The vulnerability in Windows 10, Windows 11, and Windows Server allows attackers to gain complete control over the system.
Microsoft warns of a Windows vulnerability that can be exploited to gain full system privileges. A patch is available, but the tech giant emphasizes that it’s crucial to deploy it quickly.
Weakness in Validation
Microsoft has disclosed a critical vulnerability, CVE-2025-60703, affecting multiple versions of Windows 10, Windows 11, and Windows Server. This involves an error in memory address validation. The software trusts certain objects without verifying them, which is a classic programming flaw that can help attackers manipulate code execution.
Only an attacker with authorization rights can exploit the flaw, but that doesn’t make it any less dangerous. A regular user on a corporate network could theoretically gain complete control over the system.
Remote Desktop Environments at Risk
Systems with Remote Desktop Services (RDS) enabled are particularly affected. Microsoft urges companies to install this patch immediately, especially if RDS is part of their infrastructure.
Microsoft is rolling out the updates via Windows Update. However, it may take time for large enterprises to test and deploy the patches. In the meantime, security teams are advised to pay extra attention and limit user privileges, monitor for unexpected privilege escalations, and segment networks to make it harder for attackers.
There are no indications that CVE-2025-60703 is already being exploited in the wild.