Windows Remote Desktop Services Remote Code Execution Vulnerability
CVE-2024-49119

8.1HIGH

Summary

This vulnerability in Microsoft Windows Remote Desktop Services allows for remote code execution, enabling attackers to execute arbitrary code on affected systems. It arises from improper processing of requests to the RDP service, leading to potential exploitation by malicious users. Successful exploitation can result in full system control, affecting data integrity and confidentiality. Organizations using vulnerable versions of Windows are urged to apply relevant security updates immediately to mitigate risks.

Affected Version(s)

Windows Server 2016 (Server Core installation) x64-based Systems 10.0.14393.0 < 10.0.14393.7606

Windows Server 2016 x64-based Systems 10.0.14393.0 < 10.0.14393.7606

Windows Server 2019 (Server Core installation) x64-based Systems 10.0.17763.0 < 10.0.17763.6659

References

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed
.