Login  |   Register Logout  |   中文
Modify
Deregister
[Bulletin] Huawei Intelligent Security Center of a new edition is now available. You can click New Edition in the upper right corner of the page to experience it.

  • Security Notice

  • Research

  • Signature Update

  • Knowledge Base Query

  • Intelligence Query

  • FireHunter-Cloud FireHunter-Cloud

  • My Device

  • Support

MAPP Notice
Vulnerability Notice
Security Alert
PSIRT Advisories
Security Blog
Major Security Events
Signature Update
Version Notice
Signature Change Description
Feedback
IPS New Grammar Manual
Information Release
Subscription
URL Category Query
IPS Threat
APPWiKi

Windows Server RDL CVE-2024-38077 Remote Code Execution Vulnerability


Release Date : 2024-08-10 20:42:52    Update Date : 2024-08-15 21:44:20    Author :

【Abstract】Recently, Huawei is aware that Microsoft has officially fixed a remote code execution vulnerability (CVE-2024-38077) in the Remote Desktop Licensing Service (RDL) of Windows Server.

Vulnerability Overview

Recently, Huawei is aware that Microsoft has officially fixed a remote code execution vulnerability (CVE-2024-38077) in the Remote Desktop Licensing Service (RDL) of Windows Server. This vulnerability affects a wide range of versions from Windows Server 2000 to Windows Server 2025 where the RDL service is enabled (without the July 2024 patch).

The Windows Remote Desktop Licensing Service (RDL) is a component used to manage Remote Desktop Services licenses and ensure the validity of remote desktop connections. The RDL service is not enabled by default, but many administrators enable it manually for purposes such as expanding functionality, such as increasing the number of Remote Desktop sessions. In addition, in some specific scenarios, such as bastion hosts and cloud desktop VDI environments, the RDL service must be enabled. Therefore, it is recommended that users refer to the solution provided by the vendor to perform risk check and protection in a timely manner to avoid hacker attacks.

Key Information

Title

Content

Vulnerability   Number

CVE-2024-38077

Score

9.8(CVSS 3.x)

Vulnerability   Name

Windows   Server Remote Desktop Licensing Service CVE-2024-38077 Remote Code Execution   Vulnerability

Type

Code   Execution

Vulnerability   Exploit Conditions and Impact

The   RDP service needs to be enabled on the device.

A   remote attacker can exploit this vulnerability by sending a crafted request.   Successful exploitation will allow the attacker to remotely execute code and   obtain the highest privilege on the server.

Remote   Exploit

Yes

Severity

High

PoC/EXP

Pseudocode

Exploited   in theWild

Unknown

 

Affected Versions

Windows Server 2000 to Windows Server 2025 with the Windows Remote Desktop Licensing (RDL) service enabled (without the July 2024 patch installed)

Solution

1.    Huawei Vulnerability Handling

After Huawei is aware of the vulnerability information, security researchers continuously pay attention to the vulnerability information, reproduce the vulnerability PoC, and immediately develop IPS protection signatures. The latest IPS signature database has been pushed to the upgrade website for customers to upgrade.

Title

Content

Remarks

IPS

signature

database

version

20240811**

 xx is the serial number encoding   of signature database, all versions released after this date can provide   protection against the vulnerability.

Signature ID

756090: Windows   Server Remote Desktop Licensing Service CVE-2024-38077 Remote Code Execution


Supported device types

USG 6000/6000E/9000   series,Eudemon 1000E/8000E/9000E series,NIP6000   series,

IPS6000/12000   series

For details, please

refer to the IPS

signature database   download URL.

Automatic Device

Upgrade

Networked devices can   be

automatically upgraded  

without manual   operations.

You can check

whether the IPS

signature database has   been upgraded to the latest

version on the

device.

Manual

Device

Upgrade

Download   the offline upgrade package from  

https://isecurity.huawei.com/sec/web/freesignature.do   and manually load it to the device.



2.    Rectification suggestions

1)Official Microsoft Solution and Mitigations:

Automatic update: Microsoft Update is enabled by default in Windows. When an available update is detected, the update will be automatically downloaded and installed on the next startup.

Manual update: For the system version that cannot be automatically updated, you can download and install the patch applicable to the system by referring to the following link:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077 。

2)Temporary Repair Suggestions

Disable Remote Desktop Licensing Service.

Reference links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38077

https://nvd.nist.gov/vuln/detail/CVE-2024-38077

https://www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2024-38077


【Copyright Notice】 This article is the original content of HUAWEI Security Center. When reprinting, you must indicate the source (HUAWEI Security Center), link and author of the article, otherwise you may be held liable.If you find any suspected infringing content on this website, please visit the Feedback page to report and provide relevant evidence. Once verified, we will immediately remove the allegedly infringing content.




BackTop
Comment


4 0
Like Disagree






View more
Fold

Related links Huawei | Contact Us Tel:Huawei Service-Hotline | About Us Privacy Data Protection Statement

Copyright ©Huawei Technologies Co., Ltd. 2008 - 2026. All rights reserved.