CVE-2024-43599

Use After Free (CWE-416)

Published: Oct 8, 2024

010
CVSS 8.8EPSS 0.09%High
CVE info copied to clipboard

Summary

Remote Desktop Client Remote Code Execution Vulnerability. This vulnerability allows an attacker to potentially execute arbitrary code on the target system through the Remote Desktop Client. It has a CVSS v3 base score of 8.8, indicating high severity. The vulnerability requires user interaction and can be exploited over the network without requiring privileges.

Impact

If successfully exploited, this vulnerability could lead to severe consequences. An attacker could gain full control over the affected system, potentially allowing them to: 1. Execute arbitrary code with the privileges of the compromised user 2. Access, modify, or delete sensitive data 3. Install malware or backdoors 4. Use the compromised system as a launching point for further attacks within the network The high impact on confidentiality, integrity, and availability suggests that successful exploitation could lead to complete compromise of the system's security.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability as of October 8, 2024. The security team should prioritize applying this patch to all affected systems.

Mitigation

1. Apply the official patch from Microsoft as soon as possible. 2. Implement the principle of least privilege to limit the potential impact of exploitation. 3. Educate users about the risks of interacting with untrusted Remote Desktop connections. 4. Use network segmentation to isolate Remote Desktop services. 5. Enable and configure Windows Defender or other antivirus software to detect and prevent potential exploits. 6. Monitor systems for unusual activities that could indicate exploitation attempts. 7. Consider using Remote Desktop Gateway servers to add an extra layer of security for remote connections. 8. Keep all systems and software up-to-date with the latest security patches.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 8.8 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43599. See article

Oct 8, 2024 at 5:46 PM / CVE | THREATINT - NEW.RSS
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:48 PM
Threat Intelligence Report

CVE-2024-43599 is a critical Remote Code Execution (RCE) vulnerability in Microsoft Remote Desktop Client, with a CVSSv3 score of 8.8, and is flagged as “Exploitation Less Likely” by Microsoft. The vulnerability requires an attacker to first compromise a Remote Desktop Server before targeting vulnerable connecting devices, and it is recommended to disable the Remote Desktop service if not needed as a mitigation measure. There is no information provided regarding exploitation in the wild, proof-of-concept exploits, or downstream impacts on third-party vendors. See article

Oct 8, 2024 at 6:13 PM
CVE Assignment

NVD published the first details for CVE-2024-43599

Oct 8, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208304)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208303)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208302)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208305)

Oct 9, 2024 at 1:15 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2022
+null more

Patches

Microsoft
+null more

References

Remote Desktop Client Remote Code Execution Vulnerability
In the case of a Remote Desktop connection, an attacker with control of a Remote Desktop Server could trigger a remote code execution (RCE) on the RDP client machine when a victim connects to the attacking server with the vulnerable Remote Desktop Client. Windows Server 2022, 23H2 Edition (Server Core installation)
Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability

News

CVE-2024-43599
Does anyone know where I can get a writeup or a POC for this vuln? It's extremely new but a shared RDP me and a friend had was hit by it (either this or one of the other 58 or so vulns that just got disclosed in early October, apparently the RDP host installs an unpatched version by default)
CVE-2024-43599
Does anyone know where I can get a writeup or a POC for this vuln? It's extremely new but a shared RDP me and a friend had was hit by it (either this or one of the other 58 or so vulns that just got disclosed in early October, apparently the RDP host installs an unpatched version by default)
Patch 10 Critical Windows CVEs for October 2024
Similar to CVE-2024-43564, this vulnerability in Windows RRAS allows attackers to execute remote commands, affecting system network configurations. These vulnerabilities, collectively rated as high or critical severity by Microsoft, pose significant risks, including Remote Code Execution (RCE), which could lead to complete system compromise.
Remote Desktop Client Remote Code Execution Vulnerability
The potential impact of an exploit of this vulnerability is considered to be very high. CVE-2024-43599 has been classified to as a Dangling pointer vulnerability or weakness.
WARNING: MICROSOFT PATCH TUESDAY, OCTOBER 2024 PATCHES 117 VULNERABILITIES (3 CRITICAL, 113 IMPORTANT, 1 MODERATE), PATCH IMMEDIATELY!
monthly releases are called "Patch Tuesday" and contain security fixes for Microsoft devices and An unauthenticated, remote attacker could exploit this vulnerability by
See 43 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI