On June 11, 2024 Microsoft released it’s weekly patches as usual on what people call patch Tuesday. However, one particular patch has brought a serious security flaw to light.
So what is this vulnerability and what is it’s impact?
An unauthenticated attacker, with no privileges who is within WiFi range of your unpatched Windows computer can connect to your computer and can remotely execute code (RCE vulnerability) . He can remotely install and execute malicious code (malware) on your computer.
This is caused due to a flaw in the way the Windows Operating System kernel and the WiFi driver communicate. Microsoft says the weakness that caused it is Improper Input Validation.
So what that means is that an attacker who is within 35 to 200 metres of your computer could connect, install malware and take full control of your PC without your needing to do anything.
Understanding CVE and CVSS
CVE stands for Common Vulnerabilities and Exposures, a system used to catalog and standardize information about known cybersecurity vulnerabilities. Each CVE entry, such as CVE-2024-30078, is assigned a unique identifier, making it easier for security professionals to communicate and address the issue.
CVSS stands for Common Vulnerability Scoring System. It is a standardized framework for rating the severity of security vulnerabilities in software. The CVSS score helps organizations prioritize and manage their responses to vulnerabilities based on the potential impact and exploitability of the flaw. Based on these criteria, the CVSS can be calculated. CVSS values range from 0 to 10.
Understanding the Severity of the issue
According to this release, the recently identified WiFi driver vulnerability CVE-2024-30078 is rated with a CVSS score of 8.8/10 which makes it a High severity vulnerability.
The only reason it is not scored as a 10.0 or Critical vulnerability is because it requires an attacker to be physically located within Wi-Fi or Bluetooth range of your computer.
The attack complexity is low which means next to anyone can perform this attack without any sort of authentication and the impact is very high. This is what makes it a very serious issue.
The most concerning fact to me is that there is no user interaction required. This means that the victim does not need to do anything in order to be attacked: there is no link to click, no image to load, and no file to execute.
Which Windows OS versions are affected?
This issue affects all supported Windows editions which means includes Windows 11, Windows 10, Windows Server 2022, 2019, 2016, 2012 and 2008. This could mean that this issue has existed for several years, maybe even back in Windows 7 or before that!
What can I do to protect my PC?
- If you have not enabled Automatic Updates on your Windows Machine, you should do it right away!
- Install your Microsoft updates regularly, as well as your firmware updates from your PC manufacturer.
- If you are still using an older unsupported Windows OS such as Windows 7, please upgrade today.
By keeping your software updated, using reliable antivirus software, and being cautious online, you can significantly reduce the risk of falling victim to such vulnerabilities. Stay informed, stay protected, and keep your digital world secure.
References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30078
