CVE-2024-43533 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2024-43533?

CVE-2024-43533 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to execute arbitrary code on systems running vulnerable Remote Desktop Client software by sending specially crafted requests. It affects users of Microsoft Remote Desktop Client on Windows systems. Successful exploitation could give attackers full control of the affected system.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on systems running vulnerable Remote Desktop Client software by sending specially crafted requests. It affects users of Microsoft Remote Desktop Client on Windows systems. Successful exploitation could give attackers full control of the affected system.

💻 Affected Systems

Products:

Microsoft Remote Desktop Client

Versions: Specific versions as listed in Microsoft advisory

Operating Systems: Windows 10, Windows 11, Windows Server 2019, Windows Server 2022

Default Config Vulnerable: ⚠️ Yes

Notes: Requires user interaction or malicious server connection to trigger

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with administrative privileges, allowing data theft, ransomware deployment, and persistent backdoor installation.

🟠

Likely Case

Initial foothold leading to lateral movement within networks, credential harvesting, and data exfiltration.

🟢

If Mitigated

Limited impact due to network segmentation, application allowlisting, and proper patch management.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user to connect to malicious RDP server or attacker-in-the-middle position

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Microsoft Security Update Guide for specific KB numbers

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43533

Restart Required: Yes

Instructions:

1. Open Windows Update Settings
2. Check for updates
3. Install all security updates
4. Restart system if prompted

🔧 Temporary Workarounds

Disable Remote Desktop Client

windows

Prevent use of vulnerable RDP client component

Remove via Control Panel > Programs > Uninstall a program

Network Segmentation

all

Restrict RDP traffic to trusted networks only

🧯 If You Can't Patch

Implement network segmentation to isolate RDP traffic
Use application allowlisting to prevent unauthorized RDP client execution

🔍 How to Verify

Check if Vulnerable:

Check installed updates for relevant KB numbers from Microsoft advisory

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify patch installation via Windows Update history or systeminfo command

📡 Detection & Monitoring

Log Indicators:

Unusual RDP connection attempts
Process creation from rdclient.exe with suspicious parameters

Network Indicators:

RDP connections to untrusted IP addresses
Anomalous RDP protocol traffic patterns

SIEM Query:

source="Security" EventCode=4625 LogonType=10 | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-43533

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 8, 2024

Last Updated: October 16, 2024

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43533 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43533, you might also want to check these: