CVE-2024-38077 Vulnerability

Overview

  • Vulnerable Platform: Windows Server
  • Vulnerable Versions: 2000 to 2025
  • Security Patch Release Date: July 09, 2024
  • Vulnerability Type: Remote Code Execution (RCE)
  • Risk Level (CVSSv3): Critical (9.8)
  • Exploit Status: Proof of Concept (PoC) Released

 

Technical Description

The CVE-2024-38077 vulnerability is a critical Remote Code Execution (RCE) flaw in the Windows Remote Desktop Licensing (RDL) service. This flaw allows attackers to execute arbitrary code on a target system without authentication. The RDL service, a component of Remote Desktop Services, manages the allocation and tracking of user access licenses needed for Remote Desktop sessions.”

Vulnerable Versions

The vulnerability impacts Windows Server versions 2000 to 2025. It is possible to determine if the RDL service is active on systems by running the following PowerShell command:
Get-WindowsFeature -Name RDS-Licensing

 

Vulnerability Details

Referred to as MadLicense, this vulnerability carries a critical CVSS score of 9.8. The exploit leverages a sophisticated technique to inject a malicious DLL into the target system via the SMB protocol. The root cause is a heap-based buffer overflow within the Windows Remote Desktop Licensing service, which results from improper input validation and could result in memory corruption.

This flaw enables attackers to send specially crafted requests to the vulnerable service, triggering remote arbitrary code execution (RCE). Exploitation of this vulnerability can allow attackers to gain full control of the compromised system, leading to severe consequences such as data exfiltration, system compromise, or a denial-of-service (DoS) condition.

How to patch the vulnerability

To address this vulnerability, apply the security patches released on July 09, 2024, available at:
[https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077]

Additionally, installing Padvish Antivirus can provide enhanced protection while awaiting the application of the patch. Until the patches are applied, the following risk mitigation steps are recommended:

  •  Disable Remote Desktop Licensing (RDL) if not in use
  • Implement network segmentation to limit unauthorized access and prevent lateral movement across the network.

  0 people found this article useful