CVE-2024-43521
Published: 08 October 2024
Summary
CVE-2024-43521 is a high-severity Incorrect Check of Function Return Value (CWE-253) vulnerability in Microsoft Windows Server 2012. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 7.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
Windows Hyper-V contains a denial of service vulnerability tracked as CVE-2024-43521. The flaw received a CVSS 3.1 base score of 7.5 and is associated with CWE-253. It affects the Hyper-V hypervisor component in supported Windows releases and allows remote interference with availability while leaving confidentiality and integrity untouched.
An unauthenticated attacker can exploit the issue over the network with low complexity and no user interaction. Successful exploitation results in a high-impact denial of service against the Hyper-V host, causing the affected virtualization service to become unavailable.
Microsoft has published an advisory for CVE-2024-43521 that includes remediation guidance and is available at the Microsoft Security Response Center. The EPSS score for the vulnerability has remained flat at 0.0790 since disclosure, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-40775
Vulnerability details
Windows Hyper-V Denial of Service Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.