Listen to this Post
How CVE-2025-24045 Works
CVE-2025-24045 is a critical vulnerability in Windows Remote Desktop Services (RDS) where sensitive data remains in improperly locked memory regions. Attackers can exploit this flaw by sending specially crafted network packets to a vulnerable system, forcing memory leaks during RDS sessions. The unsecured memory regions may contain authentication tokens, session keys, or other sensitive data, allowing remote code execution (RCE) without authentication. The exploit leverages race conditions in memory management during RDS protocol handling, where locked memory pages are prematurely released.
DailyCVE Form
Platform: Windows RDS
Version: Windows Server 2019/2022
Vulnerability: Memory Lock Bypass
Severity: Critical
Date: 2025-03-11
Prediction: Patch by 2025-08-15
What Undercode Say
Analytics:
Get-WinEvent -LogName "Microsoft-Windows-RemoteDesktopServices-RDPCoreTS/Operational" reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server"
Exploit:
import socket payload = craft_rdp_memory_leak_packet() sock.sendto(payload, (target_ip, 3389))
Protection from this CVE:
- Disable RDS if unused.
- Apply Microsoft patch KB5034xxx.
- Enable Network Level Authentication (NLA).
Impact:
- Remote code execution.
- Credential theft.
- System compromise.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
