CVE-2024-43475 – This vulnerability in Microsoft Windows Admin C... (How to Fix)

Q: What is the severity of CVE-2024-43475?

CVE-2024-43475 has a CVSS score of 7.3 (HIGH). This vulnerability in Microsoft Windows Admin Center allows an authenticated attacker to read sensitive information from the application's memory. It affects organizations using Windows Admin Center for server management, potentially exposing credentials, configuration data, or other sensitive information.

📋 TL;DR

This vulnerability in Microsoft Windows Admin Center allows an authenticated attacker to read sensitive information from the application's memory. It affects organizations using Windows Admin Center for server management, potentially exposing credentials, configuration data, or other sensitive information.

💻 Affected Systems

Products:

Microsoft Windows Admin Center

Versions: All versions prior to the patched release

Operating Systems: Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to Windows Admin Center interface

📦 What is this software?

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

Windows Server 2008 by Microsoft

View all CVEs affecting Windows Server 2008 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could extract administrative credentials, domain secrets, or sensitive configuration data leading to full domain compromise.

🟠

Likely Case

Information disclosure of configuration details, partial credentials, or system information that could aid further attacks.

🟢

If Mitigated

Limited exposure of non-critical information with proper network segmentation and access controls.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Requires authenticated access but exploitation is straightforward once access is obtained

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific version

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43475

Restart Required: No

Instructions:

1. Open Windows Admin Center 2. Navigate to Settings 3. Check for updates 4. Apply available updates 5. Verify update completion

🔧 Temporary Workarounds

Restrict Access

windows

Limit Windows Admin Center access to trusted administrative users only

Network Segmentation

all

Place Windows Admin Center behind VPN or internal network segmentation

🧯 If You Can't Patch

Implement strict access controls and multi-factor authentication for all Windows Admin Center users
Monitor Windows Admin Center logs for unusual access patterns or information disclosure attempts

🔍 How to Verify

Check if Vulnerable:

Check Windows Admin Center version against patched versions in Microsoft advisory

Check Version:

In Windows Admin Center: Settings > About

Verify Fix Applied:

Verify Windows Admin Center has been updated to patched version and test information disclosure attempts

📡 Detection & Monitoring

Log Indicators:

Unusual authentication patterns
Multiple failed login attempts followed by successful access
Unusual information retrieval patterns

Network Indicators:

Unusual traffic to Windows Admin Center from non-administrative sources
Information exfiltration patterns

SIEM Query:

source="Windows Admin Center" AND (event_type="authentication" OR event_type="data_access") AND user NOT IN [admin_users]

📊 Metadata

CVE ID: CVE-2024-43475

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H

CWE: CWE-126

Published: September 10, 2024

Last Updated: September 13, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43475 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43475, you might also want to check these: