Vulnerability description:
The Windows Remote Desktop Licensing Service is a tool for managing and distributing Remote Desktop Services (RDS) client access licenses (RDLs), and is usually started at the same time as enabling Remote Desktop Services.
CVE-2024-38077 A buffer overflow vulnerability exists in the affected version of Windows Remote Desktop Licensing Service, which can be exploited by an unauthenticated attack to send a malicious request to SYSTEM to remotely execute arbitrary code after Windows Server starts the Remote Desktop Licensing Service.
Impact of the vulnerability:
windows_server@[2000~2025] Full version affected.
Note: The RDL service is not installed by default, but many administrators manually enable it.
Vulnerability POC&EXP:
https://github.com/qi4L/CVE-2024-38077/blob/master/CVE-2024-38077-EXP.py
Fix:
1. An official patch has been released:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077
2. Close the remote desktop license service
refer to:
1,https://www.oscs1024.com/hd/MPS-zgq7-6dly
2,https://nvd.nist.gov/vuln/detail/CVE-2024-38077
3,https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077
4,https://sites.google.com/site/zhiniangpeng/blogs/MadLicense
5. https://support.sangfor.com.cn/productTool/read?product_id=201&id=84
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/windows-rdp-rdl-0-click-rce-cve-2024-38077-html
