CVE-2024-20699: 
vulnerability analysis and mitigation

Windows Hyper-V Denial of Service Vulnerability (CVE-2024-20699) was disclosed on January 9, 2024. This vulnerability affects multiple versions of Microsoft Windows systems including Windows 10, Windows 11, and Windows Server editions. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) (Microsoft MSRC).

The vulnerability has been assessed with a CVSS v3.1 vector of CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating local access is required, low attack complexity, low privileges required, no user interaction needed, and high impact on availability. Microsoft has classified this as CWE-755, which relates to improper handling of exceptional conditions (NVD).

This vulnerability specifically affects the availability of Windows Hyper-V services, potentially leading to denial of service conditions. The impact is primarily focused on system availability, with no direct effect on confidentiality or integrity of the system (Microsoft MSRC).

Microsoft has released security updates to address this vulnerability across affected systems including Windows 10 (1809, 21H2, 22H2), Windows 11 (21H2, 22H2, 23H2), and Windows Server (2019, 2022) versions. Users are advised to apply the relevant security updates: KB5034127, KB5034122, KB5034121, KB5034123, KB5034129, and KB5034130 (Rapid7).