CVE-2024-38146
📋 TL;DR
This vulnerability in the Windows Layer-2 Bridge Network Driver allows an attacker to cause a denial of service (system crash/BSOD) by sending specially crafted network packets. It affects Windows systems with the Layer-2 Bridge feature enabled. The vulnerability requires network access to the target system.
💻 Affected Systems
- Windows
📦 What is this software?
Windows 10 1507 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
Windows 11 23h2 by Microsoft
Windows 11 24h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash (Blue Screen of Death) requiring manual reboot, potentially disrupting critical services and causing data loss in unsaved work.
Likely Case
Targeted denial of service attacks against specific Windows systems, causing temporary unavailability until reboot.
If Mitigated
Minimal impact if systems are properly segmented and network access is restricted.
🎯 Exploit Status
Exploitation requires network access and knowledge of Layer-2 Bridge configuration. No public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: July 2024 security updates (KB5040442 for Windows 11, KB5040434 for Windows 10, etc.)
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38146
Restart Required: Yes
Instructions:
1. Apply July 2024 Windows security updates via Windows Update. 2. Alternatively, download and install the specific KB patch for your Windows version from Microsoft Update Catalog. 3. Restart the system after installation.
🔧 Temporary Workarounds
Disable Layer-2 Bridge feature
windowsDisable the vulnerable network component if not required for operations
netsh bridge set adapter 1 forcecompatmode=enable
netsh bridge set adapter 2 forcecompatmode=enable
Disable Network Bridge in Network Connections settings
Network segmentation
allRestrict network access to systems with Layer-2 Bridge enabled
🧯 If You Can't Patch
- Disable Layer-2 Bridge network feature if not required
- Implement network segmentation and firewall rules to restrict access to affected systems
🔍 How to Verify
Check if Vulnerable:
Check if Layer-2 Bridge is enabled via Network Connections or using 'netsh bridge show adapter' commandCheck Version:
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"Verify Fix Applied:
Verify July 2024 security updates are installed via 'systeminfo' command or Windows Update history📡 Detection & Monitoring
Log Indicators:
- System crash/BSOD events in Windows Event Log (Event ID 41)
- Unexpected system reboots
- Network bridge service errors
Network Indicators:
- Unusual network traffic patterns to systems with Layer-2 Bridge enabled
- Malformed network packets targeting bridge interfaces
SIEM Query:
EventID=41 OR (Source="Kernel-Power" AND EventID=41) OR (Source="Microsoft-Windows-Kernel-General" AND EventID=12)