CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-49039

High Severity
Microsoft
SVRS
40/100
CVSSv3
8.8/10
EPSS
0.26845/1

CVE-2024-49039 is a critical Elevation of Privilege vulnerability affecting the Windows Task Scheduler. This flaw allows an attacker to gain higher-level access than intended on a compromised system, potentially leading to full control. While the CVSS score is 8.8, indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is 40, suggesting a moderate level of real-world risk despite active exploitation. Even though the SVRS score is not critical, the 'In The Wild' tag coupled with 'Exploit Available' indicates a real and present danger. This means attackers are actively using exploits targeting this vulnerability. Ignoring this vulnerability could enable attackers to escalate privileges and compromise your Windows systems. Immediate patching is strongly advised despite the moderate SVRS score to mitigate potential risk. The 'CISA KEV' tag further emphasizes the need for urgent attention.

TAGS
CISA KEV
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:L
AC:L
PR:L
UI:N
S:C
C:H
I:H
A:H
E:F
RL:O
RC:C
PUBLICATION DATE2024-11-12
LAST MODIFIED2025-01-30
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-49039 is an Elevation of Privilege vulnerability impacting the Windows Task Scheduler. This vulnerability allows attackers to gain elevated privileges on a vulnerable system. While the CVSS score is 8.8, the SOCRadar Vulnerability Risk Score (SVRS) is 46, indicating that while the vulnerability is serious, it may not be actively exploited by sophisticated threat actors at this time.

Key Insights

  • Exploit Availability: Active exploits have been published, meaning attackers can easily leverage this vulnerability.
  • "In the Wild" Exploitation: This vulnerability is being actively exploited by hackers.
  • CISA KEV: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a Known Exploited Vulnerability (KEV) for CVE-2024-49039, urging immediate mitigation measures.
  • Elevation of Privilege: The successful exploitation of this vulnerability could lead to attackers gaining administrative control over affected systems, allowing them to install malware, steal sensitive data, or disrupt operations.

Mitigation Strategies

  • Patching: Immediately apply the latest security patches released by Microsoft to address this vulnerability.
  • Network Segmentation: Implement network segmentation to restrict access to critical systems, limiting the potential impact of a successful exploit.
  • Application Whitelisting: Use application whitelisting to prevent the execution of unauthorized applications, which can help mitigate the risk of exploiting this vulnerability.
  • Multi-Factor Authentication (MFA): Enforce MFA for all administrative accounts to hinder unauthorized access even if credentials are compromised.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HOSTNAME
economistjournal.cloud2024-12-05
HOSTNAME
redjournal.cloud2024-12-05
HOSTNAME
economistjournal.cloud2024-12-05
HOSTNAME
redjournal.cloud2024-12-05
URL
https://fhlipzero.io/blogs/6_noVNC/noVNC.html2025-04-08
URL
https://ponderthebits.com/2018/02/windows-rdp-related-event-logs-identification-tracking-and-investigation/2025-04-08
URL
https://www.unicorn-engine.org/2025-04-08

Exploits

TitleSoftware LinkDate
Microsoft Windows Task Scheduler Privilege Escalation Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-490392024-11-12
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ISC StormCast for Wednesday, December 4th, 2024
Dr. Johannes B. Ullrich2024-12-04
ISC StormCast for Wednesday, December 4th, 2024 | Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Files in Word; Sat Receiver DDoS Agent; Veeam Vuln; CVE-2024-49039 PoC;Extracting Files Embedded Inside Word Documents https://isc.sans.edu/diary/Extracting%20Files%20Embedded%20Inside%20Word%20Documents/31486 Korea arrests CEO for adding DDoS feature to satellite receivers https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/ Veeam Vulnerabilities https://www.veeam.com/kb4679 WPTaskScheduler Presistence and
sans.edu
rss
forum
news
Micropatches Released for Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039)
Mitja Kolsek ([email protected])2025-04-01
Micropatches Released for Windows Task Scheduler Elevation of Privilege Vulnerability (CVE-2024-49039) | &nbsp; November 2024 Windows updates brought a fix for <a href="https://
blogspot.com
rss
forum
news
Exploits and vulnerabilities in Q4 2024
Alexander Kolesnikov2025-02-26
Exploits and vulnerabilities in Q4 2024 | This report provides statistics on vulnerabilities and exploits and discusses the most frequently exploited vulnerabilities in Q4 2024.Q4 2024 saw fewer published exploits for Windows and Linux compared to the first three quarters. Although the number of registered vulnerabilities continued to rise, the total number of Proof of Concept (PoC) instances decreased compared to 2023. Among notable techniques in Q4
securelist.com
rss
forum
news
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked - Help Net Security
2024-11-17
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked - Help Net Security | News Content: Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. Massive troves of Amazon, HSBC employee data leaked A threat actor who goes by the online
google.com
rss
forum
news
18th November – Threat Intelligence Report
[email protected]2025-02-01
18th November – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 11th November, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The FBI and CISA issued a joint statement detailing a major Chinese cyber-espionage campaign targeting U.S. telecommunications infrastructure, led by the APT group Salt Typhoon. This operation compromised networks to steal call [&#8230;] The post 18th November – Threat Intelligence Report appeared first on Check Point Research
checkpoint.com
rss
forum
news
2nd December – Threat Intelligence Report
[email protected]2025-02-01
2nd December – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 2nd December, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Supply chain software provider Blue Yonder was hit by a ransomware attack, disrupting services for clients like Starbucks and UK grocery chains Morrisons and Sainsbury&#8217;s. The incident affected operations such as employee [&#8230;] The post 2nd December – Threat Intelligence Report appeared first on Check Point
checkpoint.com
rss
forum
news
The November 2024 Security Update Review
Dustin Childs2025-02-01
The November 2024 Security Update Review | It’s not quite the holiday season, despite what some early decorators will have you believe. It is the second Tuesday of the month, and that means Adobe and Microsoft have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts.If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for November 2024<
zerodayinitiative.com
rss
forum
news

Social Media

Happy April Fool's Day! For anyone looking for in-the-wild samples for CVE-2024-9680 &amp; CVE-2024-49039 fullchain in Firefox, here is one of them(with some missing information): https://t.co/Mt9t0NFWxb
0
0
1
Files in Word; Sat Receiver DDoS Agent; Veeam Vuln; CVE-2024-49039 PoC; https://t.co/h8cH1CGets https://t.co/yaFgpD8y1C
0
0
0
Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group https://t.co/9cpo90n2Uc
0
0
0
Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group: https://t.co/8tHgOwa2Fr #vulnerability #exploit #poc #cybersecurity #informationsecurity #windows #zeroday
0
0
1
🗣 Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group https://t.co/v7Z7yrIn0I
0
0
0
Zero-Day Exploit Code Released for Windows Task Scheduler Flaw, Actively Exploited by RomCom Group A proof-of-concept (PoC) exploit code for CVE-2024-49039, a zero-day vulnerability in Windows Task Scheduler, has been publicly released https://t.co/I9V3UXhfJn
0
0
0
RomCom hackers exploit Firefox CVE-2024-9680 and Windows CVE-2024-49039 zero-day vulnerabilities to execute arbitrary code and install backdoors without user interaction. https://t.co/mDmm3KmWob https://t.co/4T8VA9WxIo
0
0
0
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) &amp; Windows (CVE-2024-49039) with No User Interaction Delve into the details of RomCom's sophisticated cyberattack, exploiting zero-day vulnerabilities in Firefox and Windows. https://t.co/Gy6CLvJMTv
0
2
6
RomCom Exploits Zero-Days in Firefox (CVE-2024-9680) &amp; Windows (CVE-2024-49039) with No User Interaction https://t.co/aS7VFhaQmx
0
0
0
Continuing communication with Mozilla regarding this issue converged on the same conclusion and confirmed the sandbox escape. The Mozilla team advised us that they reported the issue to @msftsecresponse who acknowledged and assigned it #CVE-2024-49039. 5/7
1
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039
WINDOWS TASK SCHEDULER ELEVATION OF PRIVILEGE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49039

CWE Details

CWE IDCWE NameDescription
CWE-287Improper AuthenticationWhen an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence