CVE 2024 3094 Internet Facing Devices
Query
// Define CVE-2024-3094 as CVEID
let xzcvedevices = DeviceTvmSoftwareVulnerabilities
| where CveId == "CVE-2024-3094"
| project DeviceId;
xzcvedevices
| join (DeviceInfo
| where IsInternetFacing == "1" // 1 for internet facing devices, 0 for non-internet facing devices
| project DeviceId, DeviceName, OSBuild, OSVersion, OSDistribution, OSVersionInfo
) on DeviceIdAbout this query
CVE-2024-3094 Internet Facing Devices
Description
Following recently surfaced news about CVE-2024-3094 vulnerability, the following query can help hunt devices identified with the relevant CVE and are internet facing.
References
- https://nvd.nist.gov/vuln/detail/CVE-2024-3094
- https://github.com/advisories/GHSA-rxwq-x6h5-x525
- https://www.cisa.gov/news-events/alerts/2024/03/29/reported-supply-chain-compromise-affecting-xz-utils-data-compression-library-cve-2024-3094
Microsoft Defender XDR & Microsoft Sentinel
Source
- Microsoft Defender for Endpoint
- Microsoft Defender for Cloud
Versioning
| Version | Date | Comments |
|---|---|---|
| 1.0 | 30/04/2024 | Initial publish |
Explanation
This query looks for devices that are vulnerable to CVE-2024-3094 and are internet facing. It retrieves information about these devices such as DeviceName, OSBuild, OSVersion, OSDistribution, and OSVersionInfo.
Details

Michalis Michalos
Released: March 30, 2024
Tables
DeviceTvmSoftwareVulnerabilitiesDeviceInfo
Keywords
CveIdDeviceTvmSoftwareVulnerabilitiesDeviceIdDeviceInfoIsInternetFacingDeviceNameOSBuildOSVersionOSDistributionOSVersionInfo
Operators
whereprojectjoinon==|&&