CVE-2024-43520

Q: What is the severity of CVE-2024-43520?

CVE-2024-43520 has a CVSS score of 5.0 (MEDIUM). This Windows kernel vulnerability allows attackers to cause a denial of service (system crash/BSOD) by exploiting a NULL pointer dereference. It affects Windows systems with the vulnerable kernel component. Attackers need local access to exploit this vulnerability.

5.0 MEDIUM

Denial of Service

📋 TL;DR

This Windows kernel vulnerability allows attackers to cause a denial of service (system crash/BSOD) by exploiting a NULL pointer dereference. It affects Windows systems with the vulnerable kernel component. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:

Windows

Versions: Specific versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Windows versions are vulnerable

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash requiring reboot, potentially causing data loss or service disruption

🟠

Likely Case

Local denial of service resulting in system instability or temporary unavailability

🟢

If Mitigated

Minimal impact with proper access controls preventing unauthorized local execution

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network

🏢 Internal Only: MEDIUM - Malicious insiders or compromised accounts could exploit locally

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to execute code; no known public exploits

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft's monthly security updates for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43520

Restart Required: Yes

Instructions:

1. Open Windows Update settings
2. Check for updates
3. Install all available security updates
4. Restart system when prompted

🔧 Temporary Workarounds

Restrict local access

windows

Limit local user privileges and implement least privilege access controls

🧯 If You Can't Patch

Implement strict access controls to prevent unauthorized local code execution
Monitor for system crashes and investigate any unexpected reboots

🔍 How to Verify

Check if Vulnerable:

Check Windows Update history for missing security patches or use Microsoft's Security Update Guide

Check Version:

wmic os get caption, version, buildnumber, csdversion

Verify Fix Applied:

Verify the latest security updates are installed via Windows Update history

📡 Detection & Monitoring

Log Indicators:

System crash logs (Event ID 41)
Unexpected system reboots
Kernel panic events

Network Indicators:

None - local exploit only

SIEM Query:

EventID=41 OR (EventID=6008 AND Source="EventLog")

📊 Metadata

CVE ID: CVE-2024-43520

CVSS v3 Score: 5.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: October 8, 2024

Last Updated: October 17, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43520 Patch,Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict local access

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities