CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-43582

Medium Severity
Microsoft
SVRS
36/100
CVSSv3
8.1/10
EPSS
0.08872/1

CVE-2024-43582 is a Remote Code Execution vulnerability affecting Remote Desktop Protocol (RDP) Servers. An attacker could exploit this flaw to execute arbitrary code on the target system.

This RDP vulnerability can allow unauthorized access and control. Although the CVSS score is 8.1, the SOCRadar Vulnerability Risk Score (SVRS) is 36, indicating a lower immediate risk compared to vulnerabilities with SVRS scores above 80. However, given the 'In The Wild' tag, active exploitation is occurring. Mitigation is still important and should be prioritized based on your specific risk profile and system exposure. Successful exploitation could lead to data breaches, system compromise, and denial of service. Addressing CWE-416 (Use After Free) vulnerabilities like this is vital for maintaining system integrity and preventing malicious activities.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2024-10-08
LAST MODIFIED2025-01-29
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-43582 is a remote code execution vulnerability in the Remote Desktop Protocol (RDP) server. This vulnerability allows an unauthenticated attacker to execute arbitrary code on a target system by sending a specially crafted RDP packet. The CVSS score of 8.1 indicates a high severity, while the SVRS of 40 suggests a moderate risk.

Key Insights

  • Remote Exploitation: This vulnerability can be exploited remotely, allowing attackers to target systems without physical access.
  • Unrestricted Access: The vulnerability does not require authentication, making it easier for attackers to exploit.
  • Critical Impact: Successful exploitation could allow attackers to gain complete control of the target system, including access to sensitive data and system resources.

Mitigation Strategies

  • Apply Software Updates: Install the latest security updates from Microsoft to patch the vulnerability.
  • Disable RDP: If RDP is not essential, disable it to reduce the attack surface.
  • Use Strong Passwords: Implement strong passwords for RDP accounts to prevent unauthorized access.
  • Enable Network Level Authentication: Configure RDP to require network level authentication for added security.

Additional Information

  • Threat Actors/APT Groups: No specific threat actors or APT groups have been identified as actively exploiting this vulnerability.
  • Exploit Status: Active exploits have been published.
  • CISA Warnings: The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • In the Wild: The vulnerability is actively exploited by hackers.

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

14th October – Threat Intelligence Report
lorenf2024-12-02
14th October – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 14th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Nonprofit healthcare organization Axis Health System has been hit by a ransomware attack by the Rhysida gang, leading to the theft of sensitive data, including mental health and substance abuse records. Rhysida [&#8230;] The post 14th October – Threat Intelligence Report appeared first on Check Point Research<
checkpoint.com
rss
forum
news
The October 2024 Security Update Review
Dustin Childs2024-12-02
The October 2024 Security Update Review | It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for
zerodayinitiative.com
rss
forum
news
Tripwire Patch Priority Index for October 2024 - tripwire.com
2024-11-05
Tripwire Patch Priority Index for October 2024 - tripwire.com | Description: Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. | News Content: Image Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Edge, Office, Excel, and Visio that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These
google.com
rss
forum
news
14th October – Threat Intelligence Report - Check Point Research
2024-10-14
14th October – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 14th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Nonprofit healthcare organization Axis Health System has been hit by a ransomware attack by the Rhysida gang, leading to the theft of sensitive data, including mental health and substance abuse records. Rhysida is demanding $1.5 million and has threatened to publish the data in six days if unpaid. The gang has also begun leaking 102GB of data from Golden Age Nursing Home, including over 35K files, which
google.com
rss
forum
news
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
Jonathan Munshaw2024-10-08
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities | The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.The largest Microsoft Patch Tuesday since July includes two vulnerabilities that have been exploited in the wild and three other critical issues across the company&#x2019;s range of hardware and software offerings.&#xa0;&#xa0;
cve-2024-43572
cve-2024-43560
cve-2024-43573
cve-2024-43581
Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited - CSO Online
2024-10-09
Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited - CSO Online | News Content: Patch Tuesday update addresses five zero days, with eight other vulnerabilities likely to be exploited within weeks. Credit: Shutterstock The drama of Patch Tuesday often revolves around zero days, which in October’s haul of 117 vulnerabilities brings patch managers a total of five that have been publicly disclosed. Of those, Microsoft said that two are being actively exploited. The first is CVE-2024-43573, intriguingly a spoofing flaw in the Windows MSHTML component. If this doesn’t ring any bells, MSHTML
cves
google.com
rss
forum
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild - The Hacker News
2024-10-09
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild - The Hacker News | News Content: Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month. Five of the vulnerabilities are listed as publicly known at
google.com
rss
forum
news

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582
REMOTE DESKTOP PROTOCOL SERVER REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43582

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence