Windows Bluetooth Service Exploit PoC Published - 20240626002

Overview

A Proof-of-Concept (PoC) exploit code for vulnerability in the Bluetooth Low Energy library in Windows has been published. This integer overflow vulnerability allows attackers to execute arbitrary code without requiring authentication.

What is vulnerable?

Product(s) Affected	CVE	Severity	CVSS
Windows 10 20H2 to 22H2, Windows 11 21H2 to 22H2 and Windows Server 2022	CVE-2023-24871	High	8.8

What has been observed?

There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.

Recommendation

The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of 48 hours (refer Patch Management):

• https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24871

At the time of publishing, Microsoft only addresses the Remote Code Execution aspect but not the Local Privilege Escalation aspect. Therefore, it is recommended that administrators also take necessary actions to prevent Local Privilege Escalation

Additional References

• Cybersecurity News: https://securityonline.info/researcher-unveils-poc-for-windows-bluetooth-service-rce-vulnerability/
• CrowdStrike: https://www.crowdstrike.com/cybersecurity-101/privilege-escalation