Volerion logoVolerion
Volerion logoVolerion

Microsoft Windows Remote Desktop Services Use-After-Free Vulnerability Allowing Remote Code Execution

Vulnerability

A use-after-free vulnerability has been identified in Windows Remote Desktop Services. This issue allows an unauthorized attacker to execute code remotely over the network. The vulnerability arises from improper handling of memory, leading to a race condition that can be exploited to execute arbitrary code.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected system.

Reproduction

To reproduce this vulnerability, connect to a system with the Remote Desktop Gateway role. The exploitation involves triggering a race condition that creates a use-after-free scenario, which can then be leveraged to execute arbitrary code.

Remediation

Users can apply the security updates released on June 10, 2025, to address this vulnerability. These updates are available through the Microsoft Update Catalog.

Added: Jun 10, 2025, 6:26 PM
Updated: Jun 10, 2025, 6:26 PM

Vulnerability Rating

Custom Algorithm
spread
8.1
impact
7.5
exploitability
6.2
remediation
7.7
relevance
0.2
threat
1.6
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.