close
close

A Windows Wi-Fi code execution bug allows an attacker to take over your devices

Posted on by darion

As part of the Tuesday June 2024 patch, Microsoft patched several security vulnerabilities, one of which was related to remote code execution in the Wi-Fi driver.

This vulnerability has been assigned to CVE-2024-30078 with a severity level of 8.8 (Tall).

However, Microsoft’s description of this vulnerability indicates that it does not require user interaction.

Microsoft has stated that there are no known exploits of this vulnerability in the wild. However, it is possible that it will easily attract cybercriminals.

Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot

Technical analysis

According to the advisory, the vulnerability requires the threat actor to be connected to the same network as the vulnerable device and be able to send and receive radio transmissions.

To exploit this vulnerability, an attacker must send a malicious network to the affected Wi-Fi card, which will execute remote code on the computer.

Moreover, the threat actor does not require authentication, which makes it extremely easy to exploit. Wei reported this vulnerability to Kunlun Lab via Cyber ​​KunLun.

Exploitation of this vulnerability does not require any special conditions or circumstances. However, this vulnerability affects the following Microsoft products.

  • Windows Server 2012 R2 (Server Core installation)
  • Windows Server 2012 R2
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012
  • Windows Server 2008 R2 for x64 with Service Pack 1 (Server Core installation)
  • Windows Server 2008 R2 for x64-based systems with Service Pack 1
  • Windows Server 2008 for x64 Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x64 with Service Pack 2
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core Install)
  • Windows Server 2008 for 32-bit Systems with Service Pack 2
  • Windows Server 2016 (Server Core installation)
  • Windows Server 2016
  • Windows 10 version 1607 for x64-based systems
  • Windows 10 version 1607 for 32-bit systems
  • Windows 10 for x64-based systems
  • Windows 10 for 32-bit systems
  • Windows Server 2022, edition 23H2 (Server Core installation)
  • Windows 11 version 23H2 for x64-based systems
  • Windows 11 version 23H2 for ARM64-based systems
  • Windows 10 version 22H2 for 32-bit systems
  • Windows 10 version 22H2 for ARM64-based systems
  • Windows 10 version 22H2 for x64-based systems
  • Windows 11 version 22H2 for x64-based systems
  • Windows 11 version 22H2 for ARM64-based systems
  • Windows 10 version 21H2 for x64-based systems
  • Windows 10 version 21H2 for ARM64-based systems
  • Windows 10 version 21H2 for 32-bit systems
  • Windows 11 version 21H2 for ARM64-based systems
  • Windows 11 version 21H2 for x64-based systems
  • Windows Server 2022 (Server Core installation)

Microsoft also reported that there is no publicly available exploit for this vulnerability. Nevertheless, functional reproduction is possible and source code is available to enable independent verification of research claims.

How to update and fix this vulnerability?

To update Windows, go to Start Menu → Settings → Update & Security → Check for Updates.

If your Windows system has not yet reached end of life, you will receive updates including a patch for this Wi-Fidriver vulnerability. Installing the update will fix this security vulnerability on your computer.

Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free