MadLicense CVE-2024-38077 RCE Vulnerability
The latest CVE-2024-38077 Remote Code Execution vulnerability (RCE) and coined MadLicense has been rated as absolutely critical with a CVSS 3.1 score of 9.8.
The Windows Remote Desktop Licensing (RDL) service has a vulnerability that enables network attacks with low complexity, affecting all versions of Windows Server from 2000 to 2025 (all Windows Servers). According to Microsoft, an unauthenticated attacker could exploit this flaw by connecting to the Remote Desktop Licensing service and sending a malicious message, potentially leading to remote code execution without the need for authentication.
Proof-of-Concept (PoC) Exploit Code
Researchers on Github have demonstrated a proof-of-concept (POC) exploit on Windows Server 2025, achieving an almost 100% success rate. The exploit successfully bypasses all current mitigations, but it could be significantly faster and more reliable with a deeper understanding and more refined techniques for controlling memory layout.
Understanding Remote Desktop Licensing
This policy setting Remote Desktop licensing mode allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server. This policy setting can be used to select one of two licensing modes: Per User or Per Device.
- Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.
- Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.
If this policy setting was enabled, the licensing mode that was specified takes precedence over the licensing mode that is specified during the installation of Remote Desktop Session Host or specified in the Remote Desktop Session Host Configuration tool.
If this policy was disabled or not configured, the licensing mode that is specified during the installation of Remote Desktop Session Host role service or specified in the Remote Desktop Session Host Configuration tool is used.
The recommended setting is: Disable Remote Desktop Licensing Service if is not required.
Mitigating MadLicense CVE-2024-38077
For CVE-2024-38077 RCE vulnerability to be exploited, the Windows Remote Desktop Licensing (RDL) service must be turned on or running on the target system. If this service is not enabled, the attacker cannot carry out the exploit, even if no special privileges are required.
At the core of CalCom's Hardening Suite (CHS) is its ability to disable or enable security settings with granular precision across an entire IT environment. By selectively activating or deactivating specific controls, businesses can optimize their security posture without compromising essential operations.
In addition to its automation capabilities, CHS also offers reporting and monitoring features, allowing organizations to track compliance and quickly identify areas that require attention. Hear more about CHS.
Subscribe to Email Updates
- Posts by Topic
- Center for Internet Security (20)
- Compliance (26)
- Configuration Settings (96)
- Domain Controller (3)
- IIS (5)
- NIST (10)
- NTLM (8)
- PCI (3)
- PowerShell (7)
- Remote Desktop Protocol (4)
- Security Account Manager (5)
- Security Guides (16)
- Server Message Block (1)
- SQL (8)
- System Hardening (20)
- TLS SSL (4)
- Vulnerabilities (23)
