Microsoft recently patched a security hole in the Windows Wi-Fi driver that could have allowed attackers to execute malicious code on vulnerable systems over Wi-Fi. The vulnerability impacts all modern versions of Windows and Windows Server, and does not require prior access to the target computer.
While there have been no known active exploits of the security hole, the exploit is considered to have a low attack complexity. It is identified as CVE-2024-30078 with a severity level of “Important.” Attackers only need to be within Wi-Fi range of the target computer to send a specially crafted network packet and exploit the vulnerability.
Although Microsoft believes that exploitation of the vulnerability is “less likely,” the announcement may attract malicious actors. The ease of exploiting the vulnerability is concerning, as it is categorized as an Improper Input Validation security flaw present in all common versions of Windows, including unpatched versions of Windows 10 and Windows 11, as well as Windows Server versions from 2008 onwards.
Patch Released Amid Broader Security Update
The patch to fix the security vulnerability was released on June 11 as part of a larger update addressing 49 CVEs in various Microsoft products, including Windows, Office, Azure Dynamic Business Central, and Visual Studio. Among the patched vulnerabilities, only one was rated as Critical, involving a vulnerability in Microsoft Message Queuing that could allow remote, unauthenticated attackers to run malicious code with elevated privileges. The rest, including the Wi-Fi driver security hole, were rated as “Important” and are not known to be actively exploited.
As Patch Tuesday for June brings significant updates, it is crucial for users to install the necessary patches to secure their systems against potential threats.