CVE-2024-43639

Numeric Truncation Error (CWE-197)

Published: Nov 12, 2024

010
CVSS 9.8EPSS 0.09%Critical
CVE info copied to clipboard

Summary

Windows Kerberos Remote Code Execution Vulnerability. This critical vulnerability affects the Windows Kerberos authentication system, allowing remote code execution through a network-based attack vector. It requires no privileges and no user interaction, making it particularly dangerous. The vulnerability is associated with a cryptographic protocol weakness in systems configured as KDC Proxy servers.

Impact

The impact of this vulnerability is severe and far-reaching. An attacker could potentially: 1. Execute arbitrary code on the target system with high privileges. 2. Gain unauthorized access to sensitive information across the network. 3. Modify or delete critical data. 4. Disrupt normal system operations and services. 5. Use the compromised system as a foothold for broader network infiltration. Given Kerberos' fundamental role in Windows authentication infrastructure, a successful exploit could lead to a complete compromise of the affected system's confidentiality, integrity, and availability. The potential for lateral movement within the network is significant, as Kerberos is used for authentication across Windows environments.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft released an official fix for this vulnerability on November 12, 2024. Given the critical nature of the vulnerability, with a CVSS base score of 9.8, it is imperative that the security team prioritizes the immediate application of this patch across all affected systems.

Mitigation

1. Apply the official Microsoft patch immediately to all affected systems. 2. Implement network segmentation to limit the potential spread of an attack. 3. Monitor for suspicious Kerberos-related activities in your network, focusing on unusual authentication patterns or unexpected privilege escalations. 4. Ensure all systems are up-to-date with the latest security updates, not just for this specific vulnerability. 5. Implement the principle of least privilege for all user accounts and services to minimize potential impact. 6. Use strong, complex passwords and consider implementing multi-factor authentication to add an extra layer of security. 7. Regularly audit and review Kerberos configurations and logs for any anomalies. 8. Consider temporarily disabling KDC Proxy server configurations until patching is complete, if feasible within your environment. 9. Conduct a thorough security assessment of your Windows infrastructure to identify any signs of compromise or exploitation attempts related to this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92186)

Nov 12, 2024 at 7:53 AM
CVSS

A CVSS base score of 9.8 has been assigned.

Nov 12, 2024 at 5:55 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43639. See article

Nov 12, 2024 at 6:00 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Nov 12, 2024 at 6:01 PM
CVE Assignment

NVD published the first details for CVE-2024-43639

Nov 12, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (210861)

Nov 13, 2024 at 2:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (210857)

Nov 13, 2024 at 2:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (210860)

Nov 13, 2024 at 2:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (210856)

Nov 13, 2024 at 2:15 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2012
+null more

Patches

Microsoft
+null more

References

Windows KDC Proxy Remote Code Execution Vulnerability
An unauthenticated attacker could use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. This vulnerability only affects Windows Servers that are configured as a [MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol server.
ION Advisory: November Patch Tuesday
None of the following critical vulnerabilities below have been reported as being actively exploited or publicly disclosed: The following vulnerabilities have been reported as publicly disclosed, but not yet actively exploited :

News

Top 10 Daily Cybercrime Brief by FCRF [20.11.2024]: Click here to Know More | #cybercrime | #infosec
Punjab Police arrested two Assam residents, dismantling a cyber fraud ring linked to scams worth Rs 15 crore across seven states. 4. Punjab Police Arrest Two Assam Residents in Rs 76 Lakh Cyber Fraud Case
CVEs have been published or revised in the Security Update Guide November 18
... and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-43639 https://msrc.microsoft.com/
Critical Windows Kerberos Flaw Exposes Millions of Servers to Attack
A critical vulnerability in the Windows Kerberos authentication protocol poses a significant risk to millions of servers. System administrators should patch all Windows Servers configured as KDC Proxy servers, disable unnecessary KDC Proxy services, and implement additional security measures like network segmentation and firewalls to minimize the risk of a cyberattack.
CVE-2024-43639 Windows KDC Proxy Remote Code Execution Vulnerability
CVEs have been published or revised in the Security Update Guide November 18
CVEs have been published or revised in the Security Update Guide November 18, 2024 These common vulnerabilities and exposures (CVEs) were recently published or revised in the Microsoft Security Update Guide: CVE-2024-43639 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639 • Title: Windows KDC Proxy Remote Code Execution Vulnerability • Version: 1.2 • Reason for revision: Added FAQs to explain the mitigating circumstances for this vulnerability. KPSSVC is an additional feature Microsoft has been providing since Windows Server 2012. If customers do not have it configured in their environment, then this vulnerability is not exploitable. This is an informational change only. • Originally released: November 12, 2024 • Last updated:
See 114 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI