Critical remote code execution vulnerability discovered in Microsoft Windows Wi-Fi drivers

Microsoft released a security patch in June 2024 addressing this vulnerability

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A new critical cybersecurity threat has been discovered byCYFIRMA Research, involving a severe remote code execution (RCE) vulnerability identified asCVE-2024-30078.

This flaw affects the Wi-Fi drivers in multiple versions ofMicrosoftWindows, posing a potential risk to over 1.6 billion active devices worldwide.

The vulnerability could allow malicious actors within theWi-Fi rangeto execute unauthorized code on affected systems.

How the exploit works

CVE-2024-30078 affects multiple versions of the Microsoft Windowsoperating system, includingWindows 10,Windows 11, and several versions of Windows Server. The flaw resides in the Dot11Translate80211ToEthernetNdisPacket() function within the native Wi-Fi driver (nwifi.sys).

The exploitation of CVE-2024-30078 has been reported in the wild in the United States, China, and parts of Europe. It poses significant risks to industries heavily reliant on Wi-Fi and extensive Windows deployments, including healthcare, finance, manufacturing, government, and technology.

It has been classified as having low attack complexity, meaning it does not require sophisticated techniques or user interaction to be exploited. Instead, attackers can send specially crafted network packets to devices within their Wi-Fi range to gain unauthorized access.

This vulnerability involves a flaw in the Link Layer Control (LLC) component of the network stack. This flaw is related to how packet lengths are handled when Virtual LAN (VLAN) is used. The vulnerability arises from a discrepancy in packet size expectations, leading to an out-of-bounds read and a 2-byte write vulnerability.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Attackers can manipulate this vulnerability by crafting specific network data packets that interact with the Dot11Translate80211ToEthernetNdisPacket() function. By exploiting this flaw, attackers can overwrite critical address information and execute arbitrary code on the affected system

If successfully exploited, this vulnerability could lead to several serious implications, affecting both individual users and organizations. One of the most alarming consequences is the potential formalwareinstallation. Attackers could remotely deploy various types of malicious software, includingransomwareand spyware, onto compromised systems.

Moreover, once a system is compromised, attackers could engage in lateral movement within the network. This means they could navigate to other connected devices, escalating their privileges to access sensitive data and critical infrastructure.

Another serious implication is botnet recruitment, where exploited systems could be integrated into networks of compromised devices controlled by attackers. These botnets can be used to launchdistributed denial-of-service(DDoS) attacks or facilitate other large-scale malicious activities, further amplifying the threat posed by the initial vulnerability.

Data exfiltration is also a critical concern associated with CVE-2024-30078. These bad actors could gain unauthorized access to sensitive information, includingpersonal details, financial records, and intellectual property.

There are multiple ways to minimize the risk posed by CVE-2024-30078. Organizations and individuals can adopt the following proactive strategies to enhance their cybersecurity space:

More from TechRadar Pro

Efosa has been writing about technology for over 7 years, initially driven by curiosity but now fueled by a strong passion for the field. He holds both a Master’s and a PhD in sciences, which provided him with a solid foundation in analytical thinking. Efosa developed a keen interest in technology policy, specifically exploring the intersection of privacy, security, and politics. His research delves into how technological advancements influence regulatory frameworks and societal norms, particularly concerning data protection and cybersecurity. Upon joining TechRadar Pro, in addition to privacy and technology policy, he is also focused on B2B security products.

New fanless cooling technology enhances energy efficiency for AI workloads by achieving a 90% reduction in cooling power consumption

Samsung plans record-breaking 400-layer NAND chip that could be key to breaking 200TB barrier for ultra large capacity AI hyperscaler SSDs

Anker Nebula Mars 3 review: A powerful and truly portable projector