CVE-2024-49096: 
vulnerability analysis and mitigation

Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability (CVE-2024-49096) was discovered and disclosed on December 11, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating it is network-accessible, requires low attack complexity, needs no privileges or user interaction, and can result in high availability impact. The vulnerability is classified under CWE-400 (Uncontrolled Resource Consumption) (NVD).

This vulnerability primarily affects system availability, with no direct impact on confidentiality or integrity. As a denial of service vulnerability, successful exploitation could prevent legitimate users from accessing the Microsoft Message Queuing service (Microsoft Advisory).

Microsoft has released security updates to address this vulnerability across affected systems. Updates are available for Windows 10 (versions 1507 through 22H2), Windows 11 (versions 22H2 through 24H2), and Windows Server versions (2012 through 2025) (Rapid7).