![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![Building a tree(s) by combining XML, XSD, EXP files [closed]](https://cdn.sstatic.net/Sites/softwareengineering/Img/apple-touch-icon@2.png?v=1ef7363febba)
![GrandChase tier list of the best characters available [April 2025]](https://media.pocketgamer.com/artwork/na-33057-1637756796/grandchase-ios-android-3rd-anniversary.jpg?#)
.webp?#)
![Here’s everything new in Android 16 Beta 4 [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/11/Android-16-logo-top-down.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1){kind=logo}
![New Beats USB-C Charging Cables Now Available on Amazon [Video]](https://www.iclarified.com/images/news/97060/97060/97060-640.jpg)
![Apple M4 13-inch iPad Pro On Sale for $200 Off [Deal]](https://www.iclarified.com/images/news/97056/97056/97056-640.jpg)
Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code Remotely
A critical vulnerability in Microsoft Windows Remote Desktop Services that could allow attackers to execute arbitrary code remotely on affected systems without user authentication. Identified as CVE-2025-27480, this use-after-free vulnerability in the Remote Desktop Gateway Service has received a CVSS score of 8.1, indicating its high severity and potential impact on enterprise environments worldwide. Microsoft […] The post Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.
A critical vulnerability in Microsoft Windows Remote Desktop Services that could allow attackers to execute arbitrary code remotely on affected systems without user authentication.
Identified as CVE-2025-27480, this use-after-free vulnerability in the Remote Desktop Gateway Service has received a CVSS score of 8.1, indicating its high severity and potential impact on enterprise environments worldwide.
Microsoft released an official security bulletin on April 8, 2025, detailing the vulnerability that affects the Remote Desktop Gateway Service component.
Windows Remote Desktop Service Vulnerability
The vulnerability CVE-2025-27480, classified as Use After Free, allows an unauthorized attacker to execute malicious code over a network by exploiting a memory management issue.
“An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code,” Microsoft explained in their advisory.
Application Security is no longer just a defensive play, Time to Secure -> Free Webinar
The vulnerability has been assigned a critical CVSS vector string of CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C, indicating that while the attack complexity is high due to the need to win a race condition, no privileges or user interaction are required for exploitation.
The Remote Desktop Gateway service vulnerability occurs when the application incorrectly handles objects in memory, leading to a use-after-free condition. This memory corruption error creates a scenario where:
- The service allocates memory for an object
- The service frees the memory
- The service later references the freed memory
- Attacker can manipulate this reference to execute arbitrary code
The race condition aspect of the vulnerability requires precise timing by potential attackers, which slightly reduces the immediate risk but does not diminish the overall severity.
Related Vulnerability Disclosed
Microsoft also disclosed CVE-2025-27487, an “Important” rated vulnerability affecting the Remote Desktop Client.
This heap-based buffer overflow vulnerability carries a CVSS score of 8.0 and could enable attackers controlling a malicious RDP server to execute code on a client machine when a user connects to it.
Unlike CVE-2025-27480, this second vulnerability requires user interaction (UI:R) and low privileges (PR:L), meaning exploitation would only occur if a user actively connects to a compromised server.
The summary of the vulnerabilities is given below:
CVEs Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-27480 Windows Remote Desktop Gateway Remote Code Execution Network-based attack; High complexity; No privileges or user interaction required 8.1 (High) CVE-2025-27487 Windows Remote Desktop Client Remote Code Execution Requires user interaction; Low complexity; Low privileges required 8.0 (High)
Mitigation and Recommendations
Microsoft has released official patches for most affected systems as part of its April security updates.
However, updates for certain Windows 10 versions are not immediately available and will be released “as soon as possible,” according to the advisory.
Security experts recommend organizations implement the following measures:
- Apply the security updates immediately where available
- Implement network segmentation to limit RDP exposure
- Enable Network Level Authentication (NLA) as an additional protection layer
- Monitor for suspicious RDP connection attempts
“This vulnerability CVE-2025-27480 underscores the continued risk posed by remote access services,” said a cybersecurity analyst at Kunlun Lab, whose researcher was credited with discovering the vulnerability.
“Organizations should review their remote access architecture and consider additional protections beyond patching.”
No evidence of exploitation in the wild has been detected thus far, but security teams should remain vigilant as threat actors often move quickly to weaponize such vulnerabilities once they become public.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try 50 Request for Free
The post Windows Remote Desktop Service Vulnerability Let Attackers Execute Malicious Code Remotely appeared first on Cyber Security News.
