Windows SMB Denial of Service Vulnerability: A Growing Threat to Your Organization's Security
CVE-2024-43642

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Windows Server 2025; Windows Server 2025 (server Core Installation); Windows Server 2022; Windows 11 Version 22h2
Vendor: CVE Published:; 12 November 2024

Summary

The vulnerability in the Windows SMB (Server Message Block) protocol allows attackers to trigger denial of service conditions, which may lead to system instability and hinder legitimate user access. Attackers can exploit this flaw without requiring user interaction, posing serious risks to organizations relying on SMB for file and printer sharing. Microsoft has released updates aimed at mitigating this security issue, emphasizing the importance of prompt patching and security hygiene.

Affected Version(s)

Windows 11 version 22H2 ARM64-based Systems 10.0.22621.0 < 10.0.22621.4460

Windows 11 version 22H3 ARM64-based Systems 10.0.22631.0 < 10.0.22631.4460

Windows 11 Version 23H2 x64-based Systems 10.0.22631.0 < 10.0.22631.4460

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024