Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077). The vulnerability was fixed in July Patch Tuesday. An unauthenticated attacker can get RCE by sending messages to RDL. CVSS 9.8. Updates for Win Server from 2008 to 2022.
What is the RDL service? By default, Remote Desktop Services allow only two simultaneous RDP connections to a Windows server. If you need more, you need to purchase additional licenses. These licenses are managed by the RDL service. Often, admins enable RDL on Win servers where it is not needed. 🙄🤷♂️
On August 9, a write-up and PoC for Server 2025 were posted on GitHub. So far, it’s only Python pseudo-code without critical parts.
They write that 170,000 hosts with RDL are accessible from the Internet. 🤷♂️ And there should be countless of them on intranets.
❗️ Looks like a long-running trending vulnerability story.
Researchers promise us BadLicense and DeadLicense as well. 😉
Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.
А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.
Pingback: August episode of “In The Trend of VM”: 5 vulnerabilities in Microsoft Windows and one in WordPress | Alexander V. Leonov
Pingback: July Microsoft Patch Tuesday | Alexander V. Leonov
Pingback: I found that the research data for Remote Code Execution – Windows Remote Desktop Licensing Service “MadLicense” (CVE-2024-38077), which I wrote about 3 weeks ago, was deleted | Alexander V. Leonov
Pingback: I have finalized the list of trending vulnerabilities for 2024 according to Positive Technologies | Alexander V. Leonov