CVE-2024-26190

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Mar 12, 2024
Updated: Dec 27, 2024
CWE ID 400

Summary

CVE-2024-26190 is a newly disclosed denial-of-service (DoS) vulnerability affecting Microsoft's QUIC implementation. This issue can be exploited by sending specifically crafted packets to a target system, resulting in a memory consumption issue and subsequent service crash. An attacker can leverage this vulnerability to cause significant disruption to QUIC-enabled services, potentially leading to extended downtime and user experience degradation. Microsoft has released a patch to address this issue, and it is strongly recommended that affected systems be updated promptly to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Windows Server 2022
  • Windows 11 21H2
  • Microsoft Windows 11 22h2
  • Microsoft Visual Studio 2022
  • Microsoft Windows 11 23h2

Affected Vendors

  • Microsoft