<ul data-eligibleForWebStory="false"><li>In August 2024, a critical remote code execution (RCE) vulnerability, CVE-2024-38077, affecting Windows Remote Desktop Licensing (RDL) Service was disclosed.</li><li>The vulnerability allows for unauthenticated RCE on affected servers without user interaction and impacts all Windows Server versions from 2000 to 2025 with RDL enabled.</li><li>The root cause is a heap-based buffer overflow in how RDL handles license key packet decoding, enabling attackers to execute arbitrary code with system-level privileges.</li><li>Microsoft has released a security patch for CVE-2024-38077 in July 2024; affected users are advised to apply the patch immediately to prevent exploitation.</li></ul>

CVE-2024-38077: Critical RCE in Windows RDL Service

Discover more