CVE-2024-38260

Опубликовано: 10 сент. 2024

Источник: msrc

CVSS3: 8.8

EPSS Низкий

Описание

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.

Продукт	Статья	Обновление
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5043129 5043092	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5043129 5043092	Monthly Rollup Security Only
Windows Server 2012	5043125	Monthly Rollup
Windows Server 2012 (Server Core installation)	5043125	Monthly Rollup
Windows Server 2012 R2	5043138	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5043138	Monthly Rollup
Windows Server 2016	5043051	Security Update
Windows Server 2016 (Server Core installation)	5043051	Security Update
Windows Server 2019	5043050	Security Update
Windows Server 2019 (Server Core installation)	5043050	Security Update

Показывать по

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 88%

0.0409

Низкий

8.8 High

CVSS3

CVE-2024-38260

CVSS3: 8.8

nvd

около 1 года назад

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

GHSA-9wg2-mhm9-jgvc

CVSS3: 8.8

github

около 1 года назад

Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability

BDU:2024-07067

CVSS3: 8.8

fstec

около 1 года назад

Уязвимость службы Remote Desktop Licensing Service операционных систем Windows, позволяющая выполнить произвольный код

EPSS

Процентиль: 88%

0.0409

Низкий

8.8 High

CVSS3