CVE-2024-49108: 
vulnerability analysis and mitigation

Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2024-49108) was disclosed on December 11, 2024. This vulnerability affects multiple versions of Microsoft Windows Server, including Server 2016, 2019, 2022, and 2025 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is associated with multiple CWE classifications including CWE-362 (Race Condition), CWE-591 (Sensitive Data Storage in Improperly Locked Memory), and CWE-416 (Use After Free). The exploitation involves a race condition scenario that could lead to a use-after-free condition (NVD, Talos).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected system through the Remote Desktop Gateway role. The vulnerability affects confidentiality, integrity, and availability of the system, all rated as high impact according to the CVSS metrics (NVD).

Microsoft has released security updates for affected versions of Windows Server: Server 2016 (up to version 10.0.14393.7606), Server 2019 (up to version 10.0.17763.6659), Server 2022 (up to version 10.0.20348.2966), Server 2022 23H2 (up to version 10.0.25398.1308), and Server 2025 (up to version 10.0.26100.2605) (NVD).