CVE-2024-38077

The vulnerable software is Microsoft Windows, specifically the Windows Remote Desktop Licensing Service. This pre-authentication remote code execution issue affects all versions of Windows Server from 2000 to 2025. To exploit this issue, an unauthorized attacker can connect to the Remote Desktop Licensing Service and send a malicious message with a special attachment, which can cause remote code execution. An exploit for this issue has been released, allowing attackers to execute arbitrary code on the system and gain full control over the targeted server. Approximately 79,000 instances are exposed online, and around 170,000 hosts are potentially vulnerable.

The exploit works by sending a malicious message to the Remote Desktop Licensing Service, which can cause remote code execution without requiring any user interaction. Several proof-of-concept (PoC) exploits have been published on GitHub.

#WindowsServer #RCE #MadLicense #Cybersecurity #RDP #RDL #Infosec #Exploit #WindowsRemoteDesktop