Important security warning for all users of JTL in the cloud and Windows Server systems: Immediate installation of updates required!

Important security warning for all users of JTL in the cloud and Windows Server systems: Immediate installation of updates required!

For the March 2025 patchday, Microsoft has closed critical vulnerabilities that particularly affect Windows Remote Desktop Services (RDP). These vulnerabilities allow attackers to execute malicious code over the network and therefore pose a serious risk to the security of your systems. All Windows Server versions and Windows 10 and 11 desktop systems that actively use remote desktop connections are particularly affected – including many JTL users in the cloud and on Windows server systems. This is particularly the case if access via RDP is not restricted to specific origin locations via a firewall.

What are the vulnerabilities?

The vulnerabilities CVE-2025-24035 and CVE-2025-24045 affect Windows Remote Desktop Services and have been classified as highly critical with a CVSS score of 8.1. Microsoft classifies the vulnerabilities as “critical”, as exploitation by attackers is considered “likely” – although no specific cases are known to date. Both vulnerabilities allow an attacker to execute malicious code on an affected target system without user interaction and without additional access rights. Although the complexity of a successful attack is considered high, the risk is enormous due to the severity of the vulnerabilities.

The specific vulnerabilities are as follows:

  • CVE-2025-24035: Affected systems can be led into a use-after-free scenario by an attacker via a race condition through an attack on the remote desktop gateway role, leading to the execution of malicious code.
  • CVE-2025-24045: This vulnerability only affects Windows Server versions (2012, 2016, 2019, 2022, 2025), but also allows the remote execution of malicious code.

Affected systems:

  • Desktop systems: Windows 10 and Windows 11
  • Windows Server versions: Windows Server 2008 (R2), 2012 (R2), 2016, 2019, 2022 and 2025

Why is this important for you?

The affected vulnerabilities can be exploited remotely to execute malicious code on your system. If your system is accessible via remote desktop connections (RDP), you are particularly at risk. Users of JTL in the cloud who work on Windows Server systems are therefore directly affected. Even if no specific attacks have been reported at present, exploitation is considered more likely. It is therefore essential to take quick and timely action to rectify the vulnerabilities.

What do you need to do now?

  1. Install the latest security updates from Microsoft immediately. The patches for these vulnerabilities have been available since March 11, 2025. You should apply these updates to all affected systems immediately.
  2. Check your remote desktop connections. If possible, temporarily disable access via RDP until the updates have been successfully installed. This can provide an additional layer of protection until the vulnerabilities are fully fixed.
  3. Test your systems after installation. Make sure that the patches have been installed correctly and that your system continues to function properly after the update.

Leave a Reply

Your email address will not be published. Required fields are marked *