Windows Wi-Fi 驱动程序远程代码执行漏洞 CVE-2024-30078

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

升级到 Windows 11

是一个创建于 481 天前的主题，其中的信息可能已经有所发展或是发生改变。

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30078

Windows Server 2012 R2 (Server Core installation)

Windows Server 2012 R2

Windows Server 2012 (Server Core installation)

Windows Server 2012

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2016 (Server Core installation)

Windows Server 2016

Windows 10 Version 1607 for x64-based Systems

Windows 10 Version 1607 for 32-bit Systems

Windows 10 for x64-based Systems

Windows 10 for 32-bit Systems

Windows Server 2022, 23H2 Edition (Server Core installation)

Windows 11 Version 23H2 for x64-based Systems

Windows 11 Version 23H2 for ARM64-based Systems

Windows 10 Version 22H2 for 32-bit Systems

Windows 10 Version 22H2 for ARM64-based Systems

Windows 10 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for x64-based Systems

Windows 11 Version 22H2 for ARM64-based Systems

Windows 10 Version 21H2 for x64-based Systems

Windows 10 Version 21H2 for ARM64-based Systems

Windows 10 Version 21H2 for 32-bit Systems

Windows 11 version 21H2 for ARM64-based Systems

Windows 11 version 21H2 for x64-based Systems

Windows Server 2022 (Server Core installation)

Windows Server 2022

Windows Server 2019 (Server Core installation)

Windows Server 2019

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

驱动程序

漏洞

远程

15 条回复 2024-06-22 18:32:50 +08:00

BaiLinfeng

2024-06-16 17:27:23 +08:00

所以能演示下效果？

povsister

2024-06-16 17:49:52 +08:00

@BaiLinfeng
这东西 POC 应该只有内部知道，不然这影响范围一个公开就是另一个永恒之蓝

liuzimin

2024-06-16 18:15:12 +08:00 via Android

借楼问一下，有没有那种专门交流 Win 每次升级后的 bug 汇总的网站？这样我每次好观察一下是否适合升级再升。

V1Eerie

2024-06-16 18:35:41 +08:00

@povsister #2 GitHub 看到的 PoC 实现 https://github.com/alperenugurlu/CVE-2024-30078-

Kinnice

2024-06-16 19:09:53 +08:00 via Android

@V1Eerie 看起来是个占坑骗 star 的

codehz

2024-06-16 21:07:52 +08:00

需要有 WiFi 接入，服务器基本上不用担心了。。。。笔记本的话，与其有闲心到你家附近的黑客，不如担心家里会不会遭贼（）

jim9606

2024-06-16 23:26:57 +08:00

已更新至 10.0.22631.3737

@liuzimin
https://aka.ms/Windows11UpdateHistory
注意 Win10 开始使用 WaaS 发布模型的系统只提供累积更新包（ LCM ），也就是新的补丁包包含之前的所有补丁更改，就像手机 APP 一样版本只有一条线。