Microsoft has confirmed that a vulnerability has been discovered in Windows’ Wi-Fi application with a threat rating of 8.8 out of 10 (high). A potential attacker does not need to have direct access to the victim’s computer or take any particularly proximate action on the part of the victim to exploit CVE-2024-30078.

Exploitation of the vulnerability allows an unauthenticated attacker to remotely execute code on the victim’s machine; The security-related bug in the Wi-Fi driver affects all supported versions of Windows. Even if there are no special access conditions, a potential hacker can try “repeatable success against vulnerable components”, reported at Microsoft. Neither authentication nor access to settings and files on the victim’s computer is required before the attack. There is also no need for the user of the target device to take any action: there is no need to click on any links, open images or launch executables.

The vulnerability poses a particular threat in environments with high concentrations of client devices, including hotels, trade shows, or other locations with large numbers of Wi-Fi connections; Experts say that in such environments, a cybercriminal can easily attack users without making much noise. It is recommended to install the latest Windows updates for protection; Users of unsupported versions of the system who are unable to modify the system should consider using additional security measures such as network-level firewalls and intrusion detection systems. Experts also agree that the vulnerability will be publicly exploited in the near future.