Çok eski bir web tarayıcısı kullanıyorsunuz. Bu veya diğer siteleri görüntülemekte sorunlar yaşayabilirsiniz.. Tarayıcınızı güncellemeli veya alternatif bir tarayıcı kullanmalısınız.
CVE-2024-38077, with a CVSS score of 9.8, can lead to the complete collapse of the Windows server with the Remote Desktop license service enabled.
The vulnerability affects all editions from Windows Server 2000to Windows Server 2025 and has existed for nearly 30 years. This vulnerabilitycan be stably exploited,remotely controlled, extorted, and wormed, and is extremely destructive, allowing attackers to implement remote code execution without any permissions.
Vulnerability Name:CVE-2024-38077 Vulnerability type: remote code execution Affected scope: Windows servers on which the Windows Remote Desktop Licensing (RDL) Service is enabled Affected Versions: Windows Server 2000 - Windows Server 2025 Overall Evaluation: < Difficulty > to use: Easy < threat level >: Critical Official Solution: Microsoft has officially released a patch announcement
This is the first time since "Eternal Blue" that a pre-authentication RCE vulnerability has appeared in Windows that affects all versions and can be exploited with high stability.
Analysis
When the Windows Remote Desktop Licensing Service decodes the license key package entered by the user, it decodes and stores the encoded license key package entered by the user on the buffer, but does not properly check the relationship between the decoded data length and the buffer size before storage, resulting in the buffer being overflowed by the decoded data after the long time. An attacker can exploit this vulnerability to further implement remote command execution attacks.
Recommendations
1. Click "Start Menu" or press the Windows shortcut key and click to enter "Settings"
2. Select "Update & Security" and enter "Windows Update" (Windows Server 2012 and Windows Server 2012 R2 can enter "Windows Update" through the Control Panel, the steps are "Control Panel" -> "System and Security" > "Windows Update")
3. Select "Check for Updates" and wait for the system to automatically check and download available updates
4. Restart your computer and install the update
After the system restarts, you can check if the update was successfully installed by going to "Windows Update" - > "View Update History".
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Great article! Imagine an attacker using this exploit and running a command that deletes everything on C:\ drive on a data server without any backups! Scary.
Great article! Imagine an attacker using this exploit and running a command that deletes everything on C:\ drive on a data server without any backups! Scary.
I don't understand why theseeee human being waiting for ready made Solutions using around corp.env need brain+skills. Real accessbroker experts know what to do with these info millions didn't even update servers still...... or for years
CVE-2024-38077, with a CVSS score of 9.8, can lead to the complete collapse of the Windows server with the Remote Desktop license service enabled.
The vulnerability affects all editions from Windows Server 2000to Windows Server 2025 and has existed for nearly 30 years. This vulnerabilitycan be stably exploited,remotely controlled, extorted, and wormed, and is extremely destructive, allowing attackers to implement remote code execution without any permissions.
Vulnerability Name:CVE-2024-38077 Vulnerability type: remote code execution Affected scope: Windows servers on which the Windows Remote Desktop Licensing (RDL) Service is enabled Affected Versions: Windows Server 2000 - Windows Server 2025 Overall Evaluation: < Difficulty > to use: Easy < threat level >: Critical Official Solution: Microsoft has officially released a patch announcement
This is the first time since "Eternal Blue" that a pre-authentication RCE vulnerability has appeared in Windows that affects all versions and can be exploited with high stability.
Analysis
When the Windows Remote Desktop Licensing Service decodes the license key package entered by the user, it decodes and stores the encoded license key package entered by the user on the buffer, but does not properly check the relationship between the decoded data length and the buffer size before storage, resulting in the buffer being overflowed by the decoded data after the long time. An attacker can exploit this vulnerability to further implement remote command execution attacks.
Recommendations
1. Click "Start Menu" or press the Windows shortcut key and click to enter "Settings"
2. Select "Update & Security" and enter "Windows Update" (Windows Server 2012 and Windows Server 2012 R2 can enter "Windows Update" through the Control Panel, the steps are "Control Panel" -> "System and Security" > "Windows Update")
3. Select "Check for Updates" and wait for the system to automatically check and download available updates
4. Restart your computer and install the update
After the system restarts, you can check if the update was successfully installed by going to "Windows Update" - > "View Update History".
Windows Server 2012 R2 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 (Server Core installation)
Windows Server 2012
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2016 (Server Core installation)
Windows Server 2016
Windows Server 2022, 23H2 Edition (Server Core installation)
Windows Server 2022 (Server Core installation)
Windows Server 2022
Windows Server 2019 (Server Core installation)
Windows Server 2019
Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.
.gif&ehk=lwTRWmDf3EANF81jzaNwikArjHTu6FRwLPaljkxWjIQ%3d&risl=&pid=ImgRaw&r=0)
using around corp.env need brain+skills. Real accessbroker experts know what to do with these info 
u need update thread