Microsoft recently plugged a security hole in the Windows Wi-Fi driver. This exploit would have allowed attackers to run malicious code on vulnerable systems over Wi-Fi. The vulnerability affects all modern versions of Windows and Windows Server, and the attacker doesn’t need to have had prior access to the target computer.
While Microsoft acknowledges there were no known active exploits of the security hole, the weakness is described as having a low attack complexity. It’s described in CVE-2024-30078 with a maximum severity of “Important.” An attacker need only be within Wi-Fi range of the computer to send a specially crafted network packet to the target PC and exploit the vulnerability.
The Wi-Fi attack bypasses all authentication protocols, does not require prior access rights, and requires no user interaction at all. Because of this, in theory, an attacker could slip malware to Windows users logging into public Wi-Fi networks completely undetected. Such hotspots are common at hotels, airports, and in cafes.
Microsoft considers exploitation of the vulnerability “less likely,” but these announcements often bring bad actors out of the woodwork. The ease with which someone could take advantage of the exploit is also troublesome. The weakness, categorized as an Improper Input Validation security vulnerability, exists on all common versions of Windows.
This includes unpatched versions of Windows 10 and Windows 11. It also includes all Windows Server versions from 2008 on. The patch eliminating the security vulnerability was released on June 11. The same patch addresses 49 CVEs in Windows and Windows components, Office and Office components, Azure Dynamic Business Central, and Visual Studio.
Only one of the patched security holes was rated as Critical, a vulnerability in Microsoft Message Queuing that allowed remote, unauthenticated attackers to run malicious code with elevated privileges. The rest, including the aforementioned Wi-Fi driver security hole, were rated as Severity: Important. None are known to be actively exploited.
Patch Tuesday for June is an important one, so get those updates installed, friends and neighbors.
