Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVE-2024-38077
9.8CRITICAL

Key Information

Vendor
Microsoft
Status
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Windows Server 2022, 23h2 Edition (server Core Installation)
Vendor
CVE Published:
9 July 2024

Badges

πŸ”₯ No. 1 TrendingπŸ˜„ TrendedπŸ‘Ύ Exploit ExistsπŸ”΄ Public PoCπŸ“° News Worthy

Summary

The CVE-2024-38077 vulnerability is a critical remote code execution (RCE) flaw in the Windows Remote Desktop Licensing Service. Also known as "MadLicense," this pre-authentication vulnerability allows attackers to execute arbitrary code on vulnerable systems without requiring user interaction. This poses a significant threat as it impacts Windows Server versions from 2000 to the latest 2025 preview. The vulnerability has the potential to affect over 170,000 Remote Desktop Licensing Services exposed to the public internet. The PoC exploit released by researchers demonstrates how this vulnerability can be leveraged to achieve full remote code execution capabilities, and there are no known exploits circulating for this vulnerability, despite its potential for widespread attacks. Microsoft has released a patch to address the vulnerability, and organizations are urged to apply this update to mitigate risks.

Affected Version(s)

Windows Server 2019 < 10.0.17763.6054

Windows Server 2019 (Server Core installation) < 10.0.17763.6054

Windows Server 2022 < 10.0.20348.2582

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-38077
Created by Wlibang

fyne-gui
Created by BBD-YZZ

News Articles

favicon imageSC Media

LPE FTW – PSW #839

This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new ...

1 month ago

favicon imageCybersecurityNews

PoC Released for 0-click RCE Flaw Impacting Windows Server - MadLicense

The vulnerability, dubbed "MadLicense," is a pre-authentication RCE flaw that allows attackers to execute arbitrary code on vulnerable systems without requiring user interaction.

1 month ago

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit exists.

  • πŸ”₯

    Vulnerability reached the number 1 worldwide trending spot.

  • Vulnerability started trending.

  • First article discovered by CybersecurityNews

  • Vulnerability published.

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed2 Proof of Concept(s)2 News Article(s)
.