CVE-2024-49119: 
vulnerability analysis and mitigation

Windows Remote Desktop Services Remote Code Execution Vulnerability (CVE-2024-49119) was disclosed on December 11, 2024. This vulnerability affects multiple versions of Microsoft Windows Server, including Server 2016, 2019, 2022, and 2025 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 8.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H. It has been classified under CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization - 'Race Condition') and CWE-843 (Access of Resource Using Incompatible Type - 'Type Confusion') (NVD).

This remote code execution vulnerability in Windows Remote Desktop Services could potentially allow attackers to gain complete control over affected systems, with high impacts on confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability. The fixes are available through various KB articles: KB5048671 for Windows Server 2016, KB5048661 for Server 2019, KB5048654 for Server 2022 21H2/22H2, KB5048653 for Server 2022 23H2, and KB5048667 for Server 2025 (Rapid7).