Chunyang Han

Name of the Vulnerable Software and Affected Versions: Windows Kernel (affected versions not specified) Description: A vulnerability allows attackers to obtain sensitive information and affect the system. The Windows Kernel generates error messages containing sensitive information, potentially allowing a locally authorized attacker to disclose information. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Connected Devices Platform Service (affected versions not specified) Description: The issue is related to a use after free condition in the Windows Connected Devices Platform Service, which allows an unauthorized attacker to execute code over a network. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service (affected versions not specified) Description: The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. It allows remote attackers to execute arbitrary code and affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** The vulnerability in the Windows Remote Desktop Licensing Service is related to the use of an uninitialized resource. Exploitation of this issue may allow a remote attacker to execute arbitrary code, potentially impacting the system. This could enable remote attackers to run malicious code, affecting the system's security. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** The issue is related to errors in handling relative path to directory in the Remote Desktop Licensing Service of Windows operating systems. Exploitation of this issue may allow a remote attacker to disclose protected information. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** The issue is related to errors in handling relative path to directory in the Remote Desktop Licensing Service of Windows operating systems. Exploitation of this issue may allow a remote attacker to execute arbitrary code. This can potentially lead to arbitrary file deletion. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** The issue is related to the use of insecure mechanisms for handling authentication data in the operating system's memory. This can allow a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** The issue is related to insufficient input validation in the Windows Remote Desktop Licensing Service, which can be exploited by a remote attacker to conduct spoofing attacks. This allows the attacker to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** The issue is related to synchronization errors in the Windows Remote Desktop Licensing Service, specifically a "race condition" scenario. This can be exploited by a remote attacker to execute arbitrary code. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Remote Desktop Licensing Service (affected versions not specified) **Description** The issue is related to a denial-of-service vulnerability in the Windows Remote Desktop Licensing Service, which is caused by weaknesses in the authentication procedure. This vulnerability can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

The vulnerable software is Microsoft Windows, specifically the Windows Remote Desktop Licensing Service. This pre-authentication remote code execution issue affects all versions of Windows Server from 2000 to 2025. To exploit this issue, an unauthorized attacker can connect to the Remote Desktop Licensing Service and send a malicious message with a special attachment, which can cause remote code execution. An exploit for this issue has been released, allowing attackers to execute arbitrary code on the system and gain full control over the targeted server. Approximately 79,000 instances are exposed online, and around 170,000 hosts are potentially vulnerable. The exploit works by sending a malicious message to the Remote Desktop Licensing Service, which can cause remote code execution without requiring any user interaction. Several proof-of-concept (PoC) exploits have been published on GitHub. #WindowsServer #RCE #MadLicense #Cybersecurity #RDP #RDL #Infosec #Exploit #WindowsRemoteDesktop

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service (affected versions not specified) Description: The issue is related to weaknesses in the authentication procedure of the Windows Remote Desktop Licensing Service. It allows a remote attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service (affected versions not specified) Description: The issue is related to a buffer overflow in memory, which can be exploited by a remote attacker to cause a denial of service. This can affect the system, allowing attackers to disrupt service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows (affected versions not specified) Description: A denial-of-service vulnerability exists due to a buffer overflow in memory within the Remote Desktop Licensing Service. Successful exploitation could allow a remote attacker to cause a denial-of-service condition. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service (affected versions not specified) Description: The issue is related to a buffer overflow in memory, allowing a remote attacker to execute arbitrary code. This can enable the attacker to impact the system. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service (affected versions not specified) Description: The issue is related to an integer overflow in the Windows Remote Desktop Licensing Service, which can be exploited by a remote attacker to execute arbitrary code. This allows the attacker to impact the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Windows Remote Desktop Licensing Service (affected versions not specified) Description: The issue is related to pointer dereference errors in the Windows Remote Desktop Licensing Service. It allows a remote attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to a denial-of-service vulnerability in the implementation of the Internet Key Exchange (IKE) protocol. It exists due to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows Point-to-Point Tunneling Protocol (affected versions not specified) **Description** The issue is related to the implementation of the Point to Point Tunneling Protocol (PPTP) in Windows operating systems, specifically concerning errors in synchronization when using a shared resource, known as a "race condition". This can be exploited by a remote attacker to execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.