WINDOWS KERBEROS REMOTE CODE EXECUTION VULNERABILITY - CVE-2024-43639

WINDOWS KERBEROS REMOTE CODE EXECUTION VULNERABILITY

CVE-2024-43639

What is vulnerable?

The Kerberos Authentication system in Windows Server 2012, 2016, 2019, 2022, 2025 (Server Core included)

What has happened?

Microsoft have released an update and advisory as part of the November Patching Cycle for the new vulnerability CVE-2024-43639.

This vulnerability has been assigned the CVSS 3 score of 9.8/10. The vulnerability allows an unauthenticated attacker to use a specially crafted application to leverage a cryptographic protocol vulnerability in Windows Kerberos to perform remote code execution against the target. This process does not require any user interaction and there are no workarounds to mitigate this vulnerability.

What you can do:

The remediation for this vulnerability is to apply the November Monthly Rollup Security updates relevant to the version of Windows Server being patched. Microsoft advise that there is no evidence of this being exploited in the wild, but it is expected that this vulnerability will be reverse engineered and weaponised.

Further Information:

Microsoft’s advisory for this specific vulnerability: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639

Rapid7’s analysis for this patch cycle: https://www.rapid7.com/blog/post/2024/11/12/patch-tuesday-november-2024/

CrowdStrike’s analysis for this patch cycle: https://www.crowdstrike.com/en-us/blog/patch-tuesday-analysis-november-2024/

Cythera is actively monitoring for exposure and exploitation activity for MDR and Vulnerability Management clients.