Threat Advisory

Critical Windows RDS Flaw Enables Remote Code Execution

Threat: Vulnerability
Targeted Region: Global
Targeted Sector: Technology & IT
Criticality: High

EXECUTIVE SUMMARY:

A critical vulnerability in Windows Remote Desktop Services allows remote code execution through a race condition caused by sensitive data storage in improperly locked memory and a use-after-free scenario. Attackers can exploit this flaw by connecting to a system with the Remote Desktop Gateway role, enabling arbitrary code execution without user interaction or privileges. While no active exploitation has been reported, the flaw poses a significant risk to the confidentiality, integrity, and availability of affected systems. Several versions of Windows Server are impacted, and patches have been released to address this issue.

 

  • CVE-2024-49115: A vulnerability in Windows Remote Desktop Services that allows remote code execution due to a race condition caused by sensitive data storage in improperly locked memory and a use-after-free scenario. It has a CVSS score of 8.1, indicating a high severity level. The flaw can be exploited remotely without user interaction or privileges.

 

Immediate patching of affected systems is crucial to mitigate the risks associated with this vulnerability. Users are strongly advised to install the latest updates to protect against potential exploitation.

RECOMMENDATION:

We strongly recommend you update Windows Remote Desktop Services to below version:

REFERENCES:

The following reports contain further technical details:
https://cybersecuritynews.com/windows-remote-desktop-services-vulnerability/

crossmenu