Microsoft has confirmed the existence of an alarming new WiFi vulnerability in the Windows WiFi driver, rated at 8.8 out of 10 in severity and affecting all versions of this system.
The vulnerability, assigned as CVE-2024-30078, does not require an attacker to have physical access to the targeted computer, although physical proximity is necessary. Exploiting this vulnerability could allow an unauthenticated attacker to gain remote access to the affected device, yours. Perhaps most worrying, however, is that this WiFi security flaw affects all versions of Microsoft’s Windows operating system.
A serious vulnerability confirmed by Microsoft
Microsoft confirmed that in the absence of special access requirements or mitigating circumstances, other than the proximity requirement, an attacker could have repeated successes against a target computer. Microsoft also warns that an attacker does not need any user authentication before exploiting this vulnerability, nor any access to settings or files on the victim’s machine before carrying out the attack. Additionally, the user of the targeted device does not need to interact at all: no links to click, no images to load, and no files to execute.
Hotels, cafes WiFi
Jason Kikta, chief information security officer at Automox, said that given its nature, “this vulnerability presents a significant risk in environments with high density of WiFi networks, including hotels or any other location where Many devices connect to WiFi networks.
“To protect against this vulnerability, according to Kikta, it is recommended to apply the latest patches as soon as possible by Microsoft. » See Windows Update in your Windows system.
Using a Virtual Private Network (VPN) is also strongly recommended for connecting to non-password protected WiFi wireless networks; like those in WiFi cafes.
A fix for this important security flaw has been released as part of the update Patch Tuesday from June 2024.
