CVE-2024-43484

Inefficient Algorithmic Complexity (CWE-407)

Published: Oct 8, 2024 / Updated: 42d ago

010
CVSS 7.5EPSS 0.05%High
CVE info copied to clipboard

Summary

The System.IO.Packaging library may allow untrusted inputs to influence algorithmically complex operations, leading to denial of service. This vulnerability affects Microsoft products including .NET, .NET Framework, and Visual Studio 2022.

Impact

This vulnerability can lead to a denial of service attack. An attacker could exploit this to cause the affected system to become unresponsive or crash, potentially disrupting normal operations and services.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Patches are available. Microsoft has released updates to address this vulnerability. Updates are available for affected versions of .NET, .NET Framework, and Visual Studio 2022.

Mitigation

1. Update affected systems to the latest patched versions: - .NET: Update to versions 8.0.10 or later, and 6.0.35 or later - .NET Framework: Update to the latest patched version for your specific version (4.6.2, 4.7, 3.5.1, 4.6, 2.0-sp2, 4.7.1, 4.8, 3.5, 4.8.1, 3.0-sp2, 4.7.2) - Visual Studio 2022: Update to versions 17.8.15 or later, 17.10.8 or later, 17.11.5 or later, and 17.6.20 or later 2. If immediate patching is not possible, consider implementing network segmentation to limit exposure of vulnerable systems. 3. Monitor systems for unusual activity or performance issues that could indicate exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Timeline

Vendor Advisory

RedHat CVE advisory released a security advisory (CVE-2024-43484).

Oct 8, 2024 at 5:30 PM
CVSS

A CVSS base score of 7.5 has been assigned.

Oct 8, 2024 at 5:30 PM / redhat-cve-advisories
Vendor Advisory

GitHub Advisories released a security advisory.

Oct 8, 2024 at 5:31 PM
First Article

Feedly found the first article mentioning CVE-2024-43484. See article

Oct 8, 2024 at 5:33 PM / Red Hat CVE Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 8, 2024 at 5:33 PM
CVE Assignment

NVD published the first details for CVE-2024-43484

Oct 8, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208286)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208306)

Oct 9, 2024 at 5:16 AM
Vendor Advisory

RedHat released a security advisory (RHSA-2024:7851).

Oct 9, 2024 at 8:00 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/.net
+null more

Patches

Github Advisory
+null more

References

November 12, 2024-Security and Quality Rollup for .NET Framework 3.5.1 for Windows Server 2008 R2 SP1 (KB5044011) - Microsoft Support
The October 8, 2024 update for Windows Server 2008 R2 SP1 includes cumulative security and reliability improvements in .NET Framework 3.5.1. To get this security update, you must reinstall the "Extended Security Updates (ESU) Licensing Preparation Package" ( KB5016892 ) for Windows Server 2008 R2 SP1 that is dated August 8, 2022 even if you previously installed the ESU key.
October 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
Role: Windows Hyper-V CVE-2024-20659 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitation Less Likely Yes No No Windows Hyper-V CVE-2024-30092 8.0 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows EFI Partition CVE-2024-37976 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-37979 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows EFI Partition CVE-2024-37982 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows EFI Partition CVE-2024-37983 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No OpenSSH for Windows CVE-2024-38029 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Monitor CVE-2024-38097 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C Exploitation Unlikely Yes No No Windows Netlogon CVE-2024-38124 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Windows Kerberos CVE-2024-38129 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No BranchCache CVE-2024-38149 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Azure Stack CVE-2024-38179 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Routing and Remote Access Service (RRAS) CVE-2024-38212 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No .NET and Visual Studio CVE-2024-38229 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-38261 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38262 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-38265 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43453 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Services CVE-2024-43456 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Configuration Manager CVE-2024-43468 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes Yes No Service Fabric CVE-2024-43480 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Power BI CVE-2024-43481 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No .NET, .NET Framework, Visual Studio CVE-2024-43483 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No .NET, .NET Framework, Visual Studio CVE-2024-43484 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No .NET and Visual Studio CVE-2024-43485 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Visual Studio Code CVE-2024-43488 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No DeepSpeed CVE-2024-43497 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Resilient File System (ReFS) CVE-2024-43500 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Common Log File System Driver CVE-2024-43501 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-43502 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office SharePoint CVE-2024-43503 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office Excel CVE-2024-43504 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office Visio CVE-2024-43505 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No BranchCache CVE-2024-43506 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Microsoft Graphics Component CVE-2024-43508 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Graphics Component CVE-2024-43509 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Kernel CVE-2024-43511 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Standards-Based Storage Management Service CVE-2024-43512 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows BitLocker CVE-2024-43513 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows NTFS CVE-2024-43514 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Internet Small Computer Systems Interface (iSCSI) CVE-2024-43515 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Secure Kernel Mode CVE-2024-43516 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft ActiveX CVE-2024-43517 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Telephony Server CVE-2024-43518 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft WDAC OLE DB provider for SQL CVE-2024-43519 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-43520 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Role: Windows Hyper-V CVE-2024-43521 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Local Security Authority (LSA) CVE-2024-43522 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43523 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43524 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43525 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43526 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-43527 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Secure Kernel Mode CVE-2024-43528 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Print Spooler Components CVE-2024-43529 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No RPC Endpoint Mapper Service CVE-2024-43532 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Remote Desktop Client CVE-2024-43533 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Microsoft Graphics Component CVE-2024-43534 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel-Mode Drivers CVE-2024-43535 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43536 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43537 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43538 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43540 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Simple Certificate Enrollment Protocol CVE-2024-43541 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Mobile Broadband CVE-2024-43542 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43543 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Simple Certificate Enrollment Protocol CVE-2024-43544 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Online Certificate Status Protocol (OCSP) CVE-2024-43545 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Cryptographic Services CVE-2024-43546 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kerberos CVE-2024-43547 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43549 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Secure Channel CVE-2024-43550 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Storage CVE-2024-43551 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Shell CVE-2024-43552 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows NT OS Kernel CVE-2024-43553 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel-Mode Drivers CVE-2024-43554 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43555 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Graphics Component CVE-2024-43556 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Mobile Broadband CVE-2024-43557 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43558 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43559 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Storage Port Driver CVE-2024-43560 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Mobile Broadband CVE-2024-43561 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Address Translation (NAT) CVE-2024-43562 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Ancillary Function Driver for WinSock CVE-2024-43563 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43564 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Address Translation (NAT) CVE-2024-43565 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Role: Windows Hyper-V CVE-2024-43567 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Kernel CVE-2024-43570 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Sudo for Windows CVE-2024-43571 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Microsoft Management Console CVE-2024-43572 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitation Detected Yes No No Windows MSHTML Platform CVE-2024-43573 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Exploitation Detected Yes No No Microsoft Windows Speech CVE-2024-43574 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Role: Windows Hyper-V CVE-2024-43575 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Microsoft Office CVE-2024-43576 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes OpenSSH for Windows CVE-2024-43581 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Remote Desktop CVE-2024-43582 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Winlogon CVE-2024-43583 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Scripting CVE-2024-43584 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Code Integrity Guard CVE-2024-43585 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Windows Routing and Remote Access Service (RRAS) CVE-2024-43589 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C Exploitation Less Likely No No No Visual C++ Redistributable Installer CVE-2024-43590 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure CLI CVE-2024-43591 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43592 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43593 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Remote Desktop Client CVE-2024-43599 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Visual Studio Code CVE-2024-43601 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Visual Studio CVE-2024-43603 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Outlook for Android CVE-2024-43604 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43607 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43608 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office CVE-2024-43609 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation More Likely Yes No Yes Windows Routing and Remote Access Service (RRAS) CVE-2024-43611 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Power BI CVE-2024-43612 6.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Defender for Endpoint CVE-2024-43614 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely No No No OpenSSH for Windows CVE-2024-43615 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office CVE-2024-43616 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2
See 1 more references

News

November 12, 2024-Security and Quality Rollup for .NET Framework 3.5.1 for Windows Server 2008 R2 SP1 (KB5044011) - Microsoft Support
The October 8, 2024 update for Windows Server 2008 R2 SP1 includes cumulative security and reliability improvements in .NET Framework 3.5.1. To get this security update, you must reinstall the "Extended Security Updates (ESU) Licensing Preparation Package" ( KB5016892 ) for Windows Server 2008 R2 SP1 that is dated August 8, 2022 even if you previously installed the ESU key.
CVE-2024-43484 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Third-Party Software Update Catalog Release History – October 2024
Third-Party Software Update Catalog Release History – October 2024 In October 2024, our third-party software update catalog for Microsoft SCCM contained 1457 bug, feature, and security-related updates. Below you will find a full list of relevant updates and new products for October 2024. 1457 Total Updates 512 Security Updates 439 of the 512 security updates include CVE-IDs 105 New Products New Products: Altova XMLSpy 2025 Enterprise Edition 2025.00.00.0 (EXE-x64) Altova XMLSpy 2025 Enterprise Edition 2025.00.00.0 (EXE-x86) Altova XMLSpy 2025 Professional Edition 2025.00.00.0 (EXE-x64) Altova XMLSpy 2025 Professional Edition 2025.00.00.0 (EXE-x86) Amazon Athena ODBC Driver 2.0.3.0 (MSI-x64) Apache Tomcat 11.0 (EXE-x64) Autodesk AutoCAD Mechanical 2022 v26.0.76.0 (EXE-x64) Autodesk AutoCAD Mechanical 2023 v27.0.77.0 (EXE-x64) Autodesk AutoCAD Mechanical 2024 v28.0.91.0 (EXE-x64) Autodesk AutoCAD Mechanical 2025 v29.0.73.0 (EXE-x64) AWP Identity Manager 5.3.5.385 (MSI-x64) AWP Identity Manager 5.3.5.385 (MSI-x86) Cherry Keys 1.0.7.0 (MSI-x64) Cherry Keys 1.0.7.0 (MSI-x86) Connective Signing Plugins 2.0.9.0 (MSI-x86) Dell Peripheral Manager 1.7.6.0 (EXE-x64) DigiDoc4 Client 4.6.0.5305 (MSI-x64) Drata Agent 3.6.1.0 (User-x64) eBuddy 12.4.2.32082 (MSI-x86) eID Software 24.10.18.8368 (EXE-x64) Elgato 4K Capture Utility 1.7.13.6046 (MSI-x64) Elgato Camera Hub 1.11.0.4066 (MSI-x64) Elgato Control Center 1.7.1.600 (MSI-x64) eParakstitajs 3.0 1.8.0.0 (MSI-x64) eParakstitajs 3.0 1.8.0.0 (MSI-x86) EUROMOD 3.7.6.0 (EXE-x64) FastCopy 5.8.0.0 (User-x64) GitHub Desktop 3.4.8 (User-x64) Go Integrator Cara 4.5.0.8688 (EXE) Helix Visual Client P4V 242.43.2.0 (EXE-x64) Helix Visual Client P4V 242.43.2.0 (MSI-x64) INI Viewer and Editor 2.11.0.0 (EXE-x64) Input Director 2.3.0.0 (EXE-x64) Iridium Browser 116.0.0.0 (MSI-x64) Iridium Browser 116.0.0.0 (MSI-x86) JetBrains Rider 2022 223.8836.53.0 (EXE-x86) JetBrains Rider 2023 233.15026.35.0 (EXE-x86) JetBrains Rider 2024 242.23726.100.0 (EXE-x86) JetBrains Rider Latest 242.23726.100.0 (EXE-x86) JetBrains Space 2023.1.7.0 (User-x64) ksnip 1.10.1.0 (MSI-x64) LAV Filters 0.79.2.0 (EXE-x86) LocalSend 1.15.4.0 (EXE-x64) LocalSend 1.15.4.0 (User-x64) MailStore Client 24.100.22356.0 (MSI-x86) MailStore Outlook Add-in 24.100.22356.0 (MSI-x86) MaxCut 2.9.3.4 (EXE-x86) MerciApp 2.6.12 (User-x64) Microsoft Visual Studio Tools for Applications 2015 14.0.23829.0 (EXE-x86) Microsoft Visual Studio Tools for Applications 2017 15.0.26717.0 (EXE-x86) Microsoft Visual Studio Tools for Applications 2019 16.0.31110.0 (EXE-x86) Microsoft Visual Studio Tools for Applications 2022 17.0.33529.0 (EXE-x86) Monosnap 5.1.13.0 (User-x64) Mozilla Firefox ESR 128.3.0 (x64 ja) Mozilla Firefox ESR 128.3.0 (x86 ja) Mozilla Thunderbird 128.3.0 (x64 de) Mozilla Thunderbird 128.3.0 (x64 ES-es) Mozilla Thunderbird 128.3.0 (x64 fr) Mozilla Thunderbird 128.3.0 (x64 it) Mozilla Thunderbird 128.3.0 (x86 de) Mozilla Thunderbird 128.3.0 (x86 ES-es) Mozilla Thunderbird 128.3.0 (x86 fr) Mozilla Thunderbird 128.3.0 (x86 it) MTPuTTY 1.8.5.0 (EXE-x86) MTPuTTY 1.8.5.0 (User-x86) NetPad 0.8.0.0 (EXE-x64) NetPad 0.8.0.0 (User-x64) Nuclino 1.6.5.0 (User-x64) Nullsoft Scriptable Install System 3.10.0.0 (EXE-x86) NVivo 15.0.0.12 (EXE-x64) Octoparse 8.7.2.0 (EXE-x64) Oracle VirtualBox 7.1.2 (EXE-x64) Oracle VirtualBox Latest 7.1.2.0 (EXE-x64) Pix4Dmatic 1.63.1.0 (MSI-x64) Power BI ALM Toolkit 5.1.3.0 (MSI-x64) Prowise Presenter 1.0.0.0 (EXE-x64) Prowise Presenter 1.0.0.0 (MSI-x64) Prowise Reflect 1.2.0.0 (EXE-x86) PrusaSlicer 2.8.1.0 (EXE-x64) PVSOL 2024 v2024.4.0.0 (EXE-x86) PVSOL premium 2024 v2024.8.0.0 (EXE-x86) PVsyst 7.4.8.0 (EXE-x64) Python 3.13.150.0 (EXE-x64) Python 3.13.150.0 (EXE-x86) QENC Decrypter 1.2.0.22173 (EXE-x86) QNAP Qfinder Pro 7.11.1.0726 (EXE-x86) QNAP Qsync Client 5.1.6.0906 (EXE-x86) QuDedup Extract Tool 1.1.5.24208 (EXE-x86) Rainbow 2.139.2.0 (MSI-x86) Rainbow 2.139.2.0 (User-x64) Rancher Desktop 1.16.0.0 (MSI-x64) Regression Suite Automation Tool 2.7.16771.39 (MSI) SBC Configuration Wizard 2.31.0.0 (EXE-x86) Simba Athena ODBC Driver 1.x 1.2.3.1000 (MSI-x64) Simba Athena ODBC Driver 1.x 1.2.3.1000 (MSI-x86) Syslog Viewer 2.25.0.0 (EXE-x64) Tableau Desktop 2024.2 24.2.1060.0 (EXE-x64) Tableau Desktop 2024.3 24.3.425.0 (EXE-x64) Tableau Prep Builder 2024.2 24.2.40000.0 (EXE-x64) Tableau Prep Builder 2024.3 24.3.40066.0 (EXE-x64) Termius 9.8.3.0 (User-x64) Voxbi 2.11.46.0 (MSI-x86) WinDirStat 2.0.3.832 (MSI-x64) WinDirStat 2.0.3.832 (MSI-x86) WinZip 29.0.16250.0 (MSI-x64) Updates Added: (Oldest to Newest) 1Password 8.10.46 (MSI-x64) 1Password 8.10.46 (User) Release Notes for 1Password 8.10.46 Release Type: ⬤ ⬤ Scan Detection Ratio 0/60 VirusTotal Latest Scan Results (MSI-x64) Scan Detection Ratio 0/70 VirusTotal Latest Scan Results (User) Advanced Installer 22.1.0 (MSI-x86) Release Notes for Advanced Installer 22.1.0 (MSI-x86) Release Type: ⬤
Rocky Linux: RLSA-2024:7867 .NET 6.0 security update Security Advisories Updates
Important: .NET 6.0 security update
RockyLinux 9 : .NET 8.0 (RLSA-2024:7869)
The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:7869 advisory. The remote RockyLinux host is missing one or more security updates.
See 86 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI