CVE-2024-49087 is a medium-severity vulnerability identified in Microsoft Windows 10 Version 1809, specifically affecting the Mobile Broadband Driver component. The vulnerability is classified under CWE-20, which pertains to improper input validation. This flaw allows an attacker with physical access to the system (as indicated by the CVSS vector AV:P - Physical) to cause an information disclosure without requiring any privileges or user interaction. The vulnerability arises because the Mobile Broadband Driver does not properly validate input data, potentially allowing sensitive information to be leaked from the system. The CVSS score of 4.6 reflects a moderate impact primarily on confidentiality, with no impact on integrity or availability. The vulnerability does not require authentication or user interaction, but the attacker must have physical access to the affected device. No known exploits are currently reported in the wild, and no official patches have been linked yet. The vulnerability affects Windows 10 Version 1809 (build 10.0.17763.0), which is an older but still in-use version of Windows 10, particularly in enterprise environments where long-term servicing branches are maintained. The improper input validation could allow attackers to extract sensitive driver or system information, which could be leveraged for further attacks or reconnaissance.

For European organizations, the impact of CVE-2024-49087 is primarily related to confidentiality breaches on devices running Windows 10 Version 1809 with Mobile Broadband Drivers enabled. Since the attack vector requires physical access, the risk is higher in environments where devices are used in less controlled physical settings, such as field operations, mobile workforce, or shared workstations. Information disclosure could lead to leakage of sensitive system or network configuration details, potentially aiding attackers in crafting more targeted attacks. Organizations in sectors with high data sensitivity, such as finance, healthcare, and government, could face compliance and reputational risks if sensitive data is exposed. However, the lack of impact on integrity and availability limits the immediate operational disruption. The medium severity suggests that while the vulnerability should be addressed promptly, it is not an urgent critical risk unless combined with other vulnerabilities or threat vectors.

To mitigate CVE-2024-49087, European organizations should: 1) Identify and inventory all devices running Windows 10 Version 1809, especially those with Mobile Broadband Drivers installed and active. 2) Restrict physical access to these devices through enhanced physical security controls such as locked rooms, secure storage, and access logging. 3) Monitor for updates from Microsoft and apply patches promptly once available, as no official patch links are currently provided. 4) Consider upgrading affected systems to newer Windows 10 versions or Windows 11, where this vulnerability is not present or has been addressed. 5) Implement endpoint security solutions that can detect unusual driver or system information access patterns. 6) Educate staff on the risks of leaving devices unattended in unsecured locations to reduce the risk of physical exploitation. 7) Use device encryption and secure boot features to limit the ability of attackers to extract sensitive information even with physical access.