A Windows Wi-Fi Vulnerability That Could Allow Hackers To Take Over Your PC Remotely

Microsoft has recently confirmed the existence of CVE-2024-30078, which is a new Wi-Fi takeover attack that could allow malicious users to inject malware onto a Windows PC or laptop remotely. This vulnerability wasn’t originally publicly disclosed, and is now patched with an up-to-date Windows install, but the incident highlights the necessity of installing critical security patches in a timely manner.

What is CVE-2024-30078?

Microsoft has confirmed the existence of a scary new vulnerability

CVE-2024-30078 is a newly confirmed vulnerability in the Windows Wi-Fi driver that allows an attacker to execute arbitrary code remotely on a target system. This means that an attacker could install malware or run other malicious code over Wi-Fi without a user even being aware. Microsoft confirmed the existence of the vulnerability in a Security Update, additionally confirming that the vulnerability requires no special privileges or prior access to be exploited. This vulnerability is included in Windows’ common Wi-Fi driver code, so it affects all Windows 11 users.

An unauthenticated attacker could send a malicious networking packet to an adjacent system that is employing a Wi-Fi networking adapter, which could enable remote code execution.

This is essentially a zero-click attack, as no interaction is required from the user for a target machine to be exploited. A malicious actor can target a specific machine with a specially crafted packet, which will enable the execution of remote code on the target machine. The vulnerability was assigned a severity score of 8.8. The exploit does require an attacker to be connected to the same network as a target PC, but does not require any other prior access. The vulnerability is also present on Windows on ARM laptops.

Exploiting this vulnerability requires an attacker to be within proximity of the target system to send and receive radio transmissions.

What is a CVE?

CVEs, or Common Vulnerabilities and Exposures, are a maintained list of vulnerabilities and exploits in computer systems. These exploits can affect anything, from phones to PCs to servers or software. CVEs themselves don’t provide detail on impact, implementation, or other effects of a vulnerability, and instead focus on the goal of providing developers with a unique way of referencing and referring to unique exploits. Once a vulnerability is made public, it’s given a name in the format CVE-–.

Other databases contain more information on fixes and exploits, like the National Vulnerability Database (NVD). There are also scoring systems for CVEs, like the CVSS (Common Vulnerability Scoring System), which assigns a score based on a series of categories, such as how easy the vulnerability is to exploit, whether any prior access or authentication is required, as well as the impact the exploit could have.

Is my computer at risk?

You should update your Windows installation immediately

If you’ve not yet updated your Windows to the latest version, you should do so immediately. This exploit was likely a responsible disclosure to Microsoft, either from an internal security team or from a third party. It’s common for responsible disclosures of this nature to be patched, and some details released, before the full details are confirmed. This gives the public time to update their machines before the exact details are known.

Microsoft’s disclosure states that they do not believe that the vulnerability has yet been maliciously exploited by anyone, but this is not a sure guarantee. However, simply the knowledge that a driver-level remote code execution vulnerability exists in Windows immediately paints a lucrative target for malicious groups, and many groups online are likely attempting to reverse engineer this vulnerability right now. It’s also possible that threat actors unknown to Microsoft have exploited this vulnerability previously, with Microsoft simply unaware of it.

How was this vulnerability introduced?

As the exact exploit is still not publicly released, it’s impossible to say when or how this exploit was introduced. We know it affects all currently supported versions of Windows, but it’s unclear whether old versions of Windows have the same flaw.

What would happen if my PC was compromised?

The specifics of what would happen to your PC if compromised are dependent on the threat actor who’s exploited your machine. However, it’s likely they could use this vulnerability as a launchpad to gain privileged access to your entire machine. This might then mean installing malware, joining a botnet, or being held to ransomware demands.

How can I protect myself in the future?

While these kinds of vulnerabilities are very rare, they do happen, and it’s important to protect yourself in the future. In this case, the best way to do this would be to ensure that you’re keeping your device up to date. Take some time and double-check that automatic software updates are enabled on your PC. While Windows Update is notoriously terrible and has the worst timing, it does deliver essential security patches regularly.

Keep up with those updates!

We’ve discussed before why looking after your personal cybersecurity is so important, and how the consequences of a serious breach can be significant. This is another example of a situation where, while perhaps all risk wouldn’t have been mitigated by updates, a significant risk could have been averted. It’s worth familiarizing yourself with a few simple steps you can take to improve your security on both your phone and PC.

Related