CVE-2024-38074: 
vulnerability analysis and mitigation

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability (CVE-2024-38074) was disclosed on July 9, 2024. This critical vulnerability affects various versions of Microsoft Windows Server, including Server 2008 R2, 2012, 2016, 2019, and 2022. The vulnerability has received a CVSS v3.1 base score of 9.8 (Critical) (NVD, Rapid7).

The vulnerability exists in the Windows Remote Desktop Licensing Service where a remote threat actor can execute code by sending a specially crafted packet to a server configured as a Remote Desktop Licensing server. Microsoft has identified this as an Integer Underflow (Wrap or Wraparound) vulnerability, classified under CWE-191 (NVD).

If successfully exploited, this vulnerability allows an attacker to achieve Remote Code Execution (RCE) on the target system with high impacts on confidentiality, integrity, and availability. The CVSS metrics indicate that the attack requires no privileges (PR:N) and no user interaction (UI:N), making it particularly dangerous (Arctic Wolf).

Microsoft recommends applying the available security updates to affected systems. If patching is not immediately possible, Microsoft recommends disabling the Remote Desktop Licensing Service if it is not being used, as this will reduce the attack surface of the environment (Arctic Wolf).