Microsoft Simple Certificate Enrollment Protocol Denial of Service Vulnerability
CVE-2024-43541

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2019; Windows Server 2019 (server Core Installation); Windows Server 2022; Windows Server 2022, 23h2 Edition (server Core Installation)
Vendor: CVE Published:; 8 October 2024

What is CVE-2024-43541?

A denial of service vulnerability exists within the Microsoft Simple Certificate Enrollment Protocol. This flaw can be exploited to disrupt the service, leading to potential downtime and impacting overall system security. For further details, refer to the vendor advisory.

Affected Version(s)

Windows Server 2008 Service Pack 2 x64-based Systems 6.0.6003.0 < 6.0.6003.22918

Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems 6.1.7601.0 < 6.1.7601.27366

Windows Server 2008 R2 Service Pack 1 x64-based Systems 6.1.7601.0 < 6.1.7601.27366

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

19% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 8, 2024
Vulnerability Reserved
Aug 14, 2024