Full Report
Microsoft says a known issue is causing Remote Desktop freezes on Windows Server 2025 systems after installing security updates released since the February 2025 Patch Tuesday. [...]
Analysis Summary
# Vulnerability: Windows Server 2025/Win 11 RDP Freezes Due to Recent Updates
## CVE Details
- CVE ID: Not specified in the provided text. (This is a post-update regression, not a traditional vulnerability disclosure).
- CVSS Score: N/A
- CWE: N/A
## Affected Systems
- Products: Windows Server 2025
- Versions: Systems updated with the problematic (pre-fix) Windows updates.
- Configurations: Systems experiencing Remote Desktop (RDP) connection instability leading to freezes.
## Vulnerability Description
Recent optional updates released for Windows Server 2025 caused Remote Desktop sessions to freeze periodically during the session, necessitating a disconnect and reconnect to restore functionality. A similar issue affected Windows 11 24H2 systems. Furthermore, RDP disconnection issues lasting up to 65 seconds when establishing UDP connections from Windows 11 24H2 clients to RDS hosts running Windows Server 2016 were observed. Windows Server 2025 clients connecting to older servers might also experience these RDP disconnection problems.
## Exploitation
- Status: This is a stability/regression issue caused by a bad update, not a security vulnerability requiring exploitation.
- Complexity: N/A
- Attack Vector: N/A
## Impact
- Confidentiality: Negligible (Operational instability)
- Integrity: Negligible (Operational instability)
- Availability: Moderate (Intermittent service unavailability/session disruption)
## Remediation
### Patches
- **Windows 11 24H2 Fix:** Optional update **KB5052093** (released February 25, 2025) resolved the RDP freezing issue for Windows 11 24H2.
- **Windows Server 2025 Fix:** The fix for Server 2025 is expected to roll out in a **future Windows update**.
- **RDP Disconnection Fix (Client/Server):** A permanent fix for the RDP/RDS disconnection problems affecting client connections (including Server 2025 acting as a client) will be generally available with **next month's cumulative updates**.
### Workarounds
- **For Server 2025 Freezing (Temporary):** Users must disconnect and reconnect their Remote Desktop sessions when a freeze occurs.
- **Known Issue Rollback (KIR):** Microsoft utilized KIR to reverse buggy, non-security updates causing *similar* RDP disconnection issues on Windows 11 24H2 systems. (This mechanism may not be readily available or applicable for Server 2025 regressions initially).
## Detection
- Indicators of Compromise: Intermittent RDP session freezing or session disconnections lasting several seconds (up to 65 seconds for specific client/server combinations).
- Detection methods and tools: System event logs detailing continuous RDP sessions abruptly terminating or becoming unresponsive. Monitoring RDP connection quality metrics.
## References
- Vendor advisory (KB5052093): hxxps://support.microsoft.com/en-us/topic/february-25-2025-kb5052093-os-build-26100-3323-preview-053856ea-f984-4bdb-866c-5f356f5a451b
- Related RDP issue resolution: hxxps://www.bleepingcomputer.com/news/microsoft/microsoft-recent-windows-updates-cause-remote-desktop-issues/
- General News Reference: hxxps://www.bleepingcomputer.com/news/microsoft/recent-windows-server-2025-updates-cause-remote-desktop-freezes/