Windows Hyper-V Remote Code Execution Vulnerability

CVE-2024-49117

8.8HIGH

Key Information

Vendor: Microsoft
Status: Windows Server 2022; Windows 11 Version 22h2; Windows Server 2025 (server Core Installation); Windows 11 Version 22h3
Vendor: CVE Published:; 12 December 2024

Badges

👾 Exploit Exists🔴 Public PoC

Summary

Windows Hyper-V Remote Code Execution Vulnerability

Affected Version(s)

Windows Server 2022 < 10.0.20348.2966

Windows 11 version 22H2 < 10.0.22621.4602

Windows Server 2025 (Server Core installation) < 10.0.26100.2605

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Microsoft-2024-December-Update-Control
Created by mutkus

Refferences

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

🔴
Public PoC available
Dec 18, 2024
👾
Exploit known to exist
Dec 18, 2024
Vulnerability published
Dec 12, 2024
Vulnerability Reserved
Oct 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 Proof of Concept(s)