CVE-2024-49117

HIGH

Windows 11 22H2/23H2/24H2 and Windows Server 2022/2022 23H2/2025 - Remote Code Execution

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-49117. PoCs published by mutkus.

AI-analyzed exploit summary This PowerShell script checks for the presence of specific KB updates that patch CVE-2024-49117 and related CVEs by querying installed hotfixes and comparing them against a predefined mapping of OS versions to KB numbers. It does not exploit the vulnerability but scans for patch status.

Description

Windows Hyper-V Remote Code Execution Vulnerability

Exploits (1)

nomisec SCANNER

by mutkus · poc

https://github.com/mutkus/Microsoft-2024-December-Update-Control

View Code ZIP pw:eip

This PowerShell script checks for the presence of specific KB updates that patch CVE-2024-49117 and related CVEs by querying installed hotfixes and comparing them against a predefined mapping of OS versions to KB numbers. It does not exploit the vulnerability but scans for patch status.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Windows (various versions)

Auth required

Prerequisites: Local or administrative access to run PowerShell scripts

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory vendor-advisory patch

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49117

Scores

CVSS v3 8.8

EPSS 0.0100

EPSS Percentile 58.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-393

Status published

Products (14)

Microsoft/Windows 11 version 22H2 10.0.22621.0 - 10.0.22621.4602

Microsoft/Windows 11 version 22H3 10.0.22631.0 - 10.0.22631.4602

Microsoft/Windows 11 Version 23H2 10.0.22631.0 - 10.0.22631.4602

Microsoft/Windows 11 Version 24H2 10.0.26100.0 - 10.0.26100.2605

Microsoft/Windows Server 2022 10.0.20348.0 - 10.0.20348.2966

Microsoft/Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.0 - 10.0.25398.1308

Microsoft/Windows Server 2025 10.0.26100.0 - 10.0.26100.2605

Microsoft/Windows Server 2025 (Server Core installation) 10.0.26100.0 - 10.0.26100.2605

microsoft/windows_11_22h2 < 10.0.22621.4602

microsoft/windows_11_23h2 < 10.0.22631.4602

... and 4 more

Published Dec 12, 2024

Tracked Since Feb 18, 2026