CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-43583

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
NA/10
EPSS
0.08081/1

CVE-2024-43583 is a Winlogon Elevation of Privilege Vulnerability, potentially allowing attackers to gain higher-level system access. The vulnerability, though it has a CVSS score of 0, has active exploits available, necessitating careful monitoring. SOCRadar's Vulnerability Risk Score (SVRS) for CVE-2024-43583 is 30, suggesting a moderate risk level that should be investigated, despite the low CVSS score. This means while the intrinsic characteristics might not seem severe, real-world exploitability exists. Successful exploitation could lead to unauthorized access and control over affected systems. Organizations should review vendor advisories and apply appropriate mitigations to reduce the risk associated with this elevation of privilege vulnerability. This is significant due to the potential for attackers to escalate privileges and compromise the entire system.

TAGS
Vendor-advisory
In The Wild
Exploit Avaliable
VECTOR STRING
PUBLICATION DATE2024-10-08
LAST MODIFIED2025-02-25
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-43583 is a Winlogon Elevation of Privilege Vulnerability that allows an attacker to gain elevated privileges on a target system. The vulnerability exists in the way that Winlogon handles certain privileged operations. An attacker could exploit this vulnerability by sending a specially crafted message to a vulnerable system. This could allow the attacker to gain elevated privileges on the target system.

Key Insights

  • The CVSS score of 7.8 indicates that this vulnerability is considered high severity.
  • The SVRS score of 0 indicates that this vulnerability is not currently being actively exploited.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning about this vulnerability.
  • There are no known active exploits for this vulnerability.

Mitigation Strategies

  • Apply the latest security updates from Microsoft.
  • Disable unnecessary services and ports.
  • Use a firewall to block unauthorized access to the system.
  • Implement strong password policies.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
Kvngtheta/CVE-2024-43583-PoChttps://github.com/Kvngtheta/CVE-2024-43583-PoC2025-02-21
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The October 2024 Security Update Review
Dustin Childs2024-12-02
The October 2024 Security Update Review | It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for
zerodayinitiative.com
rss
forum
news
Tripwire Patch Priority Index for October 2024 - tripwire.com
2024-11-05
Tripwire Patch Priority Index for October 2024 - tripwire.com | Description: Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. | News Content: Image Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Edge, Office, Excel, and Visio that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These
google.com
rss
forum
news
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities
Jonathan Munshaw2024-10-08
Largest Patch Tuesday since July includes two exploited in the wild, three critical vulnerabilities | The two vulnerabilities that Microsoft reports have been actively exploited in the wild and are publicly known are both rated as only being of “moderate” severity.The largest Microsoft Patch Tuesday since July includes two vulnerabilities that have been exploited in the wild and three other critical issues across the company’s range of hardware and software offerings.  
cve-2024-43572
cve-2024-43560
cve-2024-43573
cve-2024-43581
Actively exploited Microsoft Management Console bug fixed in October Patch Tuesday - scworld.com
2024-10-09
Actively exploited Microsoft Management Console bug fixed in October Patch Tuesday - scworld.com | News Content: Organizations were alerted by Microsoft regarding ongoing attacks involving the exploitation of a high-severity Microsoft Management Console remote code execution zero-day, tracked as CVE-2024-43572, which is among the nearly 120 security issues addressed by the firm as part of this month's Patch Tuesday, SecurityWeek reports. While Microsoft noted Windows systems being targeted with RCE using the flaw, no indicators of compromise or telemetry information regarding the issue have been provided. Other vulnerabilities fixed by Microsoft include critical RCE bugs in the
google.com
rss
forum
news
Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited - CSO Online
2024-10-09
Microsoft October update patches two zero-day vulnerabilities it says are being actively exploited - CSO Online | News Content: Patch Tuesday update addresses five zero days, with eight other vulnerabilities likely to be exploited within weeks. Credit: Shutterstock The drama of Patch Tuesday often revolves around zero days, which in October’s haul of 117 vulnerabilities brings patch managers a total of five that have been publicly disclosed. Of those, Microsoft said that two are being actively exploited. The first is CVE-2024-43573, intriguingly a spoofing flaw in the Windows MSHTML component. If this doesn’t ring any bells, MSHTML
cves
google.com
rss
forum
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild - The Hacker News
2024-10-09
Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild - The Hacker News | News Content: Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based Edge browser over the past month. Five of the vulnerabilities are listed as publicly known at
google.com
rss
forum
news
Patch Tuesday - October 2024
Adam Barnett2024-10-08
Patch Tuesday - October 2024 | 5 zero-days. Configuration Manager pre-auth RCE. RDP RPC pre-auth RPC. Winlogon EoP. Hyper-V container escape. curl o-day RCE late patch. Management console zero-day RCE. Windows 11 lifecycle changes.Microsoft is addressing 118 vulnerabilities this October 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for five of the vulnerabilities published today, although it does not rate any of these as
cve-2024-43583
cve-2024-43590
cve-2024-43520
cve-2024-43546

Social Media

No tweets found for this CVE

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2008
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_11_24h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583
WINLOGON ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583
134C704F-9B21-4F2E-91B3-4A467353BCC0https://github.com/Kvngtheta/CVE-2024-43583-PoC/blob/main/poc-43583.py
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43583

CWE Details

CWE IDCWE NameDescription
CWE-250Execution with Unnecessary PrivilegesThe software performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence