CVE-2024-38073: 
vulnerability analysis and mitigation

A vulnerability identified as CVE-2024-38073 affects the Windows Remote Desktop Licensing Service. This vulnerability was discovered and reported by Microsoft Corporation, with the initial CVE record being created on June 11, 2024. The vulnerability affects multiple versions of Microsoft Windows Server, including Server 2008, 2012, 2016, 2019, and 2022 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. Microsoft has classified this as a Denial of Service vulnerability, and it has been associated with CWE-125 (Out-of-bounds Read) (NVD).

This vulnerability can lead to a Denial of Service condition in the Windows Remote Desktop Licensing Service. The CVSS scoring indicates that while there is no impact on confidentiality or integrity, there is a high impact on system availability (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability. Patches are available for affected versions of Windows Server through various KB articles including KB5040485 (Server 2012), KB5040456 (Server 2012 R2), KB5040434 (Server 2016), KB5040430 (Server 2019), and KB5040437/KB5040438 (Server 2022) (Rapid7).