cve_2024_21338_kernel

#!/usr/bin/env python3
# -*- coding: utf-8 -*-
# Filename: cve_2024_21338_kernel.py
# Version: 1.0.0
# Author: Jeoi Reqi
# Vulnerability Source: https://nvd.nist.gov/vuln/detail/CVE-2024-21338

"""
Description:
This script checks for the presence of vulnerable configurations related to the CVE-2024-21338 vulnerability
on the user's machine. It retrieves a list of installed software using the WMI module and compares it with
a predefined list of vulnerable Windows Kernel configurations associated with the CVE. If any vulnerable configurations
are found, it displays a warning message to prompt the user to take immediate action to mitigate the vulnerability.

Requirements:
- Python 3.x: The script is written in Python 3 and requires a Python interpreter of version 3 or higher to run.
- WMI Module: The script uses the WMI module to interact with the Windows Management Instrumentation (WMI) API
  to retrieve a list of installed software on a Windows system. Ensure that the WMI module is installed.
  You can install it using pip: `pip install WMI`.

Usage:
1. Ensure Python 3.x is installed on your system.
2. Install the WMI module by running `pip install WMI`.
3. Run the script using the command `python cve_2024_21338_kernel.py`.
4. The script will verify if any vulnerable Windows Kernel configurations are installed on your machine
   and provide instructions for mitigation if necessary.

Functions:
- get_installed_software(): Retrieves a list of installed software on the user's machine using the WMI module.
- check_for_vulnerabilities(): Compares the list of installed software with a predefined list of vulnerable
  Windows Kernel configurations and displays a warning message if any vulnerable configurations are found.

Important Notes:
- The predefined list of vulnerable Windows Kernel configurations in this script corresponds to the CVE-2024-21338 vulnerability.
"""

import wmi

def get_installed_software():
    """
    Retrieves a list of installed software on the user's machine using the WMI module.

    Returns:
        list: A list containing the names of installed software.
    """
    c = wmi.WMI()
    installed_software = []
    for item in c.Win32_Product():
        installed_software.append(item.Caption)
    return installed_software

def check_for_vulnerabilities():
    """
    Compares the list of installed software with a predefined list of vulnerable Windows Kernel configurations
    and displays a warning message if any vulnerable configurations are found.
    """
    installed_software = get_installed_software()
    vulnerable_kernel_versions = [
        "Microsoft Windows 10 1809 up to (excluding) 10.0.17763.5458",
        "Microsoft Windows 10 21H2 up to (excluding) 10.0.19044.4046",
        "Microsoft Windows 10 22H2 up to (excluding) 10.0.19045.4046",
        "Microsoft Windows 11 21H2 up to (excluding) 10.0.22000.2777",
        "Microsoft Windows 11 22H2 up to (excluding) 10.0.22621.3155",
        "Microsoft Windows 11 23H2 up to (excluding) 10.0.22631.3155",
        "Microsoft Windows Server 2019 up to (excluding) 10.0.17763.5458",
        "Microsoft Windows Server 2022 up to (excluding) 10.0.20348.2322",
        "Microsoft Windows Server 2022 23H2 up to (including) 10.0.25398.709"
    ]
    vulnerable_installed = [software for software in installed_software if software in vulnerable_kernel_versions]
    if vulnerable_installed:
        print("\nWarning:\nThe following vulnerable Windows Kernel configurations are installed on your machine:")
        for software in vulnerable_installed:
            print("- " + software)
        print("\nPlease take immediate action to mitigate the vulnerability by applying updates per vendor instructions or discontinuing use of the product if mitigations are unavailable.\n")
    else:
        print("\nAll clear!\nNone of the vulnerable Windows Kernel configurations are installed on your machine.\n")

if __name__ == "__main__":
    print("Verifying vulnerable Windows Kernel configurations...")
    check_for_vulnerabilities()