CVE-2024-38099: Windows Remote Desktop Licensing Service Denial of Service Vulnerability

Overview

Severity

Medium (CVSS 5.9)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Category

Denial of Service

Exploit Status

Not Exploited

Exploitation Likelihood

More Likely

Patch Tuesday

2024-Jul

Released

2024-07-09

EPSS Score

1.42% (percentile: 80.6%)

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to possess advanced reverse engineering skills to identify and gain unauthorized access to specific remote procedure call (RPC) endpoints. Are there additional actions I need to take after I have installed the update? Yes. If your RD session hosts and RD licensing servers are joined to a work group, you need to ensure that your RD session hosts have the necessary credentials to access your RD licensing servers. For more information see: License Remote Desktop session hosts. No additional action is needed for RD session hosts and RD licensing servers joined to a domain.

Affected Products (16)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

ESU

• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
• Windows Server 2012
• Windows Server 2012 (Server Core installation)
• Windows Server 2012 R2
• Windows Server 2012 R2 (Server Core installation)

Security Updates (9)

• 5040430
• 5040437
• 5040434
• 5040499
• 5040490
• 5040497
• 5040498
• 5040485
• 5040456

Acknowledgments

Philemon Orphee Favrod with Microsoft, Josh Watson with Microsoft, Gus Catalano with Microsoft, Ray Reskusich with Microsoft, Lewis Lee, Chunyang Han, and Zhiniang Peng

Revision History

• 2024-07-09: Information published.