Tech
New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now
Microsoft has confirmed a new and quite alarming Wi-Fi vulnerability in Windows, which has been rated 8.8 out of 10 in terms of severity using the Common Vulnerability Scoring System. The vulnerability, assigned as CVE-2024-30078, does not require an attacker to have physical access to the targeted computer, although physical proximity is needed. Exploiting this vulnerability can allow an unauthenticated attacker to gain remote code execution on the impacted device. What’s perhaps most concerning, though, is that this Wi-Fi driver security flaw affects all supported versions of the Windows operating system.
CVE-2024-30078 Can Be Exploited Without Any User Interaction
Microsoft has confirmed that with no special access conditions or extenuating circumstances needed, apart from the proximity requirement, an attacker could “expect repeatable success against the vulnerable component.” Microsoft also warns that an attacker requires no authentication as a user before exploiting this vulnerability, nor any access to settings or files on the victim’s machine before carrying out the attack. Furthermore, the user of the targeted device does not need to interact at all: there is no link to click, no image to load, and no file to execute.
Jason Kikta, chief information security officer at Automox, said that, given its nature, “this vulnerability poses a significant risk in endpoint-dense environments including hotels, trade shows, or anywhere else numerous devices connect to WiFi networks.” In these kinds of environments, it would be all too easy for an attacker to target users without raising any red flags. “To protect against this vulnerability,” Kikta said, “it’s recommended that you apply the latest patches as soon as possible.”
This Is An Immediate Patch Priority, Security Expert Says
Assuming, that is, you are using a version of Windows that still receives security updates. Anyone using an end-of-life version of Windows without an extended service contract is recommended to update to a supported version as soon as possible by Kikta. “If patching immediately isn’t feasible, consider using network-level protections such as firewalls and intrusion detection systems to monitor and block suspicious activity,” Kikta said, adding “the risk of running outdated software cannot be overstated.”
In case you need any further incentive to get patching as soon as possible, this close access vector threat “potentially bypasses network-based detections and mitigations,” according to Kikta. “It circumvents most threat modeling, so this is an immediate patch priority for me.” Most security experts agree that publicly available exploitation tools will be available before long, so the window of opportunity to patch before the attacks start is getting smaller all the time.
A fix for this important security vulnerability has been issued as part of the June 2024 Patch Tuesday update.