CVE-2024-30074 is a high-severity heap-based buffer overflow vulnerability (CWE-122) affecting Microsoft Windows Server 2008 Service Pack 2, specifically version 6.0.6003.0. The vulnerability resides in the Windows Link Layer Topology Discovery (LLTD) Protocol, a network protocol used for network topology discovery and mapping. The flaw allows a remote attacker to execute arbitrary code on the affected system by sending specially crafted LLTD packets. The vulnerability is exploitable remotely (Attack Vector: Adjacent Network) without requiring privileges or authentication, but requires user interaction. Successful exploitation can lead to full compromise of the affected system, impacting confidentiality, integrity, and availability. The CVSS v3.1 base score is 8.0, indicating a high severity with partial user interaction required and no privileges needed. No public exploits are currently known in the wild, and no patches have been linked yet, which suggests organizations should prioritize mitigation and monitoring. The vulnerability was reserved in March 2024 and published in June 2024, indicating recent discovery and disclosure. Given the age of Windows Server 2008 SP2, many organizations may still run this legacy system, especially in environments with legacy applications or infrastructure dependencies.

For European organizations, this vulnerability poses a significant risk, particularly for those still operating legacy Windows Server 2008 SP2 systems. Exploitation could lead to remote code execution, enabling attackers to take full control of critical servers. This can result in data breaches, disruption of services, lateral movement within networks, and potential deployment of ransomware or other malware. Given the LLTD protocol's role in network topology discovery, exploitation could also facilitate network reconnaissance and further attacks. Industries such as finance, healthcare, manufacturing, and government agencies in Europe that rely on legacy infrastructure are at heightened risk. The impact is exacerbated by the lack of available patches and the potential difficulty in upgrading legacy systems promptly. Additionally, the requirement for user interaction may limit automated exploitation but does not eliminate risk, especially in environments where users may be tricked into interacting with malicious network traffic or crafted packets.

European organizations should immediately identify and inventory all Windows Server 2008 SP2 systems within their networks. Given the absence of official patches, mitigations should include disabling or restricting the LLTD protocol where feasible, especially on servers exposed to untrusted networks or adjacent network segments. Network segmentation and strict firewall rules should be implemented to limit LLTD traffic to trusted devices only. Monitoring network traffic for anomalous LLTD packets can help detect attempted exploitation. Organizations should also consider deploying host-based intrusion detection systems (HIDS) with signatures targeting this vulnerability. Where possible, plan and accelerate migration off Windows Server 2008 SP2 to supported Windows Server versions with active security updates. User education to avoid interacting with suspicious network prompts or dialogs related to network discovery may reduce exploitation likelihood. Finally, maintain up-to-date backups and incident response plans tailored to potential remote code execution incidents.