Skip to main content

CVE-2024-38073: CWE-125: Out-of-bounds Read in Microsoft Windows Server 2019

High
VulnerabilityCVE-2024-38073cvecve-2024-38073cwe-125
Published: Tue Jul 09 2024 (07/09/2024, 17:03:19 UTC)
Source: CVE
Vendor/Project: Microsoft
Product: Windows Server 2019

Description

Windows Remote Desktop Licensing Service Denial of Service Vulnerability

AI-Powered Analysis

AILast updated: 07/05/2025, 21:25:34 UTC

Technical Analysis

CVE-2024-38073 is a high-severity vulnerability identified as an out-of-bounds read (CWE-125) in the Windows Remote Desktop Licensing Service component of Microsoft Windows Server 2019 (version 10.0.17763.0). This vulnerability allows an unauthenticated attacker to send specially crafted network packets to the Remote Desktop Licensing Service, causing the service to read memory outside the intended buffer boundaries. While the vulnerability does not directly impact confidentiality or integrity, it results in a denial of service (DoS) condition by crashing or destabilizing the licensing service, which can disrupt Remote Desktop Services (RDS) functionality. The CVSS 3.1 base score is 7.5, reflecting a high severity due to the network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction needed (UI:N). The scope is unchanged (S:U), and the impact is limited to availability (A:H) with no confidentiality or integrity loss. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in June 2024 and published in July 2024. This flaw could be exploited remotely without authentication, making it a significant risk for environments relying on Windows Server 2019 for Remote Desktop Services, especially in enterprise and cloud infrastructures where RDS is critical for remote access and licensing management.

Potential Impact

For European organizations, the impact of CVE-2024-38073 could be substantial, particularly for enterprises, government agencies, and service providers that depend on Windows Server 2019 for remote desktop access and licensing. A successful denial of service attack could disrupt business continuity by preventing users from accessing remote desktops or applications, potentially halting critical operations. This could affect sectors such as finance, healthcare, manufacturing, and public administration, where remote access is integral. Additionally, disruption of licensing services might cause cascading effects on license validation and compliance monitoring. Although no data breach or code execution is involved, the availability impact alone can lead to operational downtime, financial losses, and reputational damage. Given the ease of exploitation (no authentication or user interaction required), attackers could launch automated attacks at scale, increasing the risk of widespread service outages in affected environments.

Mitigation Recommendations

To mitigate the risk posed by CVE-2024-38073, European organizations should: 1) Prioritize applying official patches or security updates from Microsoft as soon as they become available, even if no exploits are currently known. 2) Restrict network access to the Remote Desktop Licensing Service by implementing strict firewall rules and network segmentation, allowing only trusted management and licensing servers to communicate with it. 3) Monitor network traffic for unusual or malformed packets targeting the licensing service ports to detect potential exploitation attempts early. 4) Employ intrusion detection and prevention systems (IDS/IPS) with updated signatures to identify and block exploit attempts. 5) Consider temporary workarounds such as disabling or limiting the Remote Desktop Licensing Service if feasible, until patches are applied. 6) Conduct regular backups and ensure robust incident response plans are in place to quickly recover from potential service disruptions. 7) Maintain up-to-date asset inventories to identify all Windows Server 2019 instances running the vulnerable version and prioritize remediation accordingly.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
microsoft
Date Reserved
2024-06-11T22:36:08.181Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682d981ec4522896dcbdb912

Added to database: 5/21/2025, 9:08:46 AM

Last enriched: 7/5/2025, 9:25:34 PM

Last updated: 8/11/2025, 9:25:35 PM

Views: 16

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats