Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Discover how security researchers successfully exploited a critical pre-authentication remote code execution vulnerability in Windows Server systems spanning from 2003 to 2025. Learn about the comprehensive analysis of Windows Remote Desktop Services that led to the identification of multiple pre-authentication RCE vulnerabilities in the Remote Desktop Licensing Service, with focus on CVE-2024-38077 - a vulnerability enabling unauthenticated, non-sandboxed, zero-click remote code execution. Explore the attack surface of the Remote Desktop Licensing Service and understand how researchers bypassed decades of Microsoft's security fortifications to achieve stable exploitation on the latest Windows Server 2025. Gain insights into the methodology used to transform a single memory corruption vulnerability into a complete zero-click pre-authentication RCE exploit, demonstrating that despite years without such vulnerabilities in Windows, sophisticated exploitation techniques can still overcome modern security mitigations. The presentation reveals the technical approach to building reliable exploits against current Windows Server infrastructure and provides valuable understanding of advanced vulnerability research and exploitation techniques in enterprise environments.
