14
- شناسه CVE-2025-21330 :CVE
- CWE-400 :CWE
- yes :Advisory
- منتشر شده: ژانویه 14, 2025
- به روز شده: ژانویه 28, 2025
- امتیاز: 7.5
- نوع حمله: T1499
- اثر گذاری: Denial of Service (Dos)
- حوزه: سیستمعاملها و اجزای کلیدی آن
- برند: Microsoft
- محصول: Windows
- وضعیتPublished :CVE
- No :POC
- وضعیت آسیب پذیری: patch شده
چکیده
این آسیب پذیری با شدت بالا طبقه بندی می شود. Affected یک عملکرد ناشناخته از مؤلفه Remote Desktop Services است که دستکاری آن منجر به مصرف منابع می شود. امکان انجام حمله از راه دور وجود دارد.
توضیحات
این آسیب پذیری در دسته CWE-400 قرار میگیرد که به دلیل مدیریت نامناسب منابع سیستم رخ میدهد.
مهاجم میتواند با ارسال ورودیهای خاص، منابع سیستم را بیش از حد مصرف کند که ممکن است باعث از کار افتادن سرویس (Denial of Service – DoS) شود. تأثیر این آسیبپذیری بر دسترسیپذیری (Availability) سیستم است، یعنی ممکن است سیستم یا سرویس RDS غیرقابلاستفاده شود. برای اجرای حمله هیچ نوع احراز هویتی نیاز نیست یعنی مهاجم نیازی به ورود به سیستم ندارد همچنین اجرای حمله آسان است و به دانش فنی بالایی نیاز ندارد. کاربران و مدیران سیستم باید هرچه سریعتر بهروزرسانیهای امنیتی مایکروسافت را اعمال کنند.
CVSS
| Score | Severity | Version | Vector String |
| 7.5 | HIGH | 3.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
لیست محصولات آسیب پذیر
| version | platform | product |
| affected from 10.0.17763.0 before 10.0.17763.6775 | 32-bit Systems, x64-based Systems | Windows 10 Version 1809 |
| affected from 10.0.17763.0 before 10.0.17763.6775 | x64-based Systems | Windows Server 2019 |
| affected from 10.0.17763.0 before 10.0.17763.6775 | x64-based Systems | Windows Server 2019 (Server Core installation) |
| affected from 10.0.20348.0 before 10.0.20348.3091
|
x64-based Systems | Windows Server 2022 |
| affected from 10.0.19043.0 before 10.0.19044.5371 | 32-bit Systems, ARM64-based Systems, x64-based Systems | Windows 10 Version 21H2 |
| affected from 10.0.22621.0 before 10.0.22621.4751 | ARM64-based Systems, x64-based Systems | Windows 11 version 22H2 |
| affected from 10.0.19045.0 before 10.0.19045.5371 | x64-based Systems, ARM64-based Systems, 32-bit Systems | Windows 10 Version 22H2 |
| affected from 10.0.26100.0 before 10.0.26100.2894 | x64-based Systems | Windows Server 2025 (Server Core installation) |
| affected from 10.0.22631.0 before 10.0.22631.4751 | ARM64-based Systems | Windows 11 version 22H3 |
| affected from 10.0.22631.0 before 10.0.22631.4751 | x64-based Systems | Windows 11 Version 23H2 |
| affected from 10.0.25398.0 before 10.0.25398.1369 | x64-based Systems | Windows Server 2022, 23H2 Edition (Server Core installation) |
| affected from 10.0.26100.0 before 10.0.26100.2894 | ARM64-based Systems, x64-based Systems | Windows 11 Version 24H2 |
| affected from 10.0.26100.0 before 10.0.26100.2894 | x64-based Systems | Windows Server 2025 |
لیست محصولات بروز شده
| Product | Impact | Max Severity | Build Number |
| Windows 11 Version 24H2 for x64-based Systems | Denial of Service | Important | 10.0.26100.2894 |
| Windows 11 Version 24H2 for ARM64-based Systems | Denial of Service | Important | 10.0.26100.2894 |
| Windows Server 2022, 23H2 Edition (Server Core installation) | Denial of Service | Important | 10.0.25398.1369 |
| Windows 11 Version 23H2 for x64-based Systems | Denial of Service | Important | 10.0.22631.4751 |
| Windows 11 Version 23H2 for ARM64-based Systems | Denial of Service | Important | 10.0.22631.4751 |
| Windows Server 2025 (Server Core installation) | Denial of Service | Important | 10.0.26100.2894 |
| Windows 10 Version 22H2 for 32-bit Systems | Denial of Service | Important | 10.0.19045.5371 |
| Windows 10 Version 22H2 for ARM64-based Systems | Denial of Service | Important | 10.0.19045.5371 |
| Windows 10 Version 22H2 for x64-based Systems | Denial of Service | Important | 10.0.19045.5371 |
| Windows 11 Version 22H2 for x64-based Systems | Denial of Service | Important | 10.0.22621.4751 |
| Windows 11 Version 22H2 for ARM64-based Systems | Denial of Service | Important | 10.0.22621.4751 |
| Windows 10 Version 21H2 for x64-based Systems | Denial of Service | Important | 10.0.19044.5371 |
| Windows 10 Version 21H2 for ARM64-based Systems | Denial of Service | Important | 10.0.19044.5371 |
| Windows 10 Version 21H2 for 32-bit Systems | Denial of Service | Important | 10.0.19044.5371 |
| Windows Server 2022 (Server Core installation) | Denial of Service | Important | 10.0.20348.3091 |
| Windows Server 2022 | Denial of Service | Important | 10.0.20348.3091 |
| Windows Server 2019 (Server Core installation) | Denial of Service | Important | 10.0.17763.6775 |
| Windows Server 2019 | Denial of Service | Important | 10.0.17763.6775 |
| Windows 10 Version 1809 for x64-based Systems | Denial of Service | Important | 10.0.17763.6775 |
| Windows 10 Version 1809 for 32-bit Systems | Denial of Service | Important | 10.0.17763.6775 |
| Windows Server 2025 | Denial of Service | Important | 10.0.26100.2894 |
منابع
- https://www.cve.org/CVERecord?id=CVE-2025-21330
- https://www.cvedetails.com/cve/CVE-2025-21330/
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21330
- https://vulmon.com/vulnerabilitydetails?qid=CVE-2025-21330
- https://vuldb.com/?id.291773
- https://cwe.mitre.org/data/definitions/400.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-21330#range-16292570
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2025-21330
