Thursday November 21, 2024

Advisory ID: ngCERT-2024-0025

Summary: 

ngCERT is issuing an urgent security advisory regarding a critical vulnerability within Microsoft Windows Wi-Fi drivers, designated as CVE-2024-30078. This severe Remote Code Execution (RCE) flaw affects all current Microsoft Windows versions, with particular emphasis on Windows 10 and 11. An attacker, without requiring authentication, can exploit this vulnerability by transmitting a malicious network message to a vulnerable Wi-Fi driver, leading to arbitrary code execution on the target system. This may result in unauthorized malware installation, complete system compromise, and the potential theft or manipulation of sensitive information. Users are strongly advised to implement the latest security updates from Microsoft, addressing this critical issue.

Damage/Probability: CRTICAL/HIGH

Platform(s): Windows

Description: 

The CVE-2024-30078 vulnerability represents a significant threat in the cybersecurity domain, impacting a wide array of devices operating on various Windows OS versions. This Wi-Fi driver RCE vulnerability is distinct in that it does not necessitate any special access to the victim's device, nor does it require the victim to interact with phishing links or execute files to initiate the attack. An attacker merely needs to be within the same vicinity as the target, such as public Wi-Fi areas in airports, hotels, cafes, or offices, and send a malicious packet to the compromised Wi-Fi adapter to trigger RCE and potentially deploy further malicious software.

Consequences: 

If exploited, the following outcomes may occur:

  • Complete system takeover.
  • Unauthorized retrieval of confidential data.
  • Data exfiltration.
  • Compromised account misuse.
  • Ransomware deployment.
  • Financial repercussions.

Solution: 

To mitigate this threat, ngCERT advises:

  • System Upgrades: Users on unsupported or end-of-life Windows versions should upgrade to the latest releases, which continue to receive vital security support.
  • Timely Updates: Users on supported Windows iterations should promptly apply all updates and patches, which frequently include remedies for exploitable vulnerabilities. For detailed information, please refer to the Microsoft Security Response Center (MSRC) update guide.
  • Firewall Activation: Employing a firewall can obstruct potential adjacent network attacks, serving as a protective barrier against external threats.
  • Wi-Fi Deactivation: If not in active use, disable Wi-Fi to reduce the attackable surface area, as dormant connections may still be susceptible to unauthorized activities.

For further assistance and updates, please visit ngCERT's official website or contact our support team.

References: