CVE-2024-20664: 
vulnerability analysis and mitigation

Microsoft Message Queuing Information Disclosure Vulnerability (CVE-2024-20664) was disclosed on January 9, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) (MSRC).

The vulnerability has been assigned a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating that it is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, and can result in high confidentiality impact without affecting integrity or availability. Microsoft has classified this as an untrusted pointer dereference vulnerability (CWE-822) (NVD).

This vulnerability could allow an attacker to obtain sensitive information from affected systems. The high confidentiality impact rating suggests that the vulnerability could lead to significant information disclosure if successfully exploited (MSRC).

Microsoft has released security updates to address this vulnerability across multiple affected versions of Windows. Updates are available through various KB articles including KB5034134, KB5034119, KB5034127, KB5034122, KB5034121, KB5034123, and others for different Windows versions (Rapid7).