CVE-2024-30078: Windows Wi-Fi Driver Remote Code Execution
Celia Catalán.jpg)
On June 11, Microsoft published in its patch news a high-impact vulnerability affecting the Windows Wi-Fi driver, which consisted of remote code execution (RCE).
Vulnerability Exploitation
This vulnerability can be exploited by an attacker within the Wi-Fi range of a vulnerable device, allowing them to send specially crafted packets to the device without needing to be authenticated and without requiring user interaction. If successfully exploited, this could allow the attacker to execute arbitrary code, which could lead to a complete system compromise.
In detail
An attacker can exploit the Windows Wi-Fi driver vulnerability by crafting a Wi-Fi access point configured with a malicious SSID. When the victim's computer scans Wi-Fi networks and finds the attacker's SSID, the code is executed remotely on the victim's system.
The scope of the attack may include unauthorized access to the victim's system, which could result in data theft, ransomware installation, or other malicious actions.
The root cause of the vulnerability is improper input validation in the Wi-Fi driver. This flaw allows an attacker to manipulate input and overflow a buffer, which can be exploited to execute malicious code remotely.
Attack requirements and affected versions
Currently there is no published exploit that allows testing the weakness, however, in order to exploit it there are some requirements and characteristics:
- It is necessary to be close to the controller's network, specifically within the Wi-Fi network range.
- The exploitation is carried out without the need to be authenticated.
The vulnerability has been cataloged with the identifier CVE-2024-30078 and has a score of 8.8 according to CVSS 3.1 metrics.
The systems affected by this vulnerability are the following:
- Windows 10 (Versiones 1507, 1607, 1809, 21h2, 22h2)
- Windows 11 (Versiones 21h2, 22h2, 22h3, 23h2)
- Windows Server (2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, including Server Core installations)
Vulnerability detection and mitigation
To detect this vulnerability it is necessary to review the current version of the system.
To mitigate this vulnerability the main aspect to address is:
- Enable automatic updates, trying to have the most recent version available.
- Avoid connecting to public networks.
