Microsoft Security Response Center (MSRC) has released important security updates to address a critical vulnerability in Windows Remote Desktop Gateway (RD) service tracked as CVE-2025-26677 that could allow unauthorized attackers to trigger denial of service (DoS) conditions, potentially disrupting remote access capabilities across enterprise environments.
Additionally, Microsoft released patches for the RD Gateway remote code execution vulnerability, identified as CVE-2025-29831, with the potential to disrupt operations or compromise system integrity.
Remote Desktop Gateway Service DoS Vulnerability – CVE-2025-26677
Technical analysis reveals that the vulnerability stems from uncontrolled resource consumption in the Remote Desktop Gateway Service, allowing remote attackers with no authentication to exhaust system resources and cause service disruption over network connections.
.png
)
The vulnerability has been assigned a Common Weakness Enumeration classification of CWE-400 (Uncontrolled Resource Consumption).
“This vulnerability is particularly concerning because it requires no user interaction and can be exploited by unauthenticated attackers from remote locations,” explained a security expert familiar with the matter.
“Organizations relying heavily on remote desktop services for daily operations could face significant operational disruptions if targeted.”
Microsoft has assigned the vulnerability a “High” severity rating with a CVSS base score of 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C).
The score reflects the vulnerability’s network attack vector, low attack complexity, and potential for high availability impact. However, the vulnerability does not affect data confidentiality or integrity.
Multiple Windows Server versions are affected, including Windows Server 2016, Server 2019, Server 2022, and the latest Server 2025.
Microsoft has released security updates (KB5058383, KB5058392, KB5058385, and KB5058411) to address the issue across all impacted platforms.
According to Microsoft’s exploitability assessment, active exploitation of this vulnerability is currently considered “less likely.”
However, system administrators are strongly encouraged to apply the patches immediately as part of standard security maintenance procedures.
Security researchers k0shl and ʌ!ɔ⊥ojv from Kunlun Lab discovered the flaw and reported it to Microsoft through coordinated vulnerability disclosure.
| Risk Factors | Details |
| Affected Products | Windows Server 2016 , Windows Server 2019 , Windows Server 2022 Windows Server 2025 (Core and Standard) |
| Impact | Denial of Service (DoS) |
| Exploit Prerequisites | No privileges or user interaction required; network-based attack; low complexity |
| CVSS 3.1 Score | 7.5 (Important) |
Remote Desktop Gateway RCE Vulnerability – CVE-2025-29831
Another related vulnerability affecting the same service component is CVE-2025-29831, which could allow remote code execution through a Use After Free weakness.
This vulnerability has a CVSS score of 7.5 and requires user interaction, specifically an admin user stopping or restarting the service.
Organizations should prioritize patching both vulnerabilities during their maintenance window.
While no exploits have been detected in the wild yet, these types of gateway services are frequently targeted by threat actors looking for network entry points.
Remote Desktop Gateway services are particularly critical for organizations as they provide secure connections to internal resources for remote workers.
The vulnerability could potentially affect organizations that have deployed Windows Server with the Remote Desktop Gateway role enabled and exposed to the internet.
| Risk Factors | Details |
| Affected Products | Windows Server 2008 R2, 2012/R2, 2016 (Core/Standard), 2019 (Core/Standard), 2022 (Core/Standard), 2025 (Core/Standard) |
| Impact | Remote Code Execution (RCE) |
| Exploit Prerequisites | – Network-based attack (AV:N)- High complexity (AC:H)- User interaction required (admin must restart |
| CVSS 3.1 Score | 7.5 (Important) |
Microsoft’s Security Update Guide notes that exploitation of CVE-2025-26677 occurs when an attacker “triggers resource exhaustion” in the service, which indicates the possibility of a relatively straightforward attack methodology once identified by potential threat actors.
Organizations using affected Windows Server versions should implement Microsoft’s security updates immediately and consider reviewing network configurations to limit exposure of Remote Desktop Gateway services to trusted networks only.
Leveraging Defensive AI for Endpoint Security to stop threats with 99.5% accuracy – Join Free Seminar
