Remote Desktop Licensing Service Remote Code Execution Vulnerability
CVE-2024-38077
Key Information:
- Vendor
- Microsoft
- Status
- Windows Server 2019
- Windows Server 2019 (server Core Installation)
- Windows Server 2022
- Windows Server 2022, 23h2 Edition (server Core Installation)
- Vendor
- CVE Published:
- 9 July 2024
Badges
What is CVE-2024-38077?
CVE-2024-38077 is a critical vulnerability found in the Microsoft Windows Remote Desktop Licensing Service. This service is responsible for managing licenses for the Remote Desktop Protocol (RDP), which enables users to remotely connect to other computers. The vulnerability allows for remote code execution, meaning that an attacker could exploit this weakness to run arbitrary code on an affected system. This could severely compromise organizational security by allowing unauthorized access to sensitive data and the manipulation of system functions.
Technical Details
The vulnerability relates to improper handling of requests within the Remote Desktop Licensing Service. By sending specially crafted requests to the service, an attacker could execute code in the context of the system user. This flaw raises significant concerns as it potentially allows attackers to gain control over systems running the affected service, leading to further exploitation opportunities. The vulnerability has been assigned a high CVSS score, highlighting its severity and the urgency of addressing the issue.
Impact of the Vulnerability
-
Remote Code Execution: The primary risk is the potential for remote code execution, which could allow attackers to take full control of affected systems. This could lead to unauthorized access to sensitive information and critical functions within the organization.
-
Data Breaches: Successful exploitation of this vulnerability could result in significant data breaches, as attackers may access, modify, or exfiltrate sensitive corporate or personal data stored on affected systems.
-
Increased Attack Surface: As this vulnerability affects a widely used Microsoft service, organizations employing Remote Desktop Services are at greater risk. This widespread impact increases the likelihood of related attacks and can amplify the overall threat landscape for businesses relying on these systems.
Affected Version(s)
Windows Server 2008 Service Pack 2 x64-based Systems 6.0.6003.0 < 6.0.6003.22769
Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems 6.1.7601.0 < 6.1.7601.27219
Windows Server 2008 R2 Service Pack 1 x64-based Systems 6.1.7601.0 < 6.1.7601.27219
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
LPE FTW β PSW #839
This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new ...
5 months ago
CybersecurityNewsCVE-2024-38077PoC Released for 0-click RCE Flaw Impacting Windows Server - MadLicense
The vulnerability, dubbed "MadLicense," is a pre-authentication RCE flaw that allows attackers to execute arbitrary code on vulnerable systems without requiring user interaction.
5 months ago
References
CVSS V3.1
Timeline
- π‘
Public PoC available
- π°
Used in Ransomware
- π₯
Vulnerability reached the number 1 worldwide trending spot
- π
Vulnerability started trending
- πΎ
Exploit known to exist
- π°
First article discovered by CybersecurityNews
Vulnerability published