MIIT NVDB issues risk alert on preventing high-risk vulnerability of Windows remote desktop service privilege escalation

Recently, the Ministry of Industry and Information Technology's network security threat and vulnerability information sharing platform discovered a high-risk vulnerability in the Windows Remote Desktop Service, which has been used in network attacks. The Remote Desktop Service is a core component in the Windows system that provides remote access, desktop virtualization, and session management. The service has a validation flaw when handling internal configuration and related registry permissions. Attackers with user permissions or remote desktop session establishment conditions can manipulate service startup configurations by constructing special requests, achieving local privilege escalation without user interaction, obtaining the highest system privileges, and then carrying out malicious operations. Affected models include Windows 10/11, Windows Server 2012/2016/2019/2022/2025, etc. Microsoft has already fixed the vulnerability and issued a security advisory. It is recommended that relevant agencies and users immediately conduct a comprehensive investigation, promptly upgrade Windows systems to the latest secure versions, or install patches according to the official announcement. For systems that cannot be updated in a timely manner, strengthening measures such as restricting non-essential remote desktop access and enabling multi-factor authentication can be taken to prevent network attack risks.