Uninstall WSL
Purpose
This solution provides an option to uninstall WSL manually or using automation.
Associated Content
| Content | Type | Function |
|---|---|---|
| CVE-2025-24084 - WSL2 Uninstall | Script | This script uninstalls the Windows Subsystem Linux (WSL2) as it has a vulnerability. Refer to the article below for more details: |
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24084 | CVE Article | CVE‑2025‑24084 is a high‑severity (CVSS 3.1 score 8.4) untrusted pointer dereference vulnerability in the Windows Subsystem for Linux (WSL2) kernel that allows a local attacker to execute arbitrary code with elevated privileges. |
| WSL Detection | Remote Monitor | This remote monitor detects the Windows agent where the WSL command works. |
△ Custom - Execute Script - Uninstall WSL | Alert Template | This alert template is applied to the remote monitor WSL Detection to uninstall the WSL installed detected agents using Script - CVE-2025-24084 - WSL2 Uninstall |
Implementation
- Import the Script - CVE-2025-24084 - WSL2 Uninstall
- Create the remote Monitor - WSL Detection to the requested Windows group. Refer to the monitor documentation.
- Import the
Alert Template - △ Custom - Execute Script - Uninstall WSL - Apply the
Alert Template - △ Custom - Execute Script - Uninstall WSLto the remote monitor WSL Detection