/

CVE-2023-24943 Report - Details, Severity, & Advisorie...

CVE-2023-24943 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-24943?

CVE-2023-24943 is a critical security vulnerability in Microsoft Windows operating systems, related to Windows Pragmatic General Multicast (PGM) Remote Code Execution. An attacker could exploit this by sending a specially crafted file over the network to execute malicious code remotely on affected systems.

Who is impacted by CVE-2023-24943?

The CVE-2023-24943 vulnerability affects users of various Microsoft Windows and Windows Server operating systems. Specifically, impacted versions include Windows 10 (versions 1507, 1607, 1809, 20H2, 21H2, and 22H2), Windows 11 (versions 21H2 and 22H2), and Windows Server editions (2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, and 2022). This security issue could allow an attacker to execute malicious code remotely on affected systems, putting both desktop and server users at risk.

What to do if CVE-2023-24943 affected you

If you're affected by the CVE-2023-24943 vulnerability, it's crucial to take action to secure your system. First, disable the Windows message queuing service if it's not needed. Next, check for a running "Message Queuing" service and if TCP port 1801 is listening. Finally, apply the security updates provided by Microsoft for your affected system. Stay vigilant and monitor the Microsoft Security Update Guide for any updates or revisions related to this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-24943 vulnerability, also known as Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. It was published on May 9, 2023, and the required action is to apply the security updates provided by Microsoft to mitigate the vulnerability. No due date is provided for this action.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-122, a heap-based buffer overflow issue affecting various Windows operating systems.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-24943 Report - Details, Severity, & Advisorie...

CVE-2023-24943 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-24943?

CVE-2023-24943 is a critical security vulnerability in Microsoft Windows operating systems, related to Windows Pragmatic General Multicast (PGM) Remote Code Execution. An attacker could exploit this by sending a specially crafted file over the network to execute malicious code remotely on affected systems.

Who is impacted by CVE-2023-24943?

The CVE-2023-24943 vulnerability affects users of various Microsoft Windows and Windows Server operating systems. Specifically, impacted versions include Windows 10 (versions 1507, 1607, 1809, 20H2, 21H2, and 22H2), Windows 11 (versions 21H2 and 22H2), and Windows Server editions (2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, and 2022). This security issue could allow an attacker to execute malicious code remotely on affected systems, putting both desktop and server users at risk.

What to do if CVE-2023-24943 affected you

If you're affected by the CVE-2023-24943 vulnerability, it's crucial to take action to secure your system. First, disable the Windows message queuing service if it's not needed. Next, check for a running "Message Queuing" service and if TCP port 1801 is listening. Finally, apply the security updates provided by Microsoft for your affected system. Stay vigilant and monitor the Microsoft Security Update Guide for any updates or revisions related to this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-24943 vulnerability, also known as Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. It was published on May 9, 2023, and the required action is to apply the security updates provided by Microsoft to mitigate the vulnerability. No due date is provided for this action.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-122, a heap-based buffer overflow issue affecting various Windows operating systems.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-24943 Report - Details, Severity, & Advisories

Twingate Team

Jun 28, 2024

What is CVE-2023-24943?

CVE-2023-24943 is a critical security vulnerability in Microsoft Windows operating systems, related to Windows Pragmatic General Multicast (PGM) Remote Code Execution. An attacker could exploit this by sending a specially crafted file over the network to execute malicious code remotely on affected systems.

Who is impacted by CVE-2023-24943?

The CVE-2023-24943 vulnerability affects users of various Microsoft Windows and Windows Server operating systems. Specifically, impacted versions include Windows 10 (versions 1507, 1607, 1809, 20H2, 21H2, and 22H2), Windows 11 (versions 21H2 and 22H2), and Windows Server editions (2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, and 2022). This security issue could allow an attacker to execute malicious code remotely on affected systems, putting both desktop and server users at risk.

What to do if CVE-2023-24943 affected you

If you're affected by the CVE-2023-24943 vulnerability, it's crucial to take action to secure your system. First, disable the Windows message queuing service if it's not needed. Next, check for a running "Message Queuing" service and if TCP port 1801 is listening. Finally, apply the security updates provided by Microsoft for your affected system. Stay vigilant and monitor the Microsoft Security Update Guide for any updates or revisions related to this vulnerability.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-24943 vulnerability, also known as Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability, is not mentioned in CISA's Known Exploited Vulnerabilities Catalog. It was published on May 9, 2023, and the required action is to apply the security updates provided by Microsoft to mitigate the vulnerability. No due date is provided for this action.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-122, a heap-based buffer overflow issue affecting various Windows operating systems.

Learn More

For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, refer to the NVD page or the sources listed below.