CVE-2024-43575

Uncontrolled Resource Consumption (CWE-400)

Published: Oct 8, 2024

010
CVSS 7.5EPSS 0.05%High
CVE info copied to clipboard

Summary

Windows Hyper-V is vulnerable to a Denial of Service attack. This vulnerability is classified as a case of Uncontrolled Resource Consumption (CWE-400). The attack vector is network-based, requires low complexity, and does not need user interaction or privileges to exploit.

Impact

If successfully exploited, this vulnerability could lead to a high impact on the availability of the affected system. An attacker could potentially cause a denial of service condition in Windows Hyper-V, disrupting its normal operation and potentially affecting the availability of virtual machines running on the hypervisor. However, there is no impact on the confidentiality or integrity of the system.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch for this vulnerability is available. Microsoft released the patch on October 8, 2024.

Mitigation

To mitigate this vulnerability, it is strongly recommended to apply the security update provided by Microsoft as soon as possible. Prioritize patching for Windows Server systems running Hyper-V. Additionally, consider implementing network segmentation and access controls to limit potential attack vectors. Monitor Hyper-V systems for unusual resource consumption or performance degradation that could indicate exploitation attempts.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 7.5 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43575. See article

Oct 8, 2024 at 5:55 PM / Zero Day Initiative - Blog
Threat Intelligence Report

CVE-2024-43575 is a denial-of-service (DoS) vulnerability with an important severity rating and a CVSSv3 score of 7.5. The provided information does not indicate whether it is being exploited in the wild, nor does it mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts to other third-party vendors or technology. Further investigation would be necessary to assess the full implications of this vulnerability. See article

Oct 8, 2024 at 6:13 PM
CVE Assignment

NVD published the first details for CVE-2024-43575

Oct 8, 2024 at 6:15 PM
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Oct 8, 2024 at 6:48 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 17.8%)

Oct 9, 2024 at 10:29 AM
Trending

This CVE started to trend in security discussions

Oct 9, 2024 at 10:37 PM
Trending

This CVE stopped trending in security discussions

Oct 11, 2024 at 5:52 PM
EPSS

EPSS Score was set to: 0.06% (Percentile: 28.5%)

Nov 19, 2024 at 2:33 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2016
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-147: XML Ping of the Death
+null more

References

October 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
Role: Windows Hyper-V CVE-2024-20659 7.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitation Less Likely Yes No No Windows Hyper-V CVE-2024-30092 8.0 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows EFI Partition CVE-2024-37976 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-37979 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows EFI Partition CVE-2024-37982 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows EFI Partition CVE-2024-37983 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No OpenSSH for Windows CVE-2024-38029 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure Monitor CVE-2024-38097 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C Exploitation Unlikely Yes No No Windows Netlogon CVE-2024-38124 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Windows Kerberos CVE-2024-38129 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No BranchCache CVE-2024-38149 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Azure Stack CVE-2024-38179 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Routing and Remote Access Service (RRAS) CVE-2024-38212 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No .NET and Visual Studio CVE-2024-38229 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-38261 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Licensing Service CVE-2024-38262 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-38265 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43453 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Remote Desktop Services CVE-2024-43456 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Configuration Manager CVE-2024-43468 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes Yes No Service Fabric CVE-2024-43480 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Power BI CVE-2024-43481 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No .NET, .NET Framework, Visual Studio CVE-2024-43483 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No .NET, .NET Framework, Visual Studio CVE-2024-43484 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No .NET and Visual Studio CVE-2024-43485 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Visual Studio Code CVE-2024-43488 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No DeepSpeed CVE-2024-43497 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Resilient File System (ReFS) CVE-2024-43500 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Common Log File System Driver CVE-2024-43501 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-43502 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office SharePoint CVE-2024-43503 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office Excel CVE-2024-43504 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office Visio CVE-2024-43505 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No BranchCache CVE-2024-43506 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Microsoft Graphics Component CVE-2024-43508 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Graphics Component CVE-2024-43509 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Kernel CVE-2024-43511 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Standards-Based Storage Management Service CVE-2024-43512 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows BitLocker CVE-2024-43513 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows NTFS CVE-2024-43514 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Internet Small Computer Systems Interface (iSCSI) CVE-2024-43515 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Secure Kernel Mode CVE-2024-43516 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft ActiveX CVE-2024-43517 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Telephony Server CVE-2024-43518 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft WDAC OLE DB provider for SQL CVE-2024-43519 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-43520 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Role: Windows Hyper-V CVE-2024-43521 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Local Security Authority (LSA) CVE-2024-43522 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43523 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43524 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43525 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43526 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel CVE-2024-43527 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Secure Kernel Mode CVE-2024-43528 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Print Spooler Components CVE-2024-43529 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No RPC Endpoint Mapper Service CVE-2024-43532 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Remote Desktop Client CVE-2024-43533 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Microsoft Graphics Component CVE-2024-43534 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel-Mode Drivers CVE-2024-43535 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43536 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43537 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43538 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43540 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Simple Certificate Enrollment Protocol CVE-2024-43541 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Mobile Broadband CVE-2024-43542 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43543 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Simple Certificate Enrollment Protocol CVE-2024-43544 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Online Certificate Status Protocol (OCSP) CVE-2024-43545 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Cryptographic Services CVE-2024-43546 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kerberos CVE-2024-43547 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43549 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Secure Channel CVE-2024-43550 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Storage CVE-2024-43551 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Shell CVE-2024-43552 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows NT OS Kernel CVE-2024-43553 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Kernel-Mode Drivers CVE-2024-43554 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43555 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Graphics Component CVE-2024-43556 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Mobile Broadband CVE-2024-43557 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43558 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Mobile Broadband CVE-2024-43559 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Storage Port Driver CVE-2024-43560 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Mobile Broadband CVE-2024-43561 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Address Translation (NAT) CVE-2024-43562 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Ancillary Function Driver for WinSock CVE-2024-43563 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43564 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Network Address Translation (NAT) CVE-2024-43565 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Role: Windows Hyper-V CVE-2024-43567 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Windows Kernel CVE-2024-43570 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Sudo for Windows CVE-2024-43571 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Microsoft Management Console CVE-2024-43572 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C Exploitation Detected Yes No No Windows MSHTML Platform CVE-2024-43573 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C Exploitation Detected Yes No No Microsoft Windows Speech CVE-2024-43574 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Role: Windows Hyper-V CVE-2024-43575 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Microsoft Office CVE-2024-43576 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes OpenSSH for Windows CVE-2024-43581 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Remote Desktop CVE-2024-43582 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Winlogon CVE-2024-43583 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Windows Scripting CVE-2024-43584 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Code Integrity Guard CVE-2024-43585 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No Yes Windows Routing and Remote Access Service (RRAS) CVE-2024-43589 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C Exploitation Less Likely No No No Visual C++ Redistributable Installer CVE-2024-43590 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Azure CLI CVE-2024-43591 8.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43592 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43593 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Remote Desktop Client CVE-2024-43599 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Visual Studio Code CVE-2024-43601 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Visual Studio CVE-2024-43603 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitation Less Likely No No No Outlook for Android CVE-2024-43604 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43607 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Windows Routing and Remote Access Service (RRAS) CVE-2024-43608 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Office CVE-2024-43609 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation More Likely Yes No Yes Windows Routing and Remote Access Service (RRAS) CVE-2024-43611 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Power BI CVE-2024-43612 6.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N/E:U/RL:O/RC:C Exploitation Less Likely Yes No No Microsoft Defender for Endpoint CVE-2024-43614 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitation Less Likely No No No OpenSSH for Windows CVE-2024-43615 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation More Likely Yes No No Microsoft Office CVE-2024-43616 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitation Less Likely Yes No No
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability

News

CVE-2024-43575 Windows Hyper-V Denial of Service Vulnerability
October 2024 – Microsoft patch tuesday highlights
Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE) are among the vulnerabilities that Microsoft has addressed in various software products. Microsoft Configuration Manager Remote Code Execution Vulnerability
MS Family October 2024 Routine Security Update Advisory
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Patch Tuesday October 2024 - Five Zero Days
Besides these zero days we have five CVE's rated critical: These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. CVE-2024-43572 is a remote code execution vulnerability with a rating of important.
Microsoft Security Bulletin Coverage for October 2024
Microsoft’s October 2024 Patch Tuesday has 117 vulnerabilities, of which 42 are Remote Code Execution.SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2024 and has produced coverage for 4 of the reported vulnerabilities. Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
See 23 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:None
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI