SB2024091093 - Multiple vulnerabilities in Microsoft Windows Remote Desktop Licensing Service

Description

This security bulletin contains information about 7 secuirty vulnerabilities.

1) Use of uninitialized resource (CVE-ID: CVE-2024-38260)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to usage of uninitialized resources in Windows Remote Desktop Licensing Service. A remote user can pass specially crafted data to the application, trigger uninitialized usage of resources and execute arbitrary code on the target system.

2) Path traversal (CVE-ID: CVE-2024-38258)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Windows Remote Desktop Licensing Service. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

3) Input validation error (CVE-ID: CVE-2024-43455)

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Remote Desktop Licensing Service. A remote user can pass specially crafted input to the application and perform spoofing attack.

4) Improper Authorization (CVE-ID: CVE-2024-38231)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a missing capability check in Windows Remote Desktop Licensing Service. A remote user can cause a denial of service condition on the target system.

5) Path traversal (CVE-ID: CVE-2024-43454)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in Windows Remote Desktop Licensing Service. A remote user can send a specially crafted HTTP request and read arbitrary files on the system, leading to arbitrary code execution.

6) Sensitive Data Storage in Improperly Locked Memory (CVE-ID: CVE-2024-38263)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to sensitive data storage in improperly locked memory in Windows Remote Desktop Licensing Service. A remote user can win a race condition and execute arbitrary code on the target system.

7) Race condition (CVE-ID: CVE-2024-43467)

The vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to a race condition in Windows Remote Desktop Licensing Service. A remote user can exploit the race and execute arbitrary code on the target system.

Remediation

Install update from vendor's website.

References

• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-38260
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-38258
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43455
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-38231
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43454
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-38263
• https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43467