CVE-2024-38076
Published: 09 July 2024
Summary
CVE-2024-38076 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Microsoft Windows Server 2016. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 6.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Windows Remote Desktop Licensing Service contains a remote code execution vulnerability tracked as CVE-2024-38076. The flaw is rated 9.8 under CVSS 3.1 with an attack vector of network, low complexity, no privileges, and no user interaction, and is associated with CWE-122. It affects the licensing service component in supported Windows versions that expose the service to the network.
An unauthenticated attacker can send specially crafted network requests to the service and achieve arbitrary code execution with the full privileges of the service account, resulting in complete confidentiality, integrity, and availability impact on the affected system.
Microsoft’s security update guide at msrc.microsoft.com provides patches and mitigation guidance for the vulnerability. The EPSS score remains essentially flat, moving only from a peak of 0.1099 to a current value of 0.1091, indicating no material increase in observed exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-37770
Vulnerability details
Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.