Microsoft has confirmed the existence of a worrying new WiFi vulnerability in the WiFi driver for Windows, which is rated at 8.8 out of 10 in severity and affects all versions of this system.
The vulnerability, which is attributed to CVE-2024-30078, does not require the attacker to have physical access to the target computer, although physical proximity is necessary. Exploiting this vulnerability could allow an unauthenticated attacker to gain remote access to your affected device. Perhaps even more worrying is that this WiFi security flaw affects all versions of Microsoft's Windows operating system.
A serious security vulnerability confirmed by Microsoft
Microsoft emphasized that in the absence of special access requirements or extenuating circumstances, other than proximity requirements, an attacker can have repeated successes against the targeted computer. Microsoft also warns that the attacker does not need any user authentication before exploiting this vulnerability, nor does he need any access to settings or files on the victim's device before carrying out the attack. In addition, the user of the target device does not need to interact at all: no links to click, no images to download, and no files to execute.
Hotels and cafes wifi
Due to its nature, “this vulnerability poses a significant risk in environments with high WiFi density, including hotels or any other location where many devices are connected to WiFi networks,” said Jason Kikta, chief information security officer at Automox.
“To protect against this vulnerability, according to Kikta, it is recommended that the latest patches be applied as soon as possible by Microsoft. »See Windows Update on your Windows system.
It is also highly recommended to use a Virtual Private Network (VPN) to connect to wireless WiFi networks that are not password protected; Like those found in Wi-Fi cafes.
A fix for this important security flaw has been released as part of the update Patch Tuesday From June 2024.
