CVE-2024-43572

Q: What is the severity of CVE-2024-43572?

CVE-2024-43572 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote code execution through Microsoft Management Console (MMC). Attackers can exploit it to execute arbitrary code on affected systems, potentially gaining full control. Organizations using vulnerable Windows systems with MMC are at risk.

7.8 HIGH

Remote Code Execution

📋 TL;DR

This vulnerability allows remote code execution through Microsoft Management Console (MMC). Attackers can exploit it to execute arbitrary code on affected systems, potentially gaining full control. Organizations using vulnerable Windows systems with MMC are at risk.

💻 Affected Systems

Products:

Microsoft Windows
Microsoft Management Console

Versions: Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Systems with MMC components enabled are vulnerable. MMC snap-ins like Services, Event Viewer, etc. may be attack vectors.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, ransomware deployment, or persistent backdoor installation across the network.

🟠

Likely Case

Local privilege escalation or lateral movement within corporate networks by authenticated attackers.

🟢

If Mitigated

Limited impact with proper network segmentation, least privilege, and endpoint protection blocking exploitation attempts.

🌐 Internet-Facing: LOW - MMC is typically not exposed to the internet and requires network access or user interaction.

🏢 Internal Only: HIGH - Significant risk in internal networks where attackers can leverage this for lateral movement and privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires some user interaction or network access. CISA has added this to its Known Exploited Vulnerabilities catalog.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Apply latest Windows security updates from Microsoft's October 2024 Patch Tuesday or later

Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572

Restart Required: Yes

Instructions:

1. Open Windows Update settings. 2. Check for updates. 3. Install all available security updates. 4. Restart the system when prompted.

🔧 Temporary Workarounds

Disable MMC via Group Policy

windows

Restrict MMC usage to prevent exploitation vectors

gpedit.msc → User Configuration → Administrative Templates → Windows Components → Microsoft Management Console → Set 'Restrict users to the explicitly permitted list of snap-ins' to Enabled

Network Segmentation

all

Isolate systems with MMC from untrusted networks

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable systems
Apply least privilege principles and disable unnecessary MMC snap-ins

🔍 How to Verify

Check if Vulnerable:

Check Windows version and update status via winver or systeminfo command

Check Version:

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Verify Fix Applied:

Verify KB5031356 (October 2024) or later security updates are installed via Settings → Update & Security → View update history

📡 Detection & Monitoring

Log Indicators:

Unusual MMC process creation (mmc.exe) with suspicious command-line arguments
Event ID 4688 for new processes from MMC context

Network Indicators:

Unexpected network connections originating from systems running MMC

SIEM Query:

Process Creation where Image = 'mmc.exe' and CommandLine contains suspicious parameters

📊 Metadata

CVE ID: CVE-2024-43572

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-707

Published: October 8, 2024

Last Updated: October 30, 2025

🔗 References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43572 Patch,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43572 US Government Resource

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Windows 10 1507 by Microsoft

Windows 10 1507 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1607 by Microsoft

Windows 10 1809 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 21h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 10 22h2 by Microsoft

Windows 11 21h2 by Microsoft

Windows 11 22h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 23h2 by Microsoft

Windows 11 24h2 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2008 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2012 by Microsoft

Windows Server 2016 by Microsoft

Windows Server 2019 by Microsoft

Windows Server 2022 by Microsoft

Windows Server 2022 23h2 by Microsoft

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable MMC via Group Policy

Network Segmentation

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities