CVE-2024-43572

Опубликовано: 08 окт. 2024

Источник: msrc

CVSS3: 7.8

EPSS Средний

Описание

Microsoft Management Console Remote Code Execution Vulnerability

FAQ

What does the security update provide to mitigate the risks associated with this vulnerability?

The security update will prevent untrusted Microsoft Saved Console (MSC) files from being opened to protect customers against the risks associated with this vulnerability.

According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally.

For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5044320 5044306	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5044320 5044306	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5044320 5044306	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5044356 5044321	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5044356 5044321	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5044320 5044306	Monthly Rollup Security Only
Windows Server 2012	5044342	Monthly Rollup
Windows Server 2012 (Server Core installation)	5044342	Monthly Rollup
Windows Server 2012 R2	5044343	Monthly Rollup
Windows Server 2012 R2 (Server Core installation)	5044343	Monthly Rollup

Показывать по

Возможность эксплуатации

Publicly Disclosed

Yes

Exploited

Yes

Latest Software Release

Exploitation Detected

DOS

N/A

EPSS

Процентиль: 99%

0.68639

Средний

7.8 High

CVSS3

Связанные уязвимости

CVE-2024-43572

CVSS3: 7.8

nvd

8 месяцев назад

Microsoft Management Console Remote Code Execution Vulnerability

GHSA-vw7j-3h6f-xqvx

CVSS3: 7.8

github

8 месяцев назад

Microsoft Management Console Remote Code Execution Vulnerability

BDU:2024-07877

CVSS3: 7.8

fstec

8 месяцев назад

Уязвимость консоли управления операционных систем Microsoft Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 99%

0.68639

Средний

7.8 High

CVSS3