Sensitive Data Storage in Improperly Locked Memory (CWE-591)
Windows Hyper-V Denial of Service Vulnerability. This vulnerability allows a local attacker with low privileges to cause a denial of service condition in Windows Hyper-V. The attack requires no user interaction and has a low attack complexity. While it does not impact confidentiality or integrity, it has a high impact on availability. The vulnerability affects the scope beyond the vulnerable component.
This vulnerability could allow an attacker to cause a denial of service condition in Windows Hyper-V. The impact is primarily on the availability of the system, potentially causing disruption to virtual machine operations or the entire Hyper-V environment. Given the "Changed" scope, the impact may extend beyond the Hyper-V component itself, potentially affecting other parts of the system or network. The high availability impact suggests that the attacker could potentially cause a complete shutdown or significant disruption of the Hyper-V service.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available for this vulnerability. Microsoft released the patch on November 12, 2024.
1. Apply the security update provided by Microsoft as soon as possible. 2. Limit local access to Hyper-V hosts to trusted administrators only. 3. Implement the principle of least privilege for users who have access to Hyper-V environments. 4. Monitor Hyper-V systems for unusual activity or performance issues that could indicate exploitation attempts. 5. Ensure that all Windows systems, especially those running Hyper-V, are kept up to date with the latest security patches. 6. Consider implementing additional network segmentation to isolate Hyper-V environments from potential attack vectors.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C
Detection for the vulnerability has been added to Qualys (92186)
A CVSS base score of 6.5 has been assigned.
Feedly found the first article mentioning CVE-2024-43633. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-43633
EPSS Score was set to: 0.04% (Percentile: 10.1%)
EPSS Score was set to: 0.04% (Percentile: 10.2%)