CVE-2024-38073

Out-of-bounds Read (CWE-125)

Published: Jul 9, 2024

010
CVSS 7.5EPSS 0.05%High
CVE info copied to clipboard

Summary

Windows Remote Desktop Licensing Service is vulnerable to a Denial of Service attack. This vulnerability is related to an out-of-bounds read issue (CWE-125) in the affected service. The vulnerability affects various versions of Windows Server, including Windows Server 2008, 2012, 2016, 2019, 2022, and 2022 23h2.

Impact

An attacker can exploit this vulnerability to cause a denial of service condition in the Windows Remote Desktop Licensing Service. This could result in the service becoming unavailable, potentially disrupting remote desktop licensing operations. The attack can be performed remotely over the network without requiring user interaction or special privileges. The vulnerability has a CVSS v3.1 base score of 7.5, indicating a high severity level.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft released an update to address this vulnerability on July 9, 2024. Specific version numbers that should be patched to are: - Windows Server 2022: Update to version 10.0.20348.2582 or later - Windows Server 2022 23h2: Update to version 10.0.25398.1009 or later - Windows Server 2019: Update to version 10.0.17763.6054 or later - Windows Server 2016: Update to version 10.0.14393.7159 or later Older versions of Windows Server (2008, 2012) should also be updated, but specific version numbers were not provided.

Mitigation

1. Apply the security update provided by Microsoft as soon as possible. 2. If immediate patching is not possible, consider temporarily disabling the Windows Remote Desktop Licensing Service if it's not critical for operations. 3. Implement network segmentation and firewall rules to limit access to the Remote Desktop Licensing Service only to trusted networks and devices. 4. Monitor for any unusual activity or performance issues related to the Remote Desktop Licensing Service. 5. Keep systems and software up to date with the latest security patches as a general best practice.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92149)

Jul 9, 2024 at 7:53 AM
CVSS

A CVSS base score of 7.5 has been assigned.

Jul 9, 2024 at 5:05 PM / microsoft
CVE Assignment

NVD published the first details for CVE-2024-38073

Jul 9, 2024 at 5:15 PM
First Article

Feedly found the first article mentioning CVE-2024-38073. See article

Jul 9, 2024 at 5:17 PM / Vulners.com RSS Feed
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Jul 9, 2024 at 5:25 PM
Trending

This CVE started to trend in security discussions

Jul 9, 2024 at 6:59 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 17.2%)

Jul 10, 2024 at 10:14 AM
Trending

This CVE stopped trending in security discussions

Jul 12, 2024 at 6:08 PM
Threat Intelligence Report

CVE-2024-38073 is a critical Denial of Service vulnerability in the Windows Remote Desktop Licensing Service. It has a CVSS score of [insert score here]. The vulnerability is currently being exploited in the wild by [insert threat actor here], and there are no known mitigations or patches available at this time. This vulnerability may have downstream impacts on other third-party vendors or technologies that rely on the affected service. See article

Aug 11, 2024 at 1:46 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2019
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-540: Overread Buffers
+null more

References

CVE-2024-38077 : A Zero-Click RCE Threat In Windows Server 2025
These vulnerabilities can be used to build multiple Preauth RCE exploitations targeting the Windows Remote Desktop Licensing Service. Among them were several Preauth RCE vulnerabilities (Unauthenticated non-sandboxed 0-click RCE) in the Remote Desktop Licensing Service.

News

CVE-2024-38077 : A Zero-Click RCE Threat In Windows Server 2025
These vulnerabilities can be used to build multiple Preauth RCE exploitations targeting the Windows Remote Desktop Licensing Service. Among them were several Preauth RCE vulnerabilities (Unauthenticated non-sandboxed 0-click RCE) in the Remote Desktop Licensing Service.
CVE-2024-38077.md
from impacket.dcerpc.v5.dtypes import BOOL,ULONG, DWORD, PULONG, PWCHAR, PBYTE, WIDESTR, UCHAR, WORD, BBYTE, LPSTR, PUINT, WCHAR These vulnerabilities can be used to build multiple Preauth RCE exploitations targeting the Windows Remote Desktop Licensing Service.
Windows Remote Desktop Licensing Service Denial of Service VulnerabilityWindo...
Windows Remote Desktop Licensing Service Denial of Service Vulnerability
Microsoft Security Bulletin Coverage for July 2024
The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2024 and has produced coverage for 7 of the reported vulnerabilities. Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution.
July Patch Tuesday Unleashes a Torrent of Updates – Sophos News
The Microsoft SQL Server Native Client component of this month’s update will fix 38 distinct remote code execution bugs in the OLE database driver. Microsoft rates five of the RCE vulnerabilities at the highest severity level of “critical,” including bugs that affect SharePoint Server, Windows Remote Desktop Licensing Service, and the Windows Codec library.
See 9 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI