About CVE-2024-30078 and the Corresponding KB Update

CVE-2024-30078 is a critical security vulnerability affecting the Windows Wi-Fi Driver. It allows remote code execution, which means that an attacker within proximity of the target device can send specially crafted Wi-Fi packets to exploit the vulnerability. If successfully exploited, this could allow the attacker to execute arbitrary code on the target system, potentially leading to a full system compromise. The vulnerability is rated with a CVSS score of 8.8, indicating a high level of severity​.

Exploitation: An attacker does not need physical access to the device but must be within Wi-Fi range. The vulnerability arises from improper input validation in the Wi-Fi driver, which can be manipulated to execute harmful code​​.

Impact: This vulnerability affects all common versions of Windows, including Windows 10, Windows 11, and various versions of Windows Server from 2008 onwards. The exploitation of this vulnerability is considered "less likely" by Microsoft, but due to the high impact and ease of exploitation, it is a significant security risk​ (Tom's Hardware)​.

The KB Update

The security patch that addresses CVE-2024-30078 was released by Microsoft as part of their June 2024 Patch Tuesday updates. This KB update fixes the vulnerability by correcting the input validation process in the Wi-Fi driver, thereby preventing the exploitation vector used by attackers to gain unauthorized access and execute code remotely​ (BleepingComputer)​​ (Cyber Security News)​.

Steps to Ensure Protection:

Check for the KB Update: Ensure that the specific KB update addressing CVE-2024-30078 is installed on your system.
Install the Update: If the update is not installed, use Windows Update or manually download and install the patch from the Microsoft Update Catalog.
Verify Installation: After installation, verify that the system is protected by checking the installed updates list.

The provided Python program performs the following tasks:

Retrieve OS Information Using PowerShell:
    The function get_os_info() runs an inline PowerShell command to retrieve detailed information about the operating system. It captures properties such as CsName, WindowsVersion, WindowsBuildLabEx, WindowsEditionId, and WindowsInstallationType using the Get-ComputerInfo cmdlet. The output is parsed and stored in a dictionary.

Check if the OS is Windows 11:
    The function is_windows_11() checks the retrieved OS information to determine if the operating system is Windows 11. It looks for specific identifiers in WindowsEditionId and ensures the WindowsBuildLabEx build number is 22000 or higher. This helps to correctly identify Windows 11, including Enterprise LTSC editions.

Check if a Specific KB Update is Installed:
    The function check_kb_installed() uses the wmic command to list all installed updates and checks if the specified KB number (e.g., "KB5039212") is present in the list. It returns True if the update is found and False otherwise.

Main Execution:
    The main part of the script first retrieves and prints the OS information.
    It then checks if the OS is Windows 11 using the is_windows_11() function.
    If the OS is Windows 11, it proceeds to check if the specified KB update is installed using check_kb_installed().
    If the update is found, it prints a message indicating that the system is protected against CVE-2024-30078.
    If the update is not found, it prints a message indicating that the system is not protected.
    If the OS is not Windows 11, it prints a message stating that the script only runs on Windows 11.# Windows 11 KB Update Checker

This Python program performs the following tasks:

Retrieve OS Information Using PowerShell:

The function get_os_info() runs an inline PowerShell command to retrieve detailed information about the operating system. It captures properties such as CsName, WindowsVersion, WindowsBuildLabEx, WindowsEditionId, and WindowsInstallationType using the Get-ComputerInfo cmdlet. The output is parsed and stored in a dictionary.

Check if the OS is Windows 11:

The function is_windows_11() checks the retrieved OS information to determine if the operating system is Windows 11. It looks for specific identifiers in WindowsEditionId and ensures the WindowsBuildLabEx build number is 22000 or higher. This helps to correctly identify Windows 11, including Enterprise LTSC editions.

Check if a Specific KB Update is Installed:

The function check_kb_installed() uses the wmic command to list all installed updates and checks if the specified KB number (e.g., "KB5039212") is present in the list. It returns True if the update is found and False otherwise.

Main Execution:

1. The main part of the script first retrieves and prints the OS information.
2. It then checks if the OS is Windows 11 using the is_windows_11() function.
3. If the OS is Windows 11, it proceeds to check if the specified KB update is installed using check_kb_installed().
4. If the update is found, it prints a message indicating that the system is protected against CVE-2024-30078.
5. If the update is not found, it prints a message indicating that the system is not protected.
6. If the OS is not Windows 11, it prints a message stating that the script only runs on Windows 11.

Usage

To run the script, follow these steps:

1. Save the script to a file, for example, check_kb.py.

2. Open a command prompt or terminal and navigate to the directory where the script is saved.

3. Run the script using:

   python cve.py

WARNING Make sure you have the necessary permissions to run PowerShell commands and that Python is installed on your system.

Dependencies

Python 3.x
PowerShell