CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-49108

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
8.1/10
EPSS
0.00277/1

CVE-2024-49108 is a Windows Remote Desktop Services Remote Code Execution Vulnerability allowing attackers to execute arbitrary code. It is critical for organizations using affected Windows systems to take preventative measures. While the CVSS score is 8.1 indicating high severity, the SOCRadar Vulnerability Risk Score (SVRS) is only 30, suggesting that the immediate risk, considering exploit availability and threat actor interest at the moment, is relatively lower compared to other vulnerabilities. This vulnerability can be triggered remotely, potentially leading to a complete system compromise if successfully exploited. Systems exposed directly to the internet via Remote Desktop are at the highest risk. Although currently rated as lower risk by SOCRadar, organizations should monitor threat intelligence for any changes, as the vulnerability is tagged "In The Wild", indicating active exploitation is occurring. Patching the affected Windows systems should be prioritized during the next maintenance window.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-12-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-49108 is a recently discovered vulnerability that currently lacks a detailed description. However, the SOCRadar Vulnerability Risk Score (SVRS) has assessed it with a score of 30, indicating a moderate risk level that requires attention and mitigation. This is despite the CVSS currently being 0. This means that while a detailed description of the vulnerability is still pending, SOCRadar's assessment has identified potential risks based on its unique approach of analyzing various intelligence sources, including social media, news, code repositories, and dark/deep web data.

Key Insights

  • Limited Public Information: While the CVE description is currently unavailable, the SVRS score of 30 suggests that the vulnerability may pose significant risks to organizations.
  • Active Exploitation: The "In The Wild" tag associated with this CVE indicates that the vulnerability is being actively exploited by attackers. This underscores the urgency to address the vulnerability and implement necessary safeguards.
  • Potential for Wider Impact: Due to the lack of detailed information, the vulnerability's impact could be wider than initially understood.
  • SOCRadar's SVRS Significance: The SVRS score highlights the importance of proactive threat analysis and the value of integrating various intelligence sources beyond traditional CVSS scores.

Mitigation Strategies

  1. Immediate Patching: Prioritize patching all systems affected by this vulnerability once detailed information is available.
  2. Security Monitoring: Enhance security monitoring to proactively detect any suspicious activity related to the vulnerability. This includes network traffic analysis, log reviews, and intrusion detection systems.
  3. Network Segmentation: Implement network segmentation to limit the potential impact of the vulnerability by isolating critical systems.
  4. Employee Training: Educate employees about the risks associated with this vulnerability and the importance of adhering to security best practices.

Additional Information: If you have additional queries regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The December 2024 Security Update Review
Dustin Childs2025-02-01
The December 2024 Security Update Review | We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for December 2024</strong
zerodayinitiative.com
rss
forum
news
Hackers Scanning RDP Services Especially Port 1098 For Exploitation
Guru Baran2024-12-14
Hackers Scanning RDP Services Especially Port 1098 For Exploitation | There is a significant surge in scanning activities targeting Remote Desktop Protocol (RDP) services, with a particular focus on port 1098/TCP. Over the past two weeks, honeypot sensors have detected an alarming increase in these scans, with up to 740,000 distinct source IP addresses daily, including a staggering 405,000 originating from Brazil, Shadowserver Foundation observed. [&#8230;] The post Hackers Scanning RDP Services Especially Port 1098 For Exploitation appeared
cybersecuritynews.com
rss
forum
news
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138)
Tenable Security Response Team2024-12-11
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) | 16Critical 54Important 0Moderate 0Low
securityboulevard.com
rss
forum
news
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
Cisco Talos2024-12-10
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities | The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as &#x201c;critical.&#x201d; The remaining vulnerabilities listed are classified as &#x201c;important.&#x201d;&#xa0;Microsoft assessed that exploitation of the four &#x201c;
feedburner.com
rss
forum
news
Patch Tuesday - December 2024
Adam Barnett2024-12-10
Patch Tuesday - December 2024 | 1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row
rapid7.com
rss
forum
news
1.787
2024-12-10
1.787 | Newly Added (137)Zoom Desktop Client CVE-2022-28755 Input Validation Bypass VulnerabilityIrfanView CVE-2024-11529 Out of Bounds Read VulnerabilityIrfanView CVE-2024-11513 Buffer Overflow VulnerabilityIrfanView CVE-2024
fortiguard.com
rss
forum
news
CVE-2024-49108 | Microsoft Windows Remote Desktop Services use after free
vuldb.com2024-12-10
CVE-2024-49108 | Microsoft Windows Remote Desktop Services use after free | A vulnerability classified as critical has been found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 2022 23H2/Server 2025. This affects an unknown part of the component Remote Desktop Services. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2024-49108. It is possible to initiate the attack remotely
vuldb.com
rss
forum
news

Social Media

Make sure to limit unnecessary exposure of RDP and enable MFA. Note recent MS patch Tuesday had multiple fixes for RDP vulnerabilities: CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123, CVE-2024-49132, CVE-2024-49116, CVE-2024-49128
1
0
1

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108
WINDOWS REMOTE DESKTOP SERVICES REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108
WINDOWS REMOTE DESKTOP SERVICES REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49108

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CWE-591Sensitive Data Storage in Improperly Locked MemoryThe application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence