CVE-2024-21357

Q: What is the severity of CVE-2024-21357?

CVE-2024-21357 has a CVSS score of 8.1 (HIGH). This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted PGM (Pragmatic General Multicast) packets. It affects Windows systems with PGM enabled, primarily servers using multicast messaging features. Attackers could gain SYSTEM-level privileges on compromised systems.

8.1 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code on affected Windows systems by sending specially crafted PGM (Pragmatic General Multicast) packets. It affects Windows systems with PGM enabled, primarily servers using multicast messaging features. Attackers could gain SYSTEM-level privileges on compromised systems.

💻 Affected Systems

Products:

Windows Server
Windows Desktop

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ✅ No

Notes: PGM is not enabled by default on most Windows systems. Primarily affects systems configured for multicast messaging or specific enterprise applications.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with SYSTEM privileges, enabling complete control over affected systems, data theft, lateral movement, and persistent backdoor installation.

🟠

Likely Case

Remote code execution leading to malware deployment, ransomware installation, or system takeover for botnet participation.

🟢

If Mitigated

No impact if systems are patched or PGM is disabled on internet-facing interfaces.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires network access to PGM-enabled systems. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: February 2024 security updates

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21357

Restart Required: Yes

Instructions:

1. Apply February 2024 Windows security updates via Windows Update. 2. For enterprise environments, deploy updates through WSUS or SCCM. 3. Verify update installation and restart systems as required.

🔧 Temporary Workarounds

Disable PGM Protocol

windows

Disable the Pragmatic General Multicast protocol on affected systems

netsh int ipv4 set int "InterfaceName" rtm=disable
netsh int ipv6 set int "InterfaceName" rtm=disable

Block PGM Ports

all

Block PGM traffic at network perimeter

🧯 If You Can't Patch

Disable PGM on all affected systems
Implement network segmentation to isolate PGM traffic

🔍 How to Verify

Check if Vulnerable:

Check if PGM is enabled: netsh int ipv4 show int | findstr "PGM"

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify February 2024 security updates are installed: wmic qfe list | findstr "KB"

📡 Detection & Monitoring

Log Indicators:

Windows Security Event ID 4688 with suspicious process creation
Unexpected PGM protocol activity in network logs

Network Indicators:

Unusual PGM traffic patterns
PGM packets from unexpected sources

SIEM Query:

EventID=4688 AND (ProcessName contains "cmd.exe" OR ProcessName contains "powershell.exe") AND ParentProcessName contains "svchost.exe"

📊 Metadata

CVE ID: CVE-2024-21357

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-843

Published: February 13, 2024

Last Updated: November 21, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21357 Patch,Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21357 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 21h1 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable PGM Protocol

Block PGM Ports

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities