CVE-2024-26190
CVSS 3.1 Score 7.5 of 10 (high)
Details
Summary
CVE-2024-26190 is a newly disclosed denial-of-service (DoS) vulnerability affecting Microsoft's QUIC implementation. This issue can be exploited by sending specifically crafted packets to a target system, resulting in a memory consumption issue and subsequent service crash. An attacker can leverage this vulnerability to cause significant disruption to QUIC-enabled services, potentially leading to extended downtime and user experience degradation. Microsoft has released a patch to address this issue, and it is strongly recommended that affected systems be updated promptly to mitigate the risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Windows Server 2022
- Windows 11 21H2
- Microsoft Windows 11 22h2
- Microsoft Visual Studio 2022
- Microsoft Windows 11 23h2
Affected Vendors
- Microsoft