CVE-2025-24035: 
vulnerability analysis and mitigation

CVE-2025-24035 is a critical remote code execution (RCE) vulnerability affecting Windows Remote Desktop Services, specifically the Remote Desktop Gateway (RD Gateway) service. The vulnerability was disclosed on March 11, 2025, and is caused by a remote unauthenticated User-after-free (UAF) issue in handling websocket initialization and closing operations. Microsoft has assigned it a CVSS 3.1 score of 8.1 (NVD, Talos).

The vulnerability stems from sensitive data storage in improperly locked memory in Windows Remote Desktop Services. It manifests as a User-after-free (UAF) issue specifically in handling websocket initialization and closing operations. Successful exploitation requires the attacker to connect to a system with the RD Gateway role. The vulnerability has been assigned a CVSS 3.1 Base Score of 8.1 HIGH with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H (NVD, Talos).

If successfully exploited, this vulnerability allows an unauthorized attacker to execute arbitrary code over a network through the RD Gateway process. The high CVSS score indicates that the vulnerability can lead to significant compromise of confidentiality, integrity, and availability of the affected system (NVD).

Microsoft has released security updates to address this vulnerability as part of their March 2025 Patch Tuesday updates. Organizations are strongly advised to apply the available patches immediately to affected systems, particularly those running Remote Desktop Gateway services (CrowdStrike).