Full Report
Microsoft says that some customers might experience Remote Desktop and RDS connection issues after installing recent Windows updates released since January 2025. [...]
Analysis Summary
# Vulnerability: Remote Desktop Disconnections Following March 2025 Windows Update
## CVE Details
- CVE ID: Not specified in the provided context. This appears to be an operational issue/bug introduced by a non-security update.
- CVSS Score: Not applicable (N/A) as this is a functionality issue, not a security vulnerability with standard CVE assignment.
- CWE: N/A
## Affected Systems
- Products: Windows 11 (Version 24H2), Windows Server 2025 (acting as RDP clients), Windows Server 2016 (acting as RDS hosts).
- Versions: Windows 11 24H2, Windows Server 2025, Windows Server 2016. The issue is triggered by the March 2025 Windows security update (KB5053598).
- Configurations: Issue occurs when establishing UDP connections via Remote Desktop Protocol (RDP) from Windows 11 24H2 PCs to RDS hosts running Windows Server 2016.
## Vulnerability Description
Recent non-security updates (specifically the March 2025 update KB5053598) introduced a regression affecting Remote Desktop Protocol (RDP). Affected users experience unexpected RDP disconnections occurring exactly 65 seconds after establishing a session when utilizing UDP connections between Windows 11 24H2 clients and Windows Server 2016 RDS hosts. The issue can also affect Windows Server 2025 systems acting as RDP clients connecting to older servers.
## Exploitation
- Status: Operational issue/Bug, not an exploitable security weakness.
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Negligible (related to session interruption)
- Integrity: Negligible (related to session interruption)
- Availability: Moderate (Disruption of RDP sessions, impacting user productivity)
## Remediation
### Patches
* **Immediate Fix (KIR):** Deploy the **Windows 11 24H2 and Windows Server 2025 KB5053598 250314\_20401 Known Issue Rollback** group policy object (GPO).
* Policy location after installation: `Computer Configuration > Administrative Templates`.
* Guidance available on the Microsoft support website.
* **Permanent Fix:** A permanent fix will be delivered automatically via a future standard Windows Update.
### Workarounds
There are no specific workarounds mentioned other than deploying the Known Issue Rollback (KIR) GPO until the permanent update is released.
## Detection
- Indicators of Compromise: Unexpected RDP disconnections occurring after approximately 65 seconds when using UDP connections involving the listed Windows versions.
- Detection Methods and Tools: Monitoring RDP connection status and investigating logs immediately following the March 2025 update deployment (KB5053598).
## References
- Vendor Advisory (Source): bleepingcomputer com/news/microsoft/microsoft-recent-windows-updates-cause-remote-desktop-issues/
- KIR Deployment Guidance: docs microsoft com/en-us/troubleshoot/windows-client/group-policy/use-group-policy-to-deploy-known-issue-rollback