this month’s security update, two critical Remote Desktop vulnerabilities stand out as particularly concerning. CVE-2025-29966 and CVE-2025-29967 both involve heap-based buffer overflow vulnerabilities in the Remote Desktop Client and Gateway Service, respectively, allowing unauthorized attackers to execute arbitrary code over a network.
“In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution on the RDP client machine when a victim connects to the attacker’s server with the vulnerable Remote Desktop Client,” Microsoft explained in its security advisory.
These vulnerabilities received “Critical” severity ratings with a high CVSS score, indicating their potential impact on affected systems. The flaws specifically exploit weaknesses classified under CWE-122: Heap-based Buffer Overflow, allowing attackers to corrupt memory in a way that enables code execution.
The vulnerabilities impact multiple versions of Windows operating systems that utilize Remote Desktop services. While Microsoft has not yet reported active exploitation of these specific flaws in the wild, the company has classified them with an “Exploitation Less Likely” assessment for now.
“Although these particular vulnerabilities haven’t been exploited yet, similar Remote Desktop flaws have been prime targets for attackers in the past,” said a cybersecurity researcher familiar with the matter. “The potential for an unauthenticated attacker to gain remote code execution makes these vulnerabilities especially dangerous.”
These Remote Desktop vulnerabilities were among 72 flaws addressed in Microsoft’s May Patch Tuesday, which also fixed five actively exploited zero-day vulnerabilities, including issues in Windows DWM Core Library, Windows Common Log File System Driver, and Windows Ancillary Function Driver for WinSock.
Security experts recommend that organizations and individual users apply these patches immediately. The vulnerability could be exploited when users connect to malicious Remote Desktop servers, putting client machines at risk of complete system compromise.
For systems that cannot be immediately patched, experts suggest limiting Remote Desktop connections to trusted servers only and implementing additional network security measures to restrict potential attack vectors.
The May 2025 security updates are available through Windows Update, Windows Server Update Services (WSUS), and the Microsoft Update Catalog.
Vulnerability Attack Simulation on How Hackers Rapidly Probe Websites for Entry Points – Free Webinar
The post Windows Remote Desktop Vulnerability Let Attackers Execute Malicious Code Over Network appeared first on Cyber Security News.
The big Fortnite Overwatch update is here, bringing Tracer, Genji and the gang to Epic…
Whether it’s the shrunken world of Grounded or the monster-collecting hijinks of Palworld, it really…
The Payments Association has appointed Emma Banymandhub as its next CEO. She replaces Ben Agnew,…
Food factory performance is dictated by a unique set of pressures. Even known variables, like…
Zoho Corporation has announced an investment of ₹70 crores (around US$7.3 million) in the Open…
For security reporting, CISOs have to provide their boards with information around risk. For many…
This website uses cookies.