Query Details

CVE 2024 3094 Internet Facing Devices

Query

// Define CVE-2024-3094 as CVEID
let xzcvedevices = DeviceTvmSoftwareVulnerabilities
| where CveId == "CVE-2024-3094"
| project DeviceId;
xzcvedevices
| join (DeviceInfo
| where IsInternetFacing == "1" // 1 for internet facing devices, 0 for non-internet facing devices
| project DeviceId, DeviceName, OSBuild, OSVersion, OSDistribution, OSVersionInfo
) on DeviceId

About this query

CVE-2024-3094 Internet Facing Devices

Description

Following recently surfaced news about CVE-2024-3094 vulnerability, the following query can help hunt devices identified with the relevant CVE and are internet facing.

References

Microsoft Defender XDR & Microsoft Sentinel

Source

  • Microsoft Defender for Endpoint
  • Microsoft Defender for Cloud

Versioning

VersionDateComments
1.030/04/2024Initial publish

Explanation

This query looks for devices that are vulnerable to CVE-2024-3094 and are internet facing. It retrieves information about these devices such as DeviceName, OSBuild, OSVersion, OSDistribution, and OSVersionInfo.

Details

Michalis Michalos profile picture

Michalis Michalos

Released: March 30, 2024

Tables

DeviceTvmSoftwareVulnerabilitiesDeviceInfo

Keywords

CveIdDeviceTvmSoftwareVulnerabilitiesDeviceIdDeviceInfoIsInternetFacingDeviceNameOSBuildOSVersionOSDistributionOSVersionInfo

Operators

whereprojectjoinon==|&&

Actions

GitHub