CVE-2024-49117
published 2024-12-12CVE-2024-49117: Windows Hyper-V Remote Code Execution Vulnerability
PriorityP350high8.8CVSS 3.1
AVLACLPRLUINSCCHIHAH
EPSS
1.00%
58.2th percentile
Windows Hyper-V Remote Code Execution Vulnerability
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_11_22h2 | < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_23h2 | < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_24h2 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2022 | < 10.0.20348.2966 | 10.0.20348.2966 |
| microsoft | windows_server_2022 | >= 10.0.20348.0 < 10.0.20348.2966 | 10.0.20348.2966 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1308 | 10.0.25398.1308 |
| microsoft | windows_server_2025 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| msrc | windows_11_version_22h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_22h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_23h2_for_x64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_arm64-based_systems | — | — |
| msrc | windows_11_version_24h2_for_x64-based_systems | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows Hyper-V Remote Code Execution Vulnerability
vendor_msrc·2024-12-10·CVSS 8.8
CVE-2024-49117 [HIGH] CWE-393 Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
FAQ: How would an attacker exploit this vulnerability?
This vulnerability would require an authenticated attacker on a guest VM to send specially crafted file operation requests on the VM to hardware resources on the VM which could result in remote code execution on the host server.
FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?
The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.
The vulnerable endpoint is only available over the local VM interface as all external communication is blocked. This means an atta
GHSA
GHSA-j885-4693-cqgh: Windows Hyper-V Remote Code Execution Vulnerability
ghsa_unreviewed·2024-12-12
CVE-2024-49117 [HIGH] CWE-393 GHSA-j885-4693-cqgh: Windows Hyper-V Remote Code Execution Vulnerability
Windows Hyper-V Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
blogs_talos·2024-12-10·CVSS 8.4
CVE-2024-49112 [HIGH] Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-49112 is the most serious of this bunch, with a CVSS severity score of 9.8 out of 10. An attacker could exploit this vulnerability in Windows Lightweight Directory Access Protocol (LDAP) calls to execute arbitrary code within the context of the LDAP service. Additionally, CVE-2024-49124 and CVE-2024-49127 permit an unauthenticated attacker to send a specially crafted request to a vulnerable LDAP server, potentially executing the attacker's code if they succeed in a "race condition." Although the above
Qualys
Microsoft and Adobe Patch Tuesday, December 2024 Security Update Review
blogs_qualys·2024-12-10
Microsoft and Adobe Patch Tuesday, December 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for December 2024
Adobe Patches for December 2024
Zero-day Vulnerabilities Patched in December Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
Closing out 2024, Microsoft’s December Patch Tuesday highlights the importance of year-end maintenance with updates tackling critical vulnerabilities. As cyber threats remain persistent, these patches serve as a vital reminder of the ongoing need for
Talos
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
blogs_talos·2024-12-10·CVSS 8.4
CVE-2024-49112 [HIGH] Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
## Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-49112 is the most serious of this bunch, with a CVSS severity score of 9.8 out of 10. An attacker could exploit this vulnerability in Windows Lightweight Directory Access Protocol (LDAP) calls to execute arbitrary code within the context of the LDAP service. Additionally, CVE-2024-49124 and CVE-2024-49127 permit an unauthenticated attacker to send a specially crafted request to a vulnerable LDAP server, potentially exe
Bleepingcomputer
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
blogs_bleepingcomputer·2024-12-10·CVSS 7.8
[HIGH] Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
## Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
## Lawrence Abrams
27 Elevation of Privilege Vulnerabilities
30 Remote Code Execution Vulnerabilities
7 Information Disclosure Vulnerabilities
5 Denial of Service Vulnerabilities
1 Spoofing Vulnerabilities
This count does not include two Edge flaws that were previously fixed on December 5 and 6th.
To learn more about the non-security updates released today, you can review our dedicated articles on the Windows 11 KB5048667 & KB5048685 cumulative updates and the Windows 10 KB5048652 cumulative update .
## One actively exploited zero-day disclosed
This month's Patch Tuesday fixes one actively exploited, publicly disclosed zero-day vulnerability.
Microsoft classifies a zero-day flaw as one that is publicly
Qualys
Critical Microsoft Vulnerabilities Patched December 2024 | Qualys
blogs_qualys·2024-12-10
Critical Microsoft Vulnerabilities Patched December 2024 | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for December 2024
- Adobe Patches for December 2024
- Zero-day Vulnerabilities Patched in December Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in December Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
Closing out 2024, Microsoft’s December Patch Tuesday highlights the importance of year-end maintenance with updates tackling critical vulnerabilities. As cyber threats remain persistent, these patches serve as a vital reminder of the ong
Crowdstrike
December 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] December 2024 Patch Tuesday: Updates and Analysis
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How Charlotte AI AgentWorks Fuels Security's Agentic Ecosystem Mar 25, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand ATT&CK in 10 Minutes or Less [VI
2024-12-12
Published