CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-38077

High Severity
Microsoft
SVRS
50/100
CVSSv3
9.8/10
EPSS
0.82347/1

CVE-2024-38077 is a critical Remote Code Execution vulnerability in the Windows Remote Desktop Licensing Service. This flaw allows attackers to execute arbitrary code on a target system. While the CVSS score is high at 9.8, SOCRadar's Vulnerability Risk Score (SVRS) is 50, indicating moderate risk despite active exploits and a vendor advisory being available. Successful exploitation of CVE-2024-38077 could lead to complete system compromise, data breaches, and significant operational disruption. This vulnerability, classified as CWE-122, signifies a heap-based buffer overflow. Though the SVRS suggests a lower immediate threat than its CVSS score, the 'In The Wild' and 'Exploit Available' tags highlight the importance of patching to mitigate potential cybersecurity threats. Users of Windows Remote Desktop Licensing Service should apply the vendor's patch to secure their systems. Given the active exploits, delaying the patch could be costly for organizations.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-07-09
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-38077 is a critical vulnerability in the Windows Remote Desktop Licensing Service that allows remote code execution. The vulnerability has a CVSS score of 9.8, indicating its high severity. SOCRadar's SVRS score of 56 highlights the urgency of addressing this threat.

Key Insights:

  • Active Exploitation: Active exploits have been published, indicating that hackers are actively exploiting the vulnerability.
  • High Impact: The vulnerability allows remote code execution, which could lead to complete system compromise.
  • Widely Used Software: Windows Remote Desktop is widely used, increasing the potential impact of this vulnerability.
  • CISA Warning: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.

Mitigation Strategies:

  • Apply Software Updates: Install the latest security updates from Microsoft to patch the vulnerability.
  • Disable Remote Desktop Services: If possible, disable Remote Desktop Services until the patch is applied.
  • Use Strong Passwords: Ensure strong passwords are used for Remote Desktop accounts.
  • Implement Network Segmentation: Segment networks to limit the spread of potential attacks.

Additional Information:

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Accord96/CVE-2024-38077-POChttps://github.com/Accord96/CVE-2024-38077-POC2025-01-23
CloudCrowSec001/CVE-2024-38077-POChttps://github.com/CloudCrowSec001/CVE-2024-38077-POC2024-08-09
SecStarBot/CVE-2024-38077-POChttps://github.com/SecStarBot/CVE-2024-38077-POC2024-08-09
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Micropatches for "MadLicense" Windows Remote Desktop Licensing Service Remote Code Execution (CVE-2024-38077)
Mitja Kolsek ([email protected])2025-04-01
Micropatches for "MadLicense" Windows Remote Desktop Licensing Service Remote Code Execution (CVE-2024-38077) | &nbsp;July 2024 Windows Updates brought a patch for <a href
blogspot.com
rss
forum
news
Tageszusammenfassung - 09.08.2024
CERT.at2024-08-09
Tageszusammenfassung - 09.08.2024 | End-of-Day report Timeframe: Donnerstag 08-08-2024 18:00 - Freitag 09-08-2024 18:00 Handler: Robert Waldner Co-Handler: n/a News Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browsers executables to hijack homepages and steal browsing history.
cve-2024-38077
cve-2024-26308
cve-2024-37532
cve-2023-38018
The July 2024 Security Update Review
Dustin Childs2024-07-09
The July 2024 Security Update Review | We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for July 2024For July, Adobe released three
cve-2024-37977
cve-2024-38051
cve-2024-38015
cve-2024-38054
Microsoft Patch Tuesday July 2024 : 4 Zero-days, 59 Code Execution &amp; 75 Flaws Patched
Guru Baran2024-07-10
Microsoft Patch Tuesday July 2024 : 4 Zero-days, 59 Code Execution &amp; 75 Flaws Patched | Microsoft&#8217;s July 2024 Patch Tuesday has brought a significant wave of updates, addressing a total of 139 vulnerabilities across various products and components. This release includes 139 new CVEs in Windows, Office, .NET, Azure, SQL Server, Hyper-V, and even Xbox, with an additional three third-party CVEs documented this month. Among these, five vulnerabilities are rated [&#8230;] The post Microsoft Patch Tuesday July 2024 : 4
cve-2024-37985
cve-2024-38112
cve-2024-38080
cve-2024-38023
Patch Tuesday brings a Hyper-V vulnerability exploited in the wild, trio of CVSS 9.8 bugs in RDS - The Stack
2024-07-09
Patch Tuesday brings a Hyper-V vulnerability exploited in the wild, trio of CVSS 9.8 bugs in RDS - The Stack | News Content: A vulnerability in the "Hyper-V" hypervisor is being exploited in the wild, Microsoft said on July’s Patch Tuesday as it pushed out 143 patches. The elevation of privilege (EOP) bug, allocated CVE-2024-38080 gives a successful attacker SYSTEM privileges Microsoft said. It was disclosed anonymously and Redmond did not say how widespread exploitation is. Redmond patched two actively exploited bugs, as well as five critical vulnerabilities, all of which were remote code execution (RCE) bugs
cve-2024-38077
cve-2024-38074
cve-2024-38080
cve-2024-38112
Microsoft Patch Tuesday July 2024, (Tue, Jul 9th)
2024-07-09
Microsoft Patch Tuesday July 2024, (Tue, Jul 9th) | Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as "critical". There are two vulnerabilities that have already been discussed and two that have already been exploited.&#xd;Microsoft today released patches for 142 vulnerabilities. Only four of the vulnerabilities are rated as &quot;critical&quot;. There are two vulnerabilities that have already been discussed and two that have already been exploited. Noteworthy Vulnerabilities: <u
cve-2024-38060
cve-2024-3596
cve-2024-38077
cve-2024-35264
Patch Tuesday - July 2024
Greg Wiseman2024-07-09
Patch Tuesday - July 2024 | Microsoft has published 139 vulnerabilities this July 2024 Patch Tuesday, two of which had already been seen exploited in the wild.Microsoft is addressing 139 vulnerabilities this July 2024 Patch Tuesday, which is on the high side in terms of typical CVE counts. They’ve also republished details for 4 CVEs issued by other vendors that affect Microsoft products. Microsoft has evidence of in-the-wild exploitation for 2 of the
rapid7.com
rss
forum
news

Social Media

#BHASIA Briefing "One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025" will explore the attack surface of the Remote Desktop Licensing Service, focusing on the newly identified vulnerability, CVE-2024-38077, which impacts all versions of https://t.co/M5u5S3Nzs5
0
0
4
#CVE-2024-38077 in #Windows Remote Desktop Licensing Service allows attackers to execute code remotely, impacting Windows Server versions. With a #CVSS score of 9.8. Check it out: https://t.co/q7U2D9Zwef #CyberSecurity #RCE #WindowsServer #PatchNow #infosecurity https://t.co/nV2mo80MIW
0
0
1
Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers https://t.co/oGpWMXLXKR
0
0
0
Windows Server at risk from PoC exploit for CVE-2024-38077 | Born's Tech and Windows World https://t.co/xIdbrspajK
0
0
0
🚨 MadLicense est le nom de la nouvelle vulnérabilité critique (CVE-2024-38077 avec une CVSS de 9.8) qui affecte les machines Windows, et plus précisément les serveurs Windows. 💻 Cette vulnérabilité dans le service de gestion des licences de bureau à distance (RDL : Remote https://t.co/TyRBBfi5Dh
0
0
0
CVE-2024-38077 (MadLicense): One bug to rule them all Exploiting Preauth RCE vulnerabilities on Windows Server 2025 Urgent patch! Remote Desktop Licensing (RDL) Service https://t.co/hA6eKYzLk2
0
0
1
Exploitable PoC Released for MadLicense CVE-2024-38077: 0-Click RCE Threatens All Windows Servers including ver. 2025 https://t.co/TJzq4wooB9
0
0
0
Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers https://t.co/ba4n2VoGei
0
0
0
🚨 New #ZeroClick Vulnerability Alert! CVE-2024-38077 is threatening all #WindowsServers. Learn how to protect your systems in our latest blog: 🔗https://t.co/oAOEQD6mbl #CyberSecurity #RCE
0
0
0
🪲MadLicense (CVE-2024-38077): exploits a simple heap overflow - affects all versions of Windows Server 2000 through 2025 "In my opinion, the hut is on fire and the security researchers have uncovered something that should not (yet) be published" https://t.co/BHKRE5IQqr
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2008

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077
WINDOWS REMOTE DESKTOP LICENSING SERVICE REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077

CWE Details

CWE IDCWE NameDescription
CWE-122Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence