CVE-2024-49115

CVSS 3.1 Score 8.1 of 10 (high)

Details

Published Dec 12, 2024
CWE ID 416
CWE ID 591

Summary

CVE-2024-49115 is a newly discovered vulnerability affecting Windows Remote Desktop Services. This issue allows an unauthenticated attacker to execute arbitrary code on a target system. The exploitation of this vulnerability can be achieved by sending a specially crafted RDP packet to the target's Remote Desktop gateway server. Successful exploitation could lead to a compromised system, allowing the attacker to install malware, steal sensitive data, or carry out other malicious activities. Organizations are urged to apply the Microsoft Security Bulletin MS23-073 patch as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft Windows Server

Affected Vendors

  • Microsoft