vulnerability
Microsoft Windows: CVE-2024-49128: Windows Remote Desktop Services Remote Code Execution Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:M/Au:N/C:C/I:C/A:C) | Dec 10, 2024 | Dec 10, 2024 | Oct 14, 2025 |
Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
Dec 10, 2024
Added
Dec 10, 2024
Modified
Oct 14, 2025
Description
Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network.
Solutions
microsoft-windows-windows_server_2012-kb5058451microsoft-windows-windows_server_2012_r2-kb5058403microsoft-windows-windows_server_2016-1607-kb5058383microsoft-windows-windows_server_2019-1809-kb5058392microsoft-windows-windows_server_2022-21h2-kb5058385microsoft-windows-windows_server_2022-22h2-kb5058385microsoft-windows-windows_server_2022-23h2-kb5058384microsoft-windows-windows_server_2025-24h2-kb5058411
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.