CVE-2024-43506 Overview
CVE-2024-43506 is a denial of service vulnerability affecting the BranchCache feature across supported Microsoft Windows client and server platforms. BranchCache is a wide area network (WAN) bandwidth optimization technology that caches content from remote servers on local branch office hosts. An unauthenticated attacker can send crafted network traffic that triggers excessive resource consumption [CWE-400], rendering the affected service unavailable. The flaw requires no privileges and no user interaction, and is exploitable over the network. Microsoft addressed the issue in its October 2024 Patch Tuesday release.
Critical Impact
A remote, unauthenticated attacker can disrupt BranchCache services on Windows endpoints and servers, degrading content distribution and impacting availability in enterprise WAN environments.
Affected Products
- Microsoft Windows 10 (1507, 1607, 1809, 21H2, 22H2)
- Microsoft Windows 11 (21H2, 22H2, 23H2, 24H2)
- Microsoft Windows Server 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, and 2022 23H2
Discovery Timeline
- 2024-10-08 - Microsoft releases security patch for CVE-2024-43506
- 2024-10-08 - CVE-2024-43506 published to NVD
- 2026-06-17 - Last updated in NVD database
Technical Details for CVE-2024-43506
Vulnerability Analysis
The vulnerability resides in the BranchCache service, which handles cached content distribution between Windows hosts in a distributed cache or hosted cache topology. The flaw is classified under [CWE-400] (Uncontrolled Resource Consumption), indicating that crafted requests cause the service to consume disproportionate CPU, memory, or handle resources. Exploitation does not require authentication or user interaction, and the attack is launched across the network against systems where BranchCache is enabled. The impact is limited to availability — confidentiality and integrity are unaffected. EPSS data places this vulnerability in the 80th percentile, indicating elevated likelihood of exploitation activity relative to the broader CVE population.
Root Cause
Microsoft has not published detailed root cause information beyond the resource exhaustion classification. The defect allows malformed or abusive protocol messages to trigger unbounded work in the BranchCache request handler. Without proper input bounding or rate limiting, repeated requests degrade the service until it can no longer respond to legitimate clients.
Attack Vector
The attacker sends crafted BranchCache protocol messages to a vulnerable Windows host on a reachable network segment. Because no authentication is needed, any system that can route packets to the listening BranchCache endpoints is exposed. In environments where BranchCache is published across larger network boundaries, the attack surface expands significantly. Public proof-of-concept code is not available and the CVE is not listed in the CISA Known Exploited Vulnerabilities catalog.
No verified public exploit code is available. Refer to the Microsoft Security Update Guide for CVE-2024-43506 for vendor technical details.
Detection Methods for CVE-2024-43506
Indicators of Compromise
- Sudden spikes in CPU or memory utilization tied to the PeerDistSvc (BranchCache) service process.
- Repeated BranchCache protocol requests from a single source IP within short time windows.
- BranchCache service crashes or restarts logged in the Windows System event log.
- Network telemetry showing anomalous traffic patterns to BranchCache TCP port 80/443 endpoints on internal hosts.
Detection Strategies
- Monitor the PeerDistSvc service state and resource usage with endpoint telemetry and alert on abnormal consumption.
- Correlate Windows event IDs related to service termination with concurrent inbound network sessions targeting BranchCache.
- Apply network IDS signatures to flag malformed or high-volume BranchCache protocol traffic destined for Windows hosts.
Monitoring Recommendations
- Inventory all Windows endpoints and servers where the BranchCache feature is installed and enabled.
- Track patch deployment status against the October 2024 Microsoft security update baseline for each affected SKU.
- Maintain availability monitoring on content distribution dependent on BranchCache to detect service degradation early.
How to Mitigate CVE-2024-43506
Immediate Actions Required
- Apply the October 2024 Microsoft security updates to all affected Windows 10, Windows 11, and Windows Server systems.
- Identify hosts with the BranchCache role or feature enabled and prioritize them for patching.
- Restrict inbound access to BranchCache listeners to trusted management and branch subnets via host or network firewalls.
Patch Information
Microsoft published fixes for CVE-2024-43506 as part of the October 2024 Patch Tuesday cycle. Patch availability and KB article references for each affected Windows version are documented in the Microsoft Security Update Guide for CVE-2024-43506. Administrators should validate that the appropriate cumulative update is installed on every affected SKU listed in the advisory.
Workarounds
- Disable the BranchCache service (PeerDistSvc) on hosts that do not require it until patches are applied.
- Block external and untrusted network access to BranchCache endpoints using Windows Defender Firewall or perimeter ACLs.
- Segment branch office networks so BranchCache traffic is restricted to authorized peers only.
# Disable the BranchCache service on a Windows host as a temporary workaround
sc.exe config PeerDistSvc start= disabled
sc.exe stop PeerDistSvc
# Verify service state
sc.exe query PeerDistSvc
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
