Multiple vulnerabilities in Microsoft Windows Remote Desktop Services
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2024-49123 CVE-2024-49116 CVE-2024-49119 CVE-2024-49075 CVE-2024-49120 CVE-2024-49108 CVE-2024-49106 CVE-2024-49115 CVE-2024-49132 CVE-2024-49128 |
| CWE-ID | CWE-591 CWE-416 CWE-843 CWE-400 CWE-453 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Windows Operating systems & Components / Operating system Windows Server Operating systems & Components / Operating system |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Sensitive Data Storage in Improperly Locked Memory
EUVDB-ID: #VU101402
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49123
CWE-ID:
CWE-591 - Sensitive Data Storage in Improperly Locked Memory
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to sensitive data storage in improperly locked memory in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before
Windows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49123
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Use-after-free
EUVDB-ID: #VU101411
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49116
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49116
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Type Confusion
EUVDB-ID: #VU101410
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49119
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49119
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Resource exhaustion
EUVDB-ID: #VU101409
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-49075
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in Windows Remote Desktop Services. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before
Windows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49075
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Insecure Default Variable Initialization
EUVDB-ID: #VU101408
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49120
CWE-ID:
CWE-453 - Insecure Default Variable Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to insecure default variable initialization in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49120
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Sensitive Data Storage in Improperly Locked Memory
EUVDB-ID: #VU101407
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49108
CWE-ID:
CWE-591 - Sensitive Data Storage in Improperly Locked Memory
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to sensitive data storage in improperly locked memory in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49108
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Sensitive Data Storage in Improperly Locked Memory
EUVDB-ID: #VU101406
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49106
CWE-ID:
CWE-591 - Sensitive Data Storage in Improperly Locked Memory
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to sensitive data storage in improperly locked memory in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49106
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Sensitive Data Storage in Improperly Locked Memory
EUVDB-ID: #VU101405
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49115
CWE-ID:
CWE-591 - Sensitive Data Storage in Improperly Locked Memory
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to sensitive data storage in improperly locked memory in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49115
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Sensitive Data Storage in Improperly Locked Memory
EUVDB-ID: #VU101404
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49132
CWE-ID:
CWE-591 - Sensitive Data Storage in Improperly Locked Memory
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to sensitive data storage in improperly locked memory in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows: before
Windows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49132
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Sensitive Data Storage in Improperly Locked Memory
EUVDB-ID: #VU101403
Risk: High
CVSSv4.0: 7.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-49128
CWE-ID:
CWE-591 - Sensitive Data Storage in Improperly Locked Memory
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to sensitive data storage in improperly locked memory in Windows Remote Desktop Services. A remote attacker can cause a race condition and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsWindows Server: before
CPE2.3 External linkshttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-49128
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
