June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
DeceptionAds Uses 3,000 Sites and Fake CAPTCHA Pages to Deliver Over Million Impressions Daily – Active IOCs
December 17, 2024
FBI Detects HiatusRAT Malware Attacks Targeting DVRs and Webcams
December 17, 2024
DeceptionAds Uses 3,000 Sites and Fake CAPTCHA Pages to Deliver Over Million Impressions Daily – Active IOCs
December 17, 2024
FBI Detects HiatusRAT Malware Attacks Targeting DVRs and Webcams
December 17, 2024
Severity
High
Analysis Summary
CVE-2024-49117 CVSS:8.4
Microsoft Windows Remote Desktop Client could allow a remote attacker to execute arbitrary code on the system, caused by improper access control in Remote Desktop Client component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2024-49147 CVSS:9.3
Microsoft Update Catalog could allow a remote attacker to gain elevated privileges on the system, caused by a deserialization of untrusted data flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to escalate privileges.
CVE-2024-49105 CVSS:8.4
Microsoft Windows Remote Desktop Client could allow a remote attacker to execute arbitrary code on the system, caused by improper access control in Remote Desktop Client component. By persuading a victim to open specially crafted content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Code Execution
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2024-49117
- CVE-2024-49147
- CVE-2024-49105
Affected Vendors
Microsoft
Affected Products
- Microsoft Windows 10 Version 1809 - 10.0.0
- Microsoft Windows Server 2019 - 10.0.0
- Microsoft Windows Server 2019 (Server Core installation) - 10.0.0
- Microsoft Remote Desktop client for Windows Desktop - 1.2.0.0
- Microsoft Update Catalog
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.
