Saturday, June 15, 2024

New Windows WiFi RCE vulnerability

Full Disclosure: I am just posthing this because of the meme. It sure beats the usual "hacker (because wearing hoodie) in a dark room with computers" picture that is so common in these posts. Yes, I am looking at you Tom's Hardware.

A "Remote Command Execution" (RCE) vulnerability just means that someone can send remote commands to something whose software have this vulnerability. A classic case of a RCE Vulnerability that was exploited is the log4j one (hello 2021!). These commands can be something like uploading malicious code to the computer or application which can be unleashed in the computer running this application. On June 12th, Microsoft's Patch Tuesday to address 49 CVE-tagged security flaws. Amongst them there was a patch for CVE-2024-30078, which deals with the WiFi RCE Vulnerability that is the topic of this post.

The main difference here is that this vulnerability is on the (Windows) drivers for a network card. The beauty about such attack is the attacker does not need the help from the user (as in phishing) to get the malware into the computer. In fact, chances are unless the code is patched, there may not be much stopping such an attack; all they need it to send a malicious networking packet to enable the remote code execution, which would then be followed with them uploading their own code to start exploring their new acquisition.

To add insult to injury, the attackers may not even need to be in the same network; all they have to be is within the range of the vulnerable computer. Witht he right equipment, "within range" can be measured in feet or even miles.

Homer Simpson: No exploit code is available so far

Microsoft, who issued a patch for that, stated that there are no reported malware exploiting this vulnerability and that "Exploitation Less Likely" while the Cyber Security Agency of Singapore thinks it is a high-severity vulnerability and everyone using the Windows versions affected by this (pretty much everything remotely recent) should "update to the latest versions immediately". I do not know about you, but I would side with the Singapore agency on this one.


Have Windows computer? Patch it. Immediately