One Bug to Rule Them All: Stably Exploiting a Preauth RCE Vulnerability on Windows Server 2025
Black Hat Asia 2025 · Day 1 · Briefings
This presentation, "One Bug to Rule Them All," delivered by Edwards Peng, Signin, and War at Black Hat Asia, unveils a critical pre-authentication **Remote Code Execution (RCE)** vulnerability, **CVE-2024-38077**, affecting the Remote Desktop Licensing (RDL) service on Windows Server 2025. The researchers demonstrated a highly stable exploitation chain that leverages a single heap overflow bug to achieve full RCE without any prior authentication or user interaction. This research stands out by showcasing how sophisticated techniques can bypass modern Windows security mitigations, including ASLR, CFG, and LFH, using a singular flaw.
AI review
This presentation delivers a masterclass in modern Windows exploitation, demonstrating a pre-authentication Remote Code Execution (RCE) vulnerability in the widely deployed Windows Server 2025 Remote Desktop Licensing (RDL) service. The researchers meticulously detail how a single heap overflow, CVE-2024-38077, can be leveraged to bypass ASLR, CFG, and LFH, achieving a near 100% stable RCE. This talk is a critical wake-up call, proving that even with robust mitigations, a deep understanding of system internals can still yield devastating, unauthenticated compromise on the latest Windows…