Platform
windows
Component
windows-remote-desktop-licensing-service
Fixed in
10.0.14393.7336
10.0.17763.6293
10.0.20348.2700
10.0.25398.1128
6.0.6003.22870
6.1.7601.27320
CVE-2024-43454 describes a Remote Code Execution (RCE) vulnerability affecting the Windows Remote Desktop Licensing Service. This flaw allows an attacker to potentially execute arbitrary code on a vulnerable system. The vulnerability impacts Windows versions up to and including 10.0.25398.1128. Microsoft has released a security update to address this issue.
Successful exploitation of CVE-2024-43454 could allow an attacker to gain complete control over the affected system. This could involve executing malicious code, installing malware, stealing sensitive data, or establishing a persistent presence on the network. Given the role of the Remote Desktop Licensing Service in managing access to remote desktop connections, a compromised service could be leveraged to gain unauthorized access to numerous systems. The potential blast radius is significant, particularly in environments heavily reliant on Remote Desktop Services for administration or user access.
CVE-2024-43454 was publicly disclosed on September 10, 2024. The EPSS score is currently pending evaluation. No public proof-of-concept (PoC) code has been released at the time of this writing, but the RCE nature of the vulnerability suggests a high likelihood of exploitation if a PoC becomes available. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
28.83% (97% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-43454 is to upgrade to the fixed version, 10.0.25398.1128, as soon as possible. If immediate patching is not feasible, consider implementing network segmentation to limit the potential impact of a successful attack. Monitor network traffic for suspicious connections to the Remote Desktop Licensing Service. While a direct WAF rule is unlikely, restricting access to the licensing service's ports (typically TCP 3389) from untrusted networks can reduce the attack surface. After upgrade, confirm by verifying the service version using Get-Service -Name RemoteDesktopLicensing | Select-Object DisplayName, Status, StartType, ServiceType, PathName in PowerShell.
Actualice Windows Server 2019 a la última versión disponible a través de Windows Update. Esto instalará la actualización de seguridad que corrige la vulnerabilidad en el Servicio de licencias de Escritorio remoto.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-43454 is a Remote Code Execution vulnerability in the Windows Remote Desktop Licensing Service that allows attackers to execute arbitrary code on vulnerable systems.
You are affected if you are running Windows Remote Desktop Licensing Service versions prior to 10.0.25398.1128.
Upgrade to Windows Remote Desktop Licensing Service version 10.0.25398.1128 or later to remediate the vulnerability.
While no active exploitation has been confirmed, the RCE nature of the vulnerability suggests a high likelihood of exploitation if a proof-of-concept is released.
Refer to the official Microsoft security advisory for CVE-2024-43454 on the Microsoft Security Response Center website.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.