CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-49128

Medium Severity
Microsoft
SVRS
36/100
CVSSv3
8.1/10
EPSS
0.00391/1

CVE-2024-49128 is a Remote Code Execution vulnerability affecting Windows Remote Desktop Services. An attacker could exploit this vulnerability to execute arbitrary code on a target system. Despite a CVSS score of 8.1, the SOCRadar Vulnerability Risk Score (SVRS) is 36, suggesting a relatively lower immediate threat level despite being tagged "In The Wild". This discrepancy indicates that while technically severe, the current exploit activity or availability may be limited. The vulnerability, categorized under CWE-591 (Improper Isolation of Resources), highlights risks from inadequate resource management within the RDP service. Successful exploitation could lead to complete system compromise, data theft, or disruption of services. Organizations should still monitor this vulnerability closely and apply relevant patches promptly, following vendor-advisory instructions, to mitigate potential future risks.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:H
PR:N
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-12-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-49128 is a vulnerability with an unknown description at this time. However, the SOCRadar Vulnerability Risk Score (SVRS) is currently at 30, which indicates a moderate risk level. The vulnerability has been tagged as "In The Wild", meaning that it is actively exploited by hackers.

Key Insights

  1. Active Exploitation: The "In The Wild" tag signifies that attackers are actively exploiting CVE-2024-49128. This implies a high likelihood of successful attacks and emphasizes the urgency of addressing the vulnerability.
  2. Unknown Description: The lack of a description for CVE-2024-49128 highlights the critical need for immediate investigation. Understanding the vulnerability's nature and scope is essential for implementing effective mitigation strategies.
  3. Moderate SVRS: While the SVRS of 30 is not considered critical, the "In The Wild" status elevates the vulnerability's risk considerably. It suggests that even moderate vulnerabilities can be exploited for significant damage.
  4. Uncertain Impact: The unknown description limits our understanding of the potential impact of CVE-2024-49128. As such, it is crucial to proactively prioritize mitigation efforts to minimize the potential consequences.

Mitigation Strategies

  1. Immediate Investigation: Initiate a comprehensive investigation to identify the specific vulnerabilities associated with CVE-2024-49128 and understand the potential impact.
  2. Patching & Updates: Prioritize patching and updating systems and applications affected by the vulnerability as soon as possible. This includes reviewing patch notes for CVE-2024-49128 and implementing appropriate updates.
  3. Network Segmentation: Employ network segmentation to isolate sensitive systems and data. This helps limit the spread of potential exploits if a breach occurs.
  4. Threat Intelligence Monitoring: Implement robust threat intelligence monitoring and analysis to stay informed of evolving threat landscape and identify potential attacks related to CVE-2024-49128.

Additional Information

For further information and updates regarding CVE-2024-49128, users can leverage the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The December 2024 Security Update Review
Dustin Childs2025-02-01
The December 2024 Security Update Review | We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for December 2024</strong
zerodayinitiative.com
rss
forum
news
Hackers Scanning RDP Services Especially Port 1098 For Exploitation
Guru Baran2024-12-14
Hackers Scanning RDP Services Especially Port 1098 For Exploitation | There is a significant surge in scanning activities targeting Remote Desktop Protocol (RDP) services, with a particular focus on port 1098/TCP. Over the past two weeks, honeypot sensors have detected an alarming increase in these scans, with up to 740,000 distinct source IP addresses daily, including a staggering 405,000 originating from Brazil, Shadowserver Foundation observed. [&#8230;] The post Hackers Scanning RDP Services Especially Port 1098 For Exploitation appeared
cybersecuritynews.com
rss
forum
news
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138)
Tenable Security Response Team2024-12-11
Microsoft’s December 2024 Patch Tuesday Addresses 70 CVEs (CVE-2024-49138) | 16Critical 54Important 0Moderate 0Low
securityboulevard.com
rss
forum
news
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities
Cisco Talos2024-12-10
Microsoft Patch Tuesday for December 2024 contains four critical vulnerabilities | The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as &#x201c;critical.&#x201d; The remaining vulnerabilities listed are classified as &#x201c;important.&#x201d;&#xa0;Microsoft assessed that exploitation of the four &#x201c;
feedburner.com
rss
forum
news
Patch Tuesday - December 2024
Adam Barnett2024-12-10
Patch Tuesday - December 2024 | 1 zero-day. CLFS EoP. 16 critical RCEs. Hyper-V container escape. Multiple Remote Desktop Services RCE.Microsoft is addressing 70 vulnerabilities this December 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and public disclosure for one of the vulnerabilities published today, and this is reflected in a CISA KEV entry. For the third month in a row
rapid7.com
rss
forum
news
1.787
2024-12-10
1.787 | Newly Added (137)Zoom Desktop Client CVE-2022-28755 Input Validation Bypass VulnerabilityIrfanView CVE-2024-11529 Out of Bounds Read VulnerabilityIrfanView CVE-2024-11513 Buffer Overflow VulnerabilityIrfanView CVE-2024
fortiguard.com
rss
forum
news
CVE-2024-49128 | Microsoft Windows Server 2012 up to Server 2022 23H2 Remote Desktop Services use after free
vuldb.com2024-12-10
CVE-2024-49128 | Microsoft Windows Server 2012 up to Server 2022 23H2 Remote Desktop Services use after free | A vulnerability, which was classified as critical, has been found in Microsoft Windows Server 2012 up to Server 2022 23H2. This issue affects some unknown processing of the component Remote Desktop Services. The manipulation leads to use after free. The identification of this vulnerability is CVE-2024-49128<
vuldb.com
rss
forum
news

Social Media

We released a demo video for the CVE-2024-49128 Windows Remote Desktop Services RCE Vulnerability, patched by Microsoft in December 2024. Watch the video and subscribe to our private vulnerability PoC and detailed report service at https://t.co/lv6J3q3DX1. https://t.co/N7yv59DUP6
0
0
1
Make sure to limit unnecessary exposure of RDP and enable MFA. Note recent MS patch Tuesday had multiple fixes for RDP vulnerabilities: CVE-2024-49106, CVE-2024-49108, CVE-2024-49115, CVE-2024-49119, CVE-2024-49120, CVE-2024-49123, CVE-2024-49132, CVE-2024-49116, CVE-2024-49128
1
0
1

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128
WINDOWS REMOTE DESKTOP SERVICES REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128
WINDOWS REMOTE DESKTOP SERVICES REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49128

CWE Details

CWE IDCWE NameDescription
CWE-416Use After FreeReferencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CWE-591Sensitive Data Storage in Improperly Locked MemoryThe application stores sensitive data in memory that is not locked, or that has been incorrectly locked, which might cause the memory to be written to swap files on disk by the virtual memory manager. This can make the data more accessible to external actors.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence