CVE-2024-43607

Heap-based Buffer Overflow (CWE-122)

Published: Oct 8, 2024

010
CVSS 8.8EPSS 0.09%High
CVE info copied to clipboard

Summary

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This vulnerability affects the Windows Routing and Remote Access Service, allowing potential remote code execution. It has a CVSS v3 base score of 8.8, indicating a high severity level. The vulnerability requires user interaction and can be exploited over the network without requiring privileges. It is classified as a Heap-based Buffer Overflow (CWE-122).

Impact

If exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system with high impact on confidentiality, integrity, and availability. The attacker could potentially gain control over the affected system, access sensitive information, modify data, or disrupt normal operations. Given the high CVSS score and the potential for remote code execution, this vulnerability poses a significant risk to affected systems.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft released an official fix for this vulnerability on October 8, 2024. The security team should prioritize applying this patch to affected systems. The patch addresses the vulnerability in the following Windows Server versions: - Windows Server 2016 (versions prior to 10.0.14393.7428) - Windows Server 2012 and 2012 R2 - Windows Server 2022 (versions prior to 10.0.20348.2762) - Windows Server 2022 23H2 (versions prior to 10.0.25398.1189) - Windows Server 2019 (versions prior to 10.0.17763.6414) - Windows Server 2008 and 2008 R2 SP1

Mitigation

1. Apply the official patch released by Microsoft as soon as possible to all affected Windows Server versions. 2. Limit network exposure for systems running Windows Routing and Remote Access Service. 3. Implement network segmentation to isolate systems running RRAS from untrusted networks. 4. Educate users about the risks of interacting with untrusted sources, as the vulnerability requires user interaction. 5. Monitor systems for suspicious activities and implement robust logging and detection mechanisms. 6. Keep all Windows systems and software up to date with the latest security patches. 7. Consider disabling RRAS if not essential for business operations until the patch can be applied. 8. Prioritize patching efforts based on the criticality of the affected systems and their exposure to potential attacks.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 8.8 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43607. See article

Oct 8, 2024 at 5:41 PM / CVE | THREATINT - NEW.RSS
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:41 PM
Threat Intelligence Report

CVE-2024-43607 is a critical Remote Code Execution vulnerability in Windows Routing and Remote Access Service (RRAS) with a CVSSv3 score of 8.8, categorized as “Exploitation Less Likely” by Microsoft. Exploitation could occur by targeting a vulnerable server with specially crafted protocol messages, but there is no indication of active exploitation in the wild or available proof-of-concept exploits. Microsoft has not specified any mitigations, detections, or patches for this vulnerability, nor are there mentions of downstream impacts to third-party vendors or technology. See article

Oct 8, 2024 at 6:13 PM
CVE Assignment

NVD published the first details for CVE-2024-43607

Oct 8, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208305)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208298)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208294)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208289)

Oct 9, 2024 at 1:15 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2008
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

References

Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability

News

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MS Family October 2024 Routine Security Update Advisory
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Patch Tuesday October 2024 - Five Zero Days
Besides these zero days we have five CVE's rated critical: These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. CVE-2024-43572 is a remote code execution vulnerability with a rating of important.
Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft Security Bulletin Coverage for October 2024
Microsoft’s October 2024 Patch Tuesday has 117 vulnerabilities, of which 42 are Remote Code Execution.SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2024 and has produced coverage for 4 of the reported vulnerabilities. Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
See 25 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI