A new vulnerability has recently been identified in the Windows operating system, which affects WiFi connections and could theoretically allow third-party access to the system.
mistake CVE-2024-30078Its impact, rated as “Important,” was recently discovered to affect Wi-Fi drivers in both Windows 10 and Windows 11. This flaw, if exploited, could allow attackers to send malicious code to the system, which would not Necessary for prior access to the system.
According to Microsoft, the flaw has not been actively exploited and is classified as low complexity. Essentially, attackers would simply need to send a specially crafted exploit packet to the system on the WiFi network, potentially allowing access.
This flaw bypassed any form of network protocol authentication, nor did it require the attackers to gain early access to the system, or even carry out the interaction by the victim. All that will be sufficient is for the system to be connected to the same wireless network as the attacker.
In theory, this could affect systems that communicate over public wireless networks, which share the same network between all systems. However, Microsoft explains that the potential for exploitation is relatively less practical than it seems.
This is because the flaw can only be exploited under specific circumstances, as both the victim and the attacker must be on the same wireless network and have a way to directly communicate with each other. Furthermore, Microsoft states that the flaw was unknown and, therefore, could not be actively exploited.
However, now that it has become public knowledge, it may begin to be actively used as a form of attempted attack. Microsoft has already provided a fix for this flaw through its latest patch on Tuesday, which should already be made available to most users – installing it is definitely recommended, whether to patch this flaw or other important flaws in the system.