Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
The vulnerability results from an integer underflow error (CWE-191) in the Remote Desktop Licensing Service. An attacker can send a specially crafted network request to the vulnerable server without needing any privileges or user interaction. The attack vector is network-based, and attack complexity is rated as low, meaning the exploit can be performed in a repeatable and reliable manner.
Successful exploitation of the vulnerability allows an attacker to execute arbitrary code remotely on the server with service privileges, which may lead to full system takeover, data leakage, and compromise of server integrity and availability.
Apply patches available from the vendor according to references — updates were published by Microsoft as part of Patch Tuesday on July 9, 2024. Detailed information available at: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38074. As a temporary measure, it is recommended to restrict network access to the Remote Desktop Licensing Service only to trusted hosts.
Microsoft Windows Server 2008, Windows Server 2012, Windows Server 2016, Windows Server 2019 — affects systems with active Remote Desktop Licensing Service; detailed version lists indicated in vendor references
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMicrosoft Windows Server 2008
OSMicrosoftr2Microsoft Windows Server 2012
OSMicrosoftr2Microsoft Windows Server 2016
OSMicrosoft< 10.0.14393.7159Microsoft Windows Server 2019
OSMicrosoft< 10.0.17763.6054Microsoft Windows Server 2022
OSMicrosoft< 10.0.20348.2582Microsoft Windows Server 2022 23h2
OSMicrosoft< 10.0.25398.1009
Related vulnerabilities
RCE w Windows Server Update Service (WSUS) — deserializacja danych
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly ...
A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly val...
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properl...
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services wh...