Plattform
windows
Komponente
windows-remote-desktop-licensing-service
Behoben in
10.0.14393.7336
10.0.17763.6293
10.0.20348.2700
10.0.25398.1128
6.0.6003.22870
6.1.7601.27320
CVE-2024-43454 describes a Remote Code Execution (RCE) vulnerability affecting the Windows Remote Desktop Licensing Service. This flaw allows an attacker to potentially execute arbitrary code on a vulnerable system. The vulnerability impacts Windows versions up to and including 10.0.25398.1128. Microsoft has released a security update to address this issue.
This RCE vulnerability allows an attacker to execute arbitrary code within the context of the Windows Remote Desktop Licensing Service. This could enable attackers to gain control of the affected system, steal sensitive data, install malware, or pivot to other systems on the network. The potential impact is significant, particularly in environments where Remote Desktop Services are heavily utilized. Given the nature of RCE vulnerabilities, this poses a high risk of lateral movement and broader network compromise if not addressed promptly. Exploitation could be particularly impactful in environments where the licensing service runs with elevated privileges.
CVE-2024-43454 was publicly disclosed on September 10, 2024. The vulnerability's severity is rated HIGH with a CVSS score of 7.1. Currently, there are no publicly available exploits, but given the RCE nature, it is likely that exploits will emerge. The vulnerability is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for updates on exploitation activity.
Organizations heavily reliant on Remote Desktop Services for remote administration or user access are particularly at risk. Environments with legacy Windows versions that are difficult to patch are also vulnerable. Shared hosting environments where the hosting provider manages the Remote Desktop Licensing Service should be monitored closely.
• windows / supply-chain:
Get-Service -Name RemoteDesktopLicensing | Select-Object DisplayName, Status, StartType, ServiceType, PathName• windows / supply-chain:
Get-WinEvent -LogName System -FilterXPath "*[System[Provider[@Name='Microsoft-Windows-RemoteDesktopLicensingService']]]" -MaxEvents 100• windows / supply-chain: Check Autoruns for unusual entries related to RemoteDesktopLicensingService.exe or its dependencies. • windows / supply-chain: Monitor for unusual network connections originating from the RemoteDesktopLicensingService process using Process Explorer or Resource Monitor.
disclosure
Exploit-Status
EPSS
28.83% (97% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-43454 is to upgrade to the fixed version, 10.0.25398.1128, as provided by Microsoft. Prior to upgrading, it's crucial to assess the potential impact on existing Remote Desktop Services infrastructure and schedule a maintenance window. If an immediate upgrade is not feasible, consider implementing network segmentation to restrict access to the licensing service. Monitor network traffic for suspicious activity targeting the licensing service port (typically TCP 3389). After upgrade, confirm the vulnerability is resolved by attempting to reproduce the exploit scenario in a controlled environment.
Actualice Windows Server 2019 a la última versión disponible a través de Windows Update. Esto instalará la actualización de seguridad que corrige la vulnerabilidad en el Servicio de licencias de Escritorio remoto.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-43454 is a Remote Code Execution vulnerability in the Windows Remote Desktop Licensing Service that allows attackers to execute arbitrary code on vulnerable systems.
You are affected if you are running Windows Remote Desktop Licensing Service versions prior to 10.0.25398.1128.
Upgrade to Windows Remote Desktop Licensing Service version 10.0.25398.1128 or later to remediate the vulnerability.
While no active exploitation has been confirmed, the RCE nature of the vulnerability suggests a high likelihood of exploitation if a proof-of-concept is released.
Refer to the official Microsoft security advisory for CVE-2024-43454 on the Microsoft Security Response Center website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.