CVE-2024-49092: 
vulnerability analysis and mitigation

The Windows Mobile Broadband Driver Elevation of Privilege Vulnerability (CVE-2024-49092) was identified and disclosed on December 11, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10 (versions 1809, 21H2, 22H2), Windows 11 (versions 22H2, 23H2, 24H2), and Windows Server (versions 2019, 2022 23H2, 2025) (NVD Change Record).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium severity) with the following vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Microsoft has classified this as an Out-of-bounds Read vulnerability (CWE-125) (NVD).

The vulnerability could allow an attacker to achieve elevation of privilege on affected systems. Given the CVSS metrics, if successfully exploited, the vulnerability could lead to high impacts on confidentiality, integrity, and availability of the affected systems (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available for all affected versions including Windows 10 (up to versions 10.0.17763.6659, 10.0.19044.5247, 10.0.19045.5247), Windows 11 (up to versions 10.0.22621.4602, 10.0.22631.4602, 10.0.26100.2605), and Windows Server (up to versions 10.0.17763.6659, 10.0.25398.1308, 10.0.26100.2605) (NVD Change Record).