Remote code execution on Windows Wi-Fi driver

CVE-2024-30078 is a Windows Wi-Fi driver vulnerability with low exploit complexity that enables distant code execution

Final June 11, Microsoft made public in its «Patch Tuesdays» a high-impact vulnerability affecting the Windows Wi-Fi driver, which leads to distant code execution. Exploitation doesn't require authentication and is carried out by sending a specifically crafted community packet with out the necessity for interplay from the sufferer, which means low exploitation complexity, thus rising the chance of the vulnerability.

This safety incident has been identified as CVE-2024-30078, alerting the digital safety neighborhood to the urgency of mitigating this risk. Some malicious actors are already promoting a supposed exploit for $5000 USD. This is the reason a extremely lively exploitation is predicted in a brief time frame.

Fundamental options of CVE-2024-30078

The principle traits of this vulnerability are detailed beneath: 

• CVE Identifier: CVE-2024-30078
• CVSS Rating: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (8.8 Excessive) 
• Launch date: 11/06/2024
• Affected software program:  Windows Wi-Fi driver
• Exploitation Necessities: Bodily proximity to the sufferer, particularly inside Wi-Fi community vary.

Affected Variations

Mitigation of CVE-2024-30078

The principle resolution is to urgently upgrade the Windows model to the brand new variations out there that right this vulnerability, as indicated within the desk above.

Vulnerability detection

The presence of the vulnerability might be recognized by the Windows model.

As a part of its rising vulnerabilities service, Tarlogic proactively displays the perimeter of its purchasers to report, detect, and urgently notify of the presence of this vulnerability, in addition to different essential threats that would have a severe influence on the safety of their belongings.