Discovered: 8/11/2024
Impacted Tech: All Iterations of Windows Server (2000-2025)
Summary:
CVE-2024-38077, also known as “MadLicense,” is a critical 0-click
remote code execution (RCE) vulnerability in the Windows
Remote Desktop Licensing Service (RDL). It affects all versions of
Windows Server from 2000 to 2025, allowing attackers to gain full
control of servers without any user interaction.
Verify Exposure:
This vulnerability is present in Windows Server 2000-2025: that
have RDL enabled. All versions are vulnerable. Attackers can
exploit a heap overflow in the “CDataCoding::DecodeData”
function to execute arbitrary code, bypassing even the latest
security mitigations.
Interim Mitigation Measures:
- -Patch Immediately:
- Microsoft has released a patch as part of the July security update. Apply this patch without delay.
- -Disable RDL:
- If RDL is not required, disable it to reduce exposure.
- -Enhanced Monitoring:
- Implement enhanced logging and monitoring to detect any suspicious activity related to RDL services.
Urgency: Given the widespread exposure and the availability of
proof-of-concept (PoC) exploit code, immediate action is
necessary to protect your systems from potential attacks.
Additional Resources:
Exploitable PoC Released for CVE-2024-38077: 0-Click RCE
Threatens All Windows Servers (securityonline.info)
August 12, 2024 Advisory: Windows Remote Desktop Licensing
Service RCE [CVE-2024-38077] | Censys
Blog: CVE-2024-38077: A Critical Zero-Click RCE Threat to All
Windows Servers (alchemytechgroup.com)
Vulnerability Alert 