New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now
Microsoft has confirmed a new and quite alarming Wi-Fi vulnerability in Windows, which has been rated 8.8 out of 10 in terms of severity using the Common Vulnerability Scoring System.
The vulnerability, assigned as CVE-2024-30078, does not require an attacker to have physical access to the targeted computer, although physical proximity is needed. Exploiting this vulnerability can allow an unauthenticated attacker to gain remote code execution on the impacted device. What’s perhaps most concerning, though, is that this Wi-Fi driver security flaw affects all supported versions of the Windows operating system.
Microsoft has confirmed that with no special access conditions or extenuating circumstances needed, apart from the proximity requirement, an attacker could “expect repeatable success against the vulnerable component.” Microsoft also warns that an attacker requires no authentication as a user before exploiting this vulnerability, nor any access to settings or files on the victim’s machine before carrying out the attack. Furthermore, the user of the targeted device does not need to interact at all: there is no link to click, no image to load, and no file to execute.
Updates for Windows used to be elective, in terms of timing. You could skip components if you want to.
Now they are automatic and you can only evade them by requesting a temporary timeout.
If an update happens to disrupt the functionality of certain third party apps, tough. The third party will have to find a solution.