This month's Patch Tuesday fixed a major vulnerability in the Windows Wi-Fi driver that allowed threat actors to install malware over the wireless Internet connectivity protocol.
The vulnerability is described as an improper input validation flaw that can result in remote code execution (RCE). It is tracked as CVE-2024-30078 and has a severity score of 8.8. Microsoft called it “important.”
The company further explained how the bug could be exploited in low-complexity attacks where hackers do not need prior access. All they need to do is be within Wi-Fi range of the vulnerable device in order to send a custom network packet. Nothing is required from the victim either, making this vulnerability particularly dangerous, especially for people who like to work from public spaces such as libraries, cafes, airports, and the like.
Almost 50 fixes
All common versions of the Windows operating system are vulnerable, including Windows 10, Windows 11, and Windows Server 2008 and later, but Microsoft said there is no evidence the bug has been abused in the wild and that exploitation is “unlikely.” . Illuminating with a spotlight like this usually attracts the attention of criminals.
Therefore, it is always important to apply the latest Patch Tuesday cumulative update.
In addition to the incorrect input validation flaw, Microsoft fixed 48 other bugs in Windows and different Windows components, Office and Office components, Azure Dynamic Business Central, and Visual Studio, Tom's Hardware reported. Among them is a vulnerability rated “critical” in Microsoft Message Queuing that allowed threat actors to execute malware with elevated privileges as unauthenticated users.
Every second Tuesday of a month, Microsoft releases a batch of updates for Windows and other products, with a major focus on security and stability. This batch is called Patch Tuesday and is possibly the most important update for Windows. From time to time, Microsoft also releases urgent fixes for high severity vulnerabilities that are known to be exploited in the wild.
Through Tom Hardware