CVE-2024-38077
published 2024-07-09CVE-2024-38077: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
PriorityP179critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
75.37%
99.5th percentile
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27219 | 6.1.7601.27219 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.22769 | 6.0.6003.22769 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.24975 | 6.2.9200.24975 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22074 | 6.3.9600.22074 |
| microsoft | windows_server_2016 | < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7159 | 10.0.14393.7159 |
| microsoft | windows_server_2019 | < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6054 | 10.0.17763.6054 |
| microsoft | windows_server_2022 | < 10.0.20348.2582 | 10.0.20348.2582 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2582 | 10.0.20348.2582 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1009 | 10.0.25398.1009 |
| msrc | windows_server_2008_for_32-bit_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_for_x64-based_systems_service_pack_2 | — | — |
| msrc | windows_server_2008_r2_for_x64-based_systems_service_pack_1 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attack vector is unauthenticated network access to the Remote Desktop Licensing Service; detect anomalous or unexpected inbound connections to the RD Licensing Service port (TCP 135 / RPC) from untrusted or external sources ↗
- →Monitor for the Remote Desktop Licensing Service (TermServLicensing) running on systems where it is not explicitly required; unexpected enablement of this service should be treated as suspicious ↗
- ·The vulnerability is in the Windows Remote Desktop Licensing Service specifically; only systems with this service enabled and exposed are at risk. Microsoft notes exploitation is rated 'Less Likely' and there is no public exploit or known in-the-wild exploitation at time of advisory publication. ↗
- ·Microsoft strongly recommends installing patches even if the Remote Desktop Licensing Service is disabled, as a defense-in-depth measure. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9j79-xcx5-mxm4: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
ghsa_unreviewed·2024-07-09
CVE-2024-38077 [CRITICAL] CWE-122 GHSA-9j79-xcx5-mxm4: Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Microsoft
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
vendor_msrc·2024-07-09·CVSS 9.8
CVE-2024-38077 [CRITICAL] CWE-122 Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
FAQ: How would an attacker exploit this vulnerability?
An unauthenticated attacker could connect to the Remote Desktop Licensing Service and send a malicious message which could allow remote code execution.
Windows Remote Desktop Licensing Service: Windows Remote Desktop Licensing Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040430
Reference: https://support.microsoft.com/help/5040430
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5040437
Reference: https://support.m
No detection rules found.
No public exploits indexed.
Talos
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
blogs_talos·2024-07-09·CVSS 7.2
[HIGH] Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
## Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 142 vulnerabilities across its suite of products and software. Of those, there are five critical vulnerabilities, and every other security issue disclosed this month is considered "important."
This is the largest Patch Tuesday since April when Microsoft patched 150 vulnerabilities.
Of the critical vulnerabilities, two are considered more likely to be exploited:
CVE-2024-38023 , a remote code execution vulnerability in Microsoft SharePoint server, where an authenticated attacker with Site Owner permissions can use the vulnerability to execute arbitrary code in the context of SharePoint server.
CVE-2024-38060 , a remote code execution vulnerabili
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
## The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs 2024/07/09 Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Talos
Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
blogs_talos·2024-07-09·CVSS 7.2
CVE-2024-38023 [HIGH] Largest Patch Tuesday in 3 months includes 5 critical vulnerabilities
Microsoft released its monthly security update on Tuesday, disclosing 142 vulnerabilities across its suite of products and software. Of those, there are five critical vulnerabilities, and every other security issue disclosed this month is considered "important."
This is the largest Patch Tuesday since April when Microsoft patched 150 vulnerabilities.
Of the critical vulnerabilities, two are considered more likely to be exploited:
CVE-2024-38023, a remote code execution vulnerability in Microsoft SharePoint server, where an authenticated attacker with Site Owner permissions can use the vulnerability to execute arbitrary code in the context of SharePoint server.
CVE-2024-38060, a remote code execution vulnerability in Microsoft Windows Codecs Library that can be exploited by an authentic
Krebs
Microsoft Patch Tuesday, July 2024 Edition
blogs_krebs·2024-07-09·CVSS 9.8
CVE-2024-38080 [CRITICAL] Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.
The first Microsoft zero-day this month is CVE-2024-38080 , a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems. CVE-2024-38080 allows an attacker to increase their account privileges on a Windows machine. Although Microsoft says this flaw is being exploited, it has offered scant details about its exploitation.
The other zero-day is CVE-2024-38112 , which is a weakness in MSHTML , the proprietary engine of Microsoft’s Internet Explorer web browser. Kevin Breen , senior director of thre
Qualys
Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review
blogs_qualys·2024-07-09
Microsoft and Adobe Patch Tuesday, July 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for July 2024
Adobe Patches for July 2024
Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
Rapid Response withPatch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024.
## Microsoft Patch Tuesday for July
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
# The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs
2024/07/09
Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Qualys
Microsoft and Adobe July 2024 Security Patches Explained | Qualys
blogs_qualys·2024-07-09
Microsoft and Adobe July 2024 Security Patches Explained | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for July 2024
- Adobe Patches for July 2024
- Zero-day Vulnerabilities Patched in July Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in July Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities inVulnerability Management, Detection & Response (VMDR)
- Rapid Response withPatch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
July’s Patch Tuesday brings a midsummer wave of updates, addressing critical vulnerabilities and enhancing security across the Microsoft ecosystem. Let’s discover the highlights from Microsoft’s Patch Tuesday updates for July 2024.
## Microsoft Patch Tue
Krebs
Microsoft Patch Tuesday, July 2024 Edition
blogs_krebs·2024-07-09·CVSS 9.8
CVE-2024-38080 [CRITICAL] Microsoft Patch Tuesday, July 2024 Edition
Microsoft Corp. today issued software updates to plug at least 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users.
The first Microsoft zero-day this month is CVE-2024-38080, a bug in the Windows Hyper-V component that affects Windows 11 and Windows Server 2022 systems. CVE-2024-38080 allows an attacker to increase their account privileges on a Windows machine. Although Microsoft says this flaw is being exploited, it has offered scant details about its exploitation.
The other zero-day is CVE-2024-38112, which is a weakness in MSHTML, the proprietary engine of Microsoft’s Internet Explorer web browser. Kevin Breen, senior director of threat r
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
Crowdstrike
July 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2024 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
Greynoiseio
NoiseLetter August 2024
blogs_greynoiseio
NoiseLetter August 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Crowdstrike
July 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] July 2024 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
2024-07-09
Published