CVE-2024-38076

CRITICAL9.8JSON export Create alert

Description

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

E

Unchanged

RL

O

RC

Changed

Affected products

Microsoft / Windows Server 201610.0.14393.0 – 10.0.14393.7159
Microsoft / Windows Server 2016 (Server Core installation)10.0.14393.0 – 10.0.14393.7159
Microsoft / Windows Server 201910.0.17763.0 – 10.0.17763.6054
Microsoft / Windows Server 2019 (Server Core installation)10.0.17763.0 – 10.0.17763.6054
Microsoft / Windows Server 202210.0.20348.0 – 10.0.20348.2582
Microsoft / Windows Server 2022, 23H2 Edition (Server Core installation)10.0.25398.0 – 10.0.25398.1009

References

VENDOR_ADVISORYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38076