Cyber Resilience

CVE-2024-49039

HighCISA KEVActive ExploitationEUVD ExploitedRansomware-linked

Published: 12 November 2024

Published
12 November 2024
Modified
28 October 2025
KEV Added
12 November 2024
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.6502 98.5th percentile
Risk Priority 77 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-49039 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

Windows Task Scheduler contains an elevation of privilege vulnerability tracked as CVE-2024-49039 and assigned a CVSS score of 8.8. The flaw stems from improper authentication (CWE-287) in the Windows Task Scheduler component and allows a local attacker to bypass intended access controls.

An authenticated local user with low privileges can exploit the issue without user interaction to obtain elevated rights on the affected system. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability with changed scope, enabling actions such as arbitrary code execution or persistence at a higher privilege level.

Microsoft has published an advisory detailing the vulnerability and corresponding security update. CISA has added CVE-2024-49039 to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild and requiring federal agencies and other organizations to apply the vendor patch according to the published timelines. The EPSS score has reached a peak of 0.6638, indicating sustained exploitation interest following disclosure.

EU & UK References

Vulnerability details

Windows Task Scheduler Elevation of Privilege Vulnerability

CWE(s)
KEV Date Added
12 November 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10 1507
≤ 10.0.10240.20826 · ≤ 10.0.10240.20826
microsoft
windows 10 1607
≤ 10.0.14393.7515 · ≤ 10.0.14393.7515
microsoft
windows 10 1809
≤ 10.0.17763.6532 · ≤ 10.0.17763.6532
microsoft
windows 10 21h2
≤ 10.0.19044.5131 · ≤ 10.0.19044.5131 · ≤ 10.0.19044.5131
microsoft
windows 10 22h2
≤ 10.0.19045.5131 · ≤ 10.0.19045.5131 · ≤ 10.0.19045.5131
microsoft
windows 11 22h2
≤ 10.0.22621.4460 · ≤ 10.0.22621.4460
microsoft
windows 11 23h2
≤ 10.0.22631.4460 · ≤ 10.0.22631.4460
microsoft
windows 11 24h2
≤ 10.0.26100.2314 · ≤ 10.0.26100.2314
microsoft
windows server 2016
≤ 10.0.14393.7515
microsoft
windows server 2019
≤ 10.0.17763.6532
+3 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces authentication and access decisions before Task Scheduler operations, blocking the improper-authentication flaw that allows low-privileged escalation.

prevent

Limits privileges assigned to scheduled tasks and the accounts that manage them, reducing the ability of a low-privileged attacker to obtain high privileges across the security boundary.

prevent

Requires prompt installation of the vendor security update that Microsoft published to correct the Task Scheduler authentication defect now being exploited in the wild.

References