CVE-2023-24942
Published: 09 May 2023
Summary
CVE-2023-24942 is a high-severity Buffer Over-read (CWE-126) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2023-24942 is a Remote Procedure Call Runtime Denial of Service issue affecting the Remote Procedure Call component. It is rated 7.5 under CVSS 3.1 with the vector AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H and is associated with CWE-126.
An unauthenticated remote attacker can trigger the flaw over the network to produce a denial-of-service condition that impairs availability while leaving confidentiality and integrity unaffected.
The listed references direct practitioners to the Microsoft Security Response Center advisory for patch availability and mitigation guidance. The EPSS score has remained flat at its recorded peak of 0.1372.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-28929
Vulnerability details
Remote Procedure Call Runtime Denial of Service Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.