CVE-2024-49128 — Use After Free in Microsoft Windows Server 2012

Severity

8.1HIGHNVD

EPSS

0.3%

top 48.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 12

Description

Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

▶NVDmicrosoft/windows< 10.0.14393.7606+5

▶CVEListV5microsoft/windows_server_20126.2.9200.0 — 6.2.9200.25475

▶CVEListV5microsoft/windows_server_201610.0.14393.0 — 10.0.14393.8066

▶CVEListV5microsoft/windows_server_201910.0.17763.0 — 10.0.17763.7314

▶CVEListV5microsoft/windows_server_202210.0.20348.0 — 10.0.20348.3692

GHSA

GHSA-h49r-vq54-f89j: Windows Remote Desktop Services Remote Code Execution Vulnerability↗2024-12-12

▶

Microsoft

Windows Remote Desktop Services Remote Code Execution Vulnerability↗2024-12-10

▶

Tenable

Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138)↗2024-12-10

▶

Talos

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities↗2024-12-10

▶

Qualys

Microsoft and Adobe Patch Tuesday, December 2024 Security Update Review↗2024-12-10

▶

Talos

Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities↗2024-12-10

▶

Bleepingcomputer

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws↗2024-12-10

▶