CVE-2024-21342 is a high-severity vulnerability identified in Microsoft Windows 11 version 22H2 (build 10.0.22621.0) affecting the Windows DNS Client component. The vulnerability is classified under CWE-400, which pertains to uncontrolled resource consumption, commonly leading to Denial of Service (DoS) conditions. Specifically, this flaw allows an unauthenticated attacker to remotely trigger excessive resource usage in the DNS Client service without requiring any user interaction. The CVSS 3.1 base score of 7.5 reflects the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact is limited to availability (A:H), with no confidentiality or integrity loss. Exploitation could cause the DNS Client service to consume excessive CPU, memory, or other system resources, potentially leading to system instability, degraded performance, or complete denial of DNS resolution services on affected Windows 11 systems. This could disrupt network connectivity and application functionality reliant on DNS resolution. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may require monitoring for official updates from Microsoft. The vulnerability was reserved in December 2023 and published in February 2024, suggesting it is a recent discovery.

For European organizations, this vulnerability poses a significant risk to the availability of critical IT infrastructure running Windows 11 version 22H2. DNS resolution is fundamental for network operations, and disruption can affect internal and external communications, access to cloud services, and business-critical applications. Enterprises with large deployments of Windows 11 endpoints, especially in sectors such as finance, healthcare, telecommunications, and government, could experience service outages or degraded performance if targeted. The lack of required privileges or user interaction lowers the barrier for attackers to exploit this remotely, potentially enabling widespread DoS attacks. This could also impact managed service providers and cloud environments hosting Windows 11 virtual desktops or services. Although no known exploits exist yet, the high CVSS score and ease of exploitation mean organizations should proactively prepare to defend against potential attacks. The disruption of DNS services can cascade into broader operational impacts, including delayed transactions, loss of productivity, and reputational damage.

Organizations should immediately inventory their Windows 11 version 22H2 deployments to identify vulnerable systems. Until an official patch is released by Microsoft, consider the following specific mitigations: 1) Implement network-level filtering to restrict DNS Client traffic from untrusted or external sources, limiting exposure to potential attackers. 2) Employ DNS query rate limiting and monitoring to detect abnormal spikes in DNS Client resource usage indicative of exploitation attempts. 3) Use endpoint detection and response (EDR) tools to monitor for unusual CPU or memory consumption patterns associated with the DNS Client process. 4) Harden network segmentation to isolate critical systems and reduce the attack surface. 5) Prepare incident response plans specifically addressing DNS service disruptions. 6) Stay updated with Microsoft security advisories and apply patches promptly once available. 7) Consider temporary workarounds such as disabling or restarting the DNS Client service if exploitation is suspected, balancing operational impact. 8) Educate IT staff on recognizing signs of resource exhaustion attacks and ensure logging is enabled for forensic analysis.