CVE-2024-20680: 
vulnerability analysis and mitigation

Windows Message Queuing Client (MSMQC) Information Disclosure vulnerability (CVE-2024-20680) was disclosed on January 9, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions. The vulnerability was initially identified and reported by Microsoft Corporation (Microsoft Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs low privileges, requires no user interaction, and can result in high confidentiality impact without affecting integrity or availability. Microsoft has classified this as an Untrusted Pointer Dereference (CWE-822) vulnerability (NVD).

The vulnerability allows for information disclosure in the Windows Message Queuing Client (MSMQC) component. When successfully exploited, it could lead to unauthorized access to sensitive information, though the specific nature of the information that could be exposed has not been detailed in the available sources (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability across affected systems including Windows 10 (versions 1507, 1607, 1809, 21H2, 22H2), Windows 11 (versions 21H2, 22H2, 23H2), and Windows Server (2008 SP2, 2012, 2012 R2, 2016, 2019, 2022). Users are advised to apply the appropriate security updates to mitigate this vulnerability (NVD).