First published: Tue Jul 09 2024(Updated: )
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Credit: secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows Server 2012 R2 | ||
Microsoft Windows Server 2008 R2 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2019 | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows Server 2008 R2 | ||
Microsoft Windows Server 2022 | ||
Microsoft Windows Server 2022 23H2 | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | ||
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =sp2 | |
Microsoft Windows Server | =r2-sp1 | |
Microsoft Windows Server | ||
Microsoft Windows Server | =r2 | |
Microsoft Windows Server 2016 | <10.0.14393.7159 | |
Microsoft Windows Server 2019 | <10.0.17763.6054 | |
Microsoft Windows Server 2022 | <10.0.20348.2582 | |
Microsoft Windows Server 2022 | <10.0.25398.1009 | |
Microsoft Windows Server 2016 | ||
Microsoft Windows Server 2016 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-38077 has a critical severity level due to its potential to allow remote code execution.
To fix CVE-2024-38077, you should apply the latest security patch provided by Microsoft for your affected version of Windows Server.
CVE-2024-38077 affects multiple Windows Server versions including 2008, 2012, 2016, 2019, and 2022.
CVE-2024-38077 can be exploited through specially crafted requests sent to the Windows Remote Desktop Licensing Service.
Currently, the best practice is to apply the security patch, as there are no known effective workarounds for CVE-2024-38077.