CVE-2024-49116

Windows Remote Desktop Services Remote Code Execution Vulnerability

CVSS v3 8.1 HIGH

8.1^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:microsoft:windows_server_2016::::::::
	cpe:2.3:o:microsoft:windows_server_2019::::::::
	cpe:2.3:o:microsoft:windows_server_2022::::::::
	cpe:2.3:o:microsoft:windows_server_2022_23h2::::::::
	cpe:2.3:o:microsoft:windows_server_2025::::::::

History

14 Jan 2025, 17:53

Type	Values Removed	Values Added
CPE		cpe:2.3:o:microsoft:windows_server_2022_23h2:::::::: cpe:2.3:o:microsoft:windows_server_2025:::::::: cpe:2.3:o:microsoft:windows_server_2019:::::::: cpe:2.3:o:microsoft:windows_server_2022:::::::: cpe:2.3:o:microsoft:windows_server_2016::::::::
CWE		CWE-362
References	~~() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116 -~~	() https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49116 - Vendor Advisory
First Time		Microsoft windows Server 2025 Microsoft windows Server 2022 Microsoft Microsoft windows Server 2016 Microsoft windows Server 2019 Microsoft windows Server 2022 23h2

12 Dec 2024, 02:04

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-12 02:04

Updated : 2025-01-14 17:53

NVD link : CVE-2024-49116

Mitre link : CVE-2024-49116

CVE.ORG link : CVE-2024-49116

JSON object : View

Products Affected

microsoft

windows_server_2019
windows_server_2016
windows_server_2022
windows_server_2022_23h2
windows_server_2025

CWE

CWE-416

Use After Free

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

8.1 /10