Intrusion PreventionMS.Windows.RDP.CVE-2025-21309.Remote.Code.Execution
Description
This indicates a possible attack against a Remote Code Execution vulnerability in Microsoft Remote Desktop Services.
The vulnerability is due to lack of input validation when handling requests. A remote, unauthenticated attacker can exploit this vulnerability by sending maliciously crafted requests to the vulnerable server. Successful exploitation could result in arbitrary code execution in the security context of the application.
Affected Products
Windows Server 2019
Windows Server 2019 (Server Core installation)
Windows Server 2022
Windows Server 2022 (Server Core installation)
Windows Server 2025 (Server Core installation)
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2025
Windows Server 2016
Windows Server 2016 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21309
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 57059 |
| Created | Jan 14, 2025 |
| Updated | Jan 22, 2025 |
| CVE ID | |
| Risk |
|
| Exploit Prediction Score | 2.41% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Buffer Errors |