Cyber Resilience

CVE-2024-30083

High

Published: 11 June 2024

Published
11 June 2024
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0861 92.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-30083 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 7.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

CVE-2024-30083 is a denial-of-service vulnerability in the Windows Standards-Based Storage Management Service. The flaw received a CVSS v3.1 base score of 7.5 and is associated with CWE-121. It affects the service component responsible for storage management operations on supported Windows systems.

An unauthenticated attacker can exploit the issue over the network without user interaction or credentials. Successful exploitation results in a high-impact denial of service that disrupts availability of the affected service while leaving confidentiality and integrity intact.

Microsoft has published guidance for the vulnerability through its Security Response Center at the listed reference URL, which includes details on available updates and recommended remediation steps for affected Windows installations. No information is provided on observed in-the-wild exploitation, and the EPSS score has remained flat at 0.0861.

EU & UK References

Vulnerability details

Windows Standards-Based Storage Management Service Denial of Service Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
≤ 10.0.14393.7070
microsoft
windows server 2019
≤ 10.0.17763.5936
microsoft
windows server 2022
≤ 10.0.20348.2522

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References