CVE-2024-38074
published 2024-07-09CVE-2024-38074: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.21%
80.4th percentile
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27219 | 6.1.7601.27219 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24975 | 6.2.9200.24975 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22074 | 6.3.9600.22074 |
| microsoft | windows_server_2016 | < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_server_2019 | < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_server_2022 | < 10.0.20348.2582 | 10.0.20348.2582 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2582 | 10.0.20348.2582 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1009 | 10.0.25398.1009 |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect specially crafted packets sent to a Remote Desktop Licensing Service server, which trigger remote code execution ↗
- ·The vulnerability targets the Windows Remote Desktop Licensing Service; systems not running this role are not exposed. Microsoft recommends disabling the service if not required to reduce attack surface. ↗
- ·As of the advisory publication, this vulnerability has not been publicly disclosed or exploited in the wild, reducing immediate urgency but patching is still strongly recommended. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8rf9-69wx-fc63: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
ghsa_unreviewed·2024-07-09
CVE-2024-38074 [CRITICAL] CWE-191 GHSA-8rf9-69wx-fc63: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Microsoft
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
vendor_msrc·2024-07-09·CVSS 9.8
CVE-2024-38074 [CRITICAL] CWE-191 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An attacker could send a specially crafted packet to a server set up as a Remote Desktop Licensing server, which will cause remote code execution.
Windows Remote Desktop Licensing Service: Windows Remote Desktop Licensing Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430
Reference: https://support.microsoft.com/help/5040430
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437
Reference: https://support.micros
No detection rules found.
No public exploits indexed.
Talos
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
blogs_talos·2024-07-09·CVSS 7.2
[HIGH] Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
## Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 142 vulnerabilities across its suite of products and software. Of those, there are five critical vulnerabilities, and every other security issue disclosed this month is considered "important."
This is the largest Patch Tuesday since April when Microsoft patched 150 vulnerabilities.
Of the critical vulnerabilities, two are considered more likely to be exploited:
CVE-2024-38023 , a remote code execution vulnerability in Microsoft SharePoint server, where an authenticated attacker with Site Owner permissions can use the vulnerability to execute arbitrary code in the context of SharePoint server.
CVE-2024-38060 , a remote code execution vulnerabili
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
## The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs 2024/07/09 Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Talos
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
blogs_talos·2024-07-09·CVSS 7.2
CVE-2024-38023 [HIGH] Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 142 vulnerabilities across its suite of products and software. Of those, there are five critical vulnerabilities, and every other security issue disclosed this month is considered "important."
This is the largest Patch Tuesday since April when Microsoft patched 150 vulnerabilities.
Of the critical vulnerabilities, two are considered more likely to be exploited:
CVE-2024-38023, a remote code execution vulnerability in Microsoft SharePoint server, where an authenticated attacker with Site Owner permissions can use the vulnerability to execute arbitrary code in the context of SharePoint server.
CVE-2024-38060, a remote code execution vulnerability in Microsoft Windows Codecs Library that can be exploited by an authentic
Krebs
Microsoft Patch Tuesday, July 2024 Edition
blogs_krebs·2024-07-09·CVSS 9.8
CVE-2024-38080 [CRITICAL] Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.
The first Microsoft zero-day this month is CVE-2024-38080 , a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems. CVE-2024-38080 allows an attacker to increase their account privileges on a Windows machine. Although Microsoft says this flaw is being exploited, it has offered scant details about its exploitation.
The other zero-day is CVE-2024-38112 , which is a weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. Kevin Breen , senior director of thre
Qualys
Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review
blogs_qualys·2024-07-09
Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for July 2024
Adobe Patches for July 2024
Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024.
## Microsoft Patch Tuesday for July
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
# The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs
2024/07/09
Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Qualys
Microsoft and Adobe July 2024 Security Patches Explained | Qualys
blogs_qualys·2024-07-09
Microsoft and Adobe July 2024 Security Patches Explained | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for July 2024
- Adobe Patches for July 2024
- Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024.
## Microsoft Patch Tue
Krebs
Microsoft Patch Tuesday, July 2024 Edition
blogs_krebs·2024-07-09·CVSS 9.8
CVE-2024-38080 [CRITICAL] Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.
The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems. CVE-2024-38080 allows an attacker to increase their account privileges on a Windows machine. Although Microsoft says this flaw is being exploited, it has offered scant details about its exploitation.
The other zero-day is CVE-2024-38112, which is a weakness in MSHTML, the proprietary engine of Microsoft’s Internet Explorer web browser. Kevin Breen, senior director of threat r
Crowdstrike
July 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2024 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Crowdstrike
July 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2024 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2024-07-09
Published