Microsoft Windows Deployment Services Improper Access Control Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in Windows Deployment Services (WDS) due to improper access control. This issue allows an unauthorized attacker to execute code over an adjacent network. The vulnerability affects multiple versions of Windows Server, including 2008, 2012, 2016, 2019, 2022, and 2025, as well as Windows Server 2022 23H2 Edition.

Impact

Exploitation of this vulnerability could lead to unauthorized remote code execution on the affected system.

Remediation

To address this vulnerability, administrators should audit existing WDS usage and identify hands-free deployments. Immediate protection can be achieved by configuring the registry settings described in the 'Windows Deployment Services (WDS) Hands-Free Deployment Hardening Guidance'. This security protection will be enabled by default in a future security update release. However, hands-free deployments that rely on unauthenticated RPC will no longer work by default, and administrators can override this behavior via a registry key, although this is not recommended for production environments.