CVE-2024-49073 is a vulnerability identified in the Windows Mobile Broadband Driver component of Microsoft Windows 10 Version 1809 (build 10.0.17763.0). The root cause is improper input validation (classified under CWE-20), which can lead to an elevation of privilege (EoP) attack. Specifically, this vulnerability allows an attacker with local access to the affected system to exploit the flaw without requiring any user interaction or prior authentication. The vulnerability impacts confidentiality, integrity, and availability of the system, as indicated by the CVSS vector (C:H/I:H/A:H). The attack vector is physical or local (AV:P), meaning the attacker must have local access to the machine, but the attack complexity is low (AC:L). No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability was reserved in October 2024 and published in December 2024, indicating recent discovery. The Windows Mobile Broadband Driver is responsible for managing mobile broadband connectivity, and a compromise here could allow an attacker to execute code with elevated privileges, potentially gaining full control over the system or bypassing security controls. Given the affected version is Windows 10 Version 1809, which is an older release, many organizations may have already migrated to newer versions, but legacy systems remain at risk.

For European organizations, this vulnerability poses a significant risk especially to those still operating legacy Windows 10 Version 1809 systems, which are common in industrial, governmental, and critical infrastructure environments where long-term support versions are maintained for stability. An attacker exploiting this vulnerability could gain elevated privileges locally, enabling them to install malware, exfiltrate sensitive data, or disrupt operations. The impact is heightened in sectors with strict data protection requirements such as finance, healthcare, and public administration. The compromise of confidentiality, integrity, and availability could lead to regulatory penalties under GDPR, operational downtime, and reputational damage. Since no user interaction or authentication is required, the attack could be executed by insiders or through physical access vectors, increasing the threat surface in environments with less stringent physical security controls.

Organizations should prioritize upgrading affected systems from Windows 10 Version 1809 to a supported and patched version of Windows 10 or Windows 11 to eliminate exposure to this vulnerability. In environments where immediate upgrade is not feasible, implementing strict physical access controls to prevent unauthorized local access is critical. Additionally, applying any forthcoming security patches from Microsoft as soon as they become available is essential. Network segmentation can limit lateral movement if a system is compromised. Employing endpoint detection and response (EDR) solutions to monitor for unusual privilege escalation attempts related to the Mobile Broadband Driver can provide early warning. Regular audits of installed Windows versions and driver versions should be conducted to identify and remediate vulnerable systems. Finally, disabling or restricting the use of mobile broadband drivers on systems where they are not required can reduce the attack surface.