CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-49119

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
8.1/10
EPSS
0.00354/1

CVE-2024-49119 is a Remote Code Execution vulnerability in Windows Remote Desktop Services. This flaw allows attackers to execute arbitrary code on vulnerable systems. Despite a CVSS score of 8.1, SOCRadar's Vulnerability Risk Score (SVRS) is 30, indicating a lower level of active exploitation or immediate threat compared to vulnerabilities with SVRS scores above 80. However, the presence of the 'In The Wild' tag should be a caution. Successful exploitation could lead to complete system compromise, data breaches, and unauthorized access. It is still important to apply the vendor-supplied patch as soon as possible to mitigate the risk of potential exploitation, especially given the known attack vector via Remote Desktop Services, a common target. Remediation actions need to be prioritized based on your environment and threat landscape.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-12-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-49119 is a newly disclosed vulnerability with a current SVRS score of 30, indicating a moderate risk. While the detailed description is not yet available, the "In The Wild" tag suggests this vulnerability is actively being exploited by hackers. This makes it crucial to understand and address the potential threats associated with this CVE.

Key Insights

  • Active Exploitation: This vulnerability is being used in real-world attacks, highlighting the immediate need for mitigation actions.
  • Limited Information: The lack of a detailed description emphasizes the need for proactive monitoring and threat intelligence gathering to gain further understanding of the vulnerability's impact.
  • Potential for High Impact: Despite a moderate SVRS score, the vulnerability's active exploitation indicates a potential for high impact. Organizations should prioritize understanding the implications of this CVE for their specific systems.

Mitigation Strategies

  • Implement a Vulnerability Scanning and Patching Program: Proactively identify and patch vulnerable systems and applications, prioritizing those deemed critical for your organization.
  • Strengthen Security Posture: Review and enhance your security posture by implementing robust security practices, including multi-factor authentication, strong password policies, and endpoint security solutions.
  • Monitor Network Traffic: Actively monitor network traffic for signs of malicious activity related to this CVE. This includes analyzing suspicious connections and potential exploitation attempts.
  • Threat Intelligence Gathering: Leverage threat intelligence feeds and security advisories to stay informed about the latest information regarding this CVE and potential attack vectors.

Additional Information

If you have additional queries regarding this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The December 2024 Security Update Review
Dustin Childs2025-02-01
The December 2024 Security Update Review | We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for December 2024</strong
zerodayinitiative.com
rss
forum
news
Hackers Scanning RDP Services Especially Port 1098 For Exploitation
Guru Baran2024-12-14
Hackers Scanning RDP Services Especially Port 1098 For Exploitation | There is a significant surge in scanning activities targeting Remote Desktop Protocol (RDP) services, with a particular focus on port 1098/TCP. Over the past two weeks, honeypot sensors have detected an alarming increase in these scans, with up to 740,000 distinct source IP addresses daily, including a staggering 405,000 originating from Brazil, Shadowserver Foundation observed. [&#8230;] The post Hackers Scanning RDP Services Especially Port 1098 For Exploitation appeared
cybersecuritynews.com
rss
forum
news
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138)
Tenable Security Response Team2024-12-11
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) | 16Critical 54Important 0Moderate 0Low
securityboulevard.com
rss
forum
news
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
Cisco Talos2024-12-10
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities | The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as &#x201c;critical.&#x201d; The remaining vulnerabilities listed are classified as &#x201c;important.&#x201d;&#xa0;Microsoft assessed that exploitation of the four &#x201c;
feedburner.com
rss
forum
news
Patch Tuesday - December 2024
Adam Barnett2024-12-10
Patch Tuesday - December 2024 | 1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row
rapid7.com
rss
forum
news
1.787
2024-12-10
1.787 | Newly Added (137)Zoom Desktop Client CVE-2022-28755 Input Validation Bypass VulnerabilityIrfanView CVE-2024-11529 Out of Bounds Read VulnerabilityIrfanView CVE-2024-11513 Buffer Overflow VulnerabilityIrfanView CVE-2024
fortiguard.com
rss
forum
news
CVE-2024-49119 | Microsoft Windows Remote Desktop Services type confusion
vuldb.com2024-12-10
CVE-2024-49119 | Microsoft Windows Remote Desktop Services type confusion | A vulnerability, which was classified as critical, has been found in Microsoft Windows Server 2016/Server 2019/Server 2022/Server 2022 23H2/Server 2025. Affected by this issue is some unknown functionality of the component Remote Desktop Services. The manipulation leads to type confusion. This vulnerability is handled as CVE-2024-49119. The attack may be launched remotely
vuldb.com
rss
forum
news

Social Media

🚨 A critical security flaw, CVE-2024-49119, has been discovered in Windows Remote Desktop Services. It allows attackers to execute arbitrary code and take over systems without authentication. This can lead to severe consequences, including data theft and system disruptions.
1
0
0
Make sure to limit unnecessary exposure of RDP and enable MFA. Note recent MS patch Tuesday had multiple fixes for RDP vulnerabilities: CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123, CVE-2024-49132, CVE-2024-49116, CVE-2024-49128
1
0
1

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49119
WINDOWS REMOTE DESKTOP SERVICES REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49119
WINDOWS REMOTE DESKTOP SERVICES REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49119

CWE Details

CWE IDCWE NameDescription
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CWE-843Access of Resource Using Incompatible Type ('Type Confusion')The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence