CVE-2024-49039
Published: 12 November 2024
Summary
CVE-2024-49039 is a high-severity Improper Authentication (CWE-287) vulnerability in Microsoft Windows 10 21H2. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 1.5% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
Windows Task Scheduler contains an elevation of privilege vulnerability tracked as CVE-2024-49039 and assigned a CVSS score of 8.8. The flaw stems from improper authentication (CWE-287) in the Windows Task Scheduler component and allows a local attacker to bypass intended access controls.
An authenticated local user with low privileges can exploit the issue without user interaction to obtain elevated rights on the affected system. Successful exploitation grants the attacker full control over confidentiality, integrity, and availability with changed scope, enabling actions such as arbitrary code execution or persistence at a higher privilege level.
Microsoft has published an advisory detailing the vulnerability and corresponding security update. CISA has added CVE-2024-49039 to its Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild and requiring federal agencies and other organizations to apply the vendor patch according to the published timelines. The EPSS score has reached a peak of 0.6638, indicating sustained exploitation interest following disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-43910
Vulnerability details
Windows Task Scheduler Elevation of Privilege Vulnerability
- CWE(s)
- KEV Date Added
- 12 November 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces authentication and access decisions before Task Scheduler operations, blocking the improper-authentication flaw that allows low-privileged escalation.
Limits privileges assigned to scheduled tasks and the accounts that manage them, reducing the ability of a low-privileged attacker to obtain high privileges across the security boundary.
Requires prompt installation of the vendor security update that Microsoft published to correct the Task Scheduler authentication defect now being exploited in the wild.