CVE-2024-49082: 
vulnerability analysis and mitigation

Windows File Explorer Information Disclosure Vulnerability (CVE-2024-49082) was disclosed on December 11, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N. The vulnerability is classified under CWE-22, which relates to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (NVD).

This information disclosure vulnerability in Windows File Explorer could potentially lead to unauthorized access to sensitive information and system compromise. The CVSS scoring indicates high potential impact on both confidentiality and integrity, while availability is not affected (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability across multiple affected versions. Updates are available for Windows 10 (versions 1507 through 22H2), Windows 11 (versions 22H2, 23H2, and 24H2), and Windows Server versions (2008 through 2025) (Rapid7).