CVE-2024-43642
Published: 12 November 2024
Summary
CVE-2024-43642 is a high-severity Use After Free (CWE-416) vulnerability in Microsoft Windows 11 22H2. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 2.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-43642 is a denial-of-service vulnerability in the Windows SMB component, assigned a CVSS 3.1 base score of 7.5 with a vector indicating network attackability, low complexity, no required privileges or user interaction, and high impact on availability. The weakness is tracked under CWE-416.
An unauthenticated attacker can send specially crafted network traffic to an affected Windows system and trigger the flaw, resulting in a denial-of-service condition that disrupts SMB services without affecting confidentiality or integrity.
The sole reference points to the Microsoft Security Response Center advisory page for CVE-2024-43642, which is the authoritative source for patch availability and mitigation guidance. The current EPSS score stands at 0.3650 with an identical recorded peak, indicating moderate exploitation probability but no post-disclosure increase.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-40387
Vulnerability details
Windows SMB Denial of Service Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.