CVE-2024-26190 – This vulnerability in Microsoft's QUIC protocol... (How to Fix)

Q: What is the severity of CVE-2024-26190?

CVE-2024-26190 has a CVSS score of 7.5 (HIGH). This vulnerability in Microsoft's QUIC protocol implementation allows attackers to cause denial of service by sending specially crafted network packets. It affects systems running Microsoft Windows with QUIC-enabled services. The vulnerability could crash affected services, disrupting legitimate traffic.

📋 TL;DR

This vulnerability in Microsoft's QUIC protocol implementation allows attackers to cause denial of service by sending specially crafted network packets. It affects systems running Microsoft Windows with QUIC-enabled services. The vulnerability could crash affected services, disrupting legitimate traffic.

💻 Affected Systems

Products:

Microsoft Windows
Windows Server

Versions: Specific affected versions would be listed in Microsoft's advisory; typically recent Windows versions with QUIC support

Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with QUIC protocol enabled and in use. HTTP/3 and other QUIC-based services are vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete service outage for QUIC-enabled applications, requiring service restart and potentially causing extended downtime for critical systems.

🟠

Likely Case

Temporary service disruption affecting QUIC traffic until the service recovers or is restarted, impacting application availability.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring allowing quick detection and response to attack attempts.

🌐 Internet-Facing: HIGH - QUIC services exposed to the internet are directly vulnerable to remote attack without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to QUIC services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

As a denial of service vulnerability in a network protocol, exploitation typically requires sending malformed packets to the vulnerable service.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft's monthly security updates for the specific KB article addressing CVE-2024-26190

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190

Restart Required: Yes

Instructions:

1. Apply the latest Windows security updates from Microsoft. 2. Restart affected systems to complete the patch installation. 3. Verify the patch is applied using Windows Update history or system information.

🔧 Temporary Workarounds

Disable QUIC Protocol

windows

Temporarily disable QUIC/HTTP3 support to mitigate the vulnerability while awaiting patches

netsh int http set clientcertnegotiation enable
Configure application settings to disable HTTP/3/QUIC

Network Segmentation

all

Restrict access to QUIC-enabled services to trusted networks only

🧯 If You Can't Patch

Implement network-level protections such as rate limiting and packet inspection to detect and block malicious QUIC traffic
Monitor QUIC service health and implement automated restart procedures for affected services

🔍 How to Verify

Check if Vulnerable:

Check if QUIC/HTTP3 services are running and accessible on affected Windows systems. Review Windows Update history for missing security patches.

Check Version:

wmic os get caption,version,buildnumber

Verify Fix Applied:

Verify the specific KB patch for CVE-2024-26190 is installed via Windows Update history or 'wmic qfe list' command.

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes or restarts of QUIC-enabled services
High volume of malformed QUIC packets in network logs

Network Indicators:

Spike in QUIC protocol traffic from single sources
Malformed QUIC packets in network captures

SIEM Query:

source="windows" AND (event_id=1000 OR event_id=1001) AND process_name contains "quic" OR "http3"

📊 Metadata

CVE ID: CVE-2024-26190

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

Published: March 12, 2024

Last Updated: December 27, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190 Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-26190, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

.net by Microsoft

.net by Microsoft

Powershell by Microsoft

Powershell by Microsoft

Visual Studio 2022 by Microsoft

Visual Studio 2022 by Microsoft

Visual Studio 2022 by Microsoft

Visual Studio 2022 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable QUIC Protocol

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities