CVE-2024-49116: Windows Remote Desktop Services Remote Code Execution Vulnerability

Overview

Severity

High (CVSS 8.1)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Dec

Released

2024-12-10

Last Updated

2025-03-11

EPSS Score

3.91% (percentile: 88.3%)

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code.

Affected Products (9)

Windows

• Windows Server 2019
• Windows Server 2019 (Server Core installation)
• Windows Server 2022
• Windows Server 2022 (Server Core installation)
• Windows Server 2025 (Server Core installation)
• Windows Server 2022, 23H2 Edition (Server Core installation)
• Windows Server 2025
• Windows Server 2016
• Windows Server 2016 (Server Core installation)

Security Updates (7)

• 5053596
• 5048654
• 5048800
• 5048667
• 5048794
• 5048653
• 5053594

Acknowledgments

<p>ʌ!ↄ⊥ojv with Kunlun Lab</p>, Anonymous

Revision History

• 2024-12-10: Information published.
• 2024-12-16: Updated acknowledgment. This is an informational change only.
• 2025-03-11: To comprehensively address CVE-2024-49116, Microsoft has released March 2025 security updates for all supported editions of Windows Server 2016 and Windows Server 2019. Microsoft recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.