Remote Code Execution Vulnerability in Windows Remote Desktop Licensing Service
CVE-2024-43454

7.1HIGH

Key Information:

Vendor

Microsoft
Status
Windows Server 2019
Windows Server 2019 (server Core Installation)
Windows Server 2022
Windows Server 2022, 23h2 Edition (server Core Installation)
Vendor
CVE Published:
10 September 2024

What is CVE-2024-43454?

The Windows Remote Desktop Licensing Service has been identified with a vulnerability that allows remote code execution. This flaw could potentially allow an unauthorized attacker to execute arbitrary code on the affected system. The vulnerability arises due to improper handling of requests to the Remote Desktop Licensing Service. Successful exploitation may lead to privilege escalation and unauthorized access to sensitive data and applications. Organizations using affected versions of Windows are encouraged to apply the latest security updates to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Windows Server 2008 Service Pack 2 x64-based Systems 6.0.0 < 6.0.6003.22870

Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems 6.0.0 < 6.1.7601.27320

Windows Server 2008 R2 Service Pack 1 x64-based Systems 6.1.0 < 6.1.7601.27320

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

EPSS Score

28% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.