CVE-2024-43608

Heap-based Buffer Overflow (CWE-122)

Published: Oct 8, 2024

010
CVSS 8.8EPSS 0.09%High
CVE info copied to clipboard

Summary

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This vulnerability allows remote code execution with a network-based attack vector and low attack complexity. User interaction is required, but no privileges are needed to exploit it.

Impact

If exploited, this vulnerability could lead to a severe impact on the affected systems. The attacker could potentially execute arbitrary code with high confidentiality, integrity, and availability impacts. This means they could potentially access sensitive information, modify or delete data, and disrupt system operations.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft released an official fix for this vulnerability on October 8, 2024.

Mitigation

1. Apply the official patch from Microsoft as soon as possible. 2. Implement network segmentation to limit exposure of RRAS services. 3. Monitor for suspicious network activities targeting RRAS. 4. Ensure user awareness training to recognize and avoid potential attack vectors requiring user interaction. 5. Consider disabling RRAS if not essential until patching is complete.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 8.8 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43608. See article

Oct 8, 2024 at 5:41 PM / CVE | THREATINT - NEW.RSS
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:41 PM
Threat Intelligence Report

CVE-2024-43608 is a critical Remote Code Execution vulnerability in Windows Routing and Remote Access Service (RRAS) with a CVSSv3 score of 8.8, categorized as “Exploitation Less Likely” by Microsoft. Exploitation could occur by targeting a vulnerable server with specially crafted protocol messages, but there is no indication of active exploitation in the wild or proof-of-concept exploits mentioned. Microsoft has provided patches for this vulnerability as part of the October Patch Tuesday update, but no specific mitigations or downstream impacts on third-party vendors are detailed. See article

Oct 8, 2024 at 6:13 PM
CVE Assignment

NVD published the first details for CVE-2024-43608

Oct 8, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208305)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208298)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208294)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208289)

Oct 9, 2024 at 1:15 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2008
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

References

Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability

News

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
MS Family October 2024 Routine Security Update Advisory
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Patch Tuesday October 2024 - Five Zero Days
Besides these zero days we have five CVE's rated critical: These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. CVE-2024-43572 is a remote code execution vulnerability with a rating of important.
Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft Security Bulletin Coverage for October 2024
Microsoft’s October 2024 Patch Tuesday has 117 vulnerabilities, of which 42 are Remote Code Execution.SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2024 and has produced coverage for 4 of the reported vulnerabilities. Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
See 26 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI