CVE-2024-30078: Remote code execution on Windows Wi-Fi driver
CVE-2024-30078 is a Windows Wi-Fi driver vulnerability with low exploit complexity that allows remote code execution
Last June 11, Microsoft made public in its «Patch Tuesdays» a high-impact vulnerability affecting the Windows Wi-Fi driver, which results in remote code execution. Exploitation does not require authentication and is performed by sending a specially crafted network packet without the need for interaction from the victim, which implies low exploitation complexity, thus increasing the risk of the vulnerability.
This security incident has been identified as CVE-2024-30078, alerting the digital security community to the urgency of mitigating this threat. Some malicious actors are already selling a supposed exploit for $5000 USD. This is why a highly active exploitation is expected in a short period of time.
Main features of CVE-2024-30078
The main characteristics of this vulnerability are detailed below:
- CVE Identifier: CVE-2024-30078
- CVSS Score: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (8.8 High)
- Release date: 11/06/2024
- Affected software: Windows Wi-Fi driver
- Exploitation Requirements: Physical proximity to the victim, specifically within Wi-Fi network range.
Affected Versions
| Operating System | Affected Versions | Plataforms |
|---|---|---|
| Windows 10 Version 1809 | Affected from 10.0.0 before 10.0.17763.5936 | 32-bit Systems, x64-based Systems, ARM64-based Systems |
| Windows Server 2019 | Affected from 10.0.0 before 10.0.17763.5936 | x64-based Systems |
| Windows Server 2019 (Server Core installation) | Affected from 10.0.0 before 10.0.17763.5936 | x64-based Systems |
| Windows Server 2022 | Affected from 10.0.0 before 10.0.20348.2527 Affected from 10.0.0 before 10.0.20348.2522 |
x64-based Systems |
| Windows 11 Version 21H2 | Affected from 10.0.0 before 10.0.22000.3019 | x64-based Systems, ARM64-based Systems |
| Windows 10 Version 21H2 | Affected from 10.0.0 before 10.0.19044.4529 | 32-bit Systems, ARM64-based Systems |
| Windows 11 Version 22H2 | Affected from 10.0.0 before 10.0.22621.3737 | ARM64-based Systems, x64-based Systems |
| Windows 10 Version 22H2 | Affected from 10.0.0 before 10.0.19045.4529 | x64-based Systems, ARM64-based Systems, 32-bit Systems |
| Windows 11 Version 22H3 | Affected from 10.0.0 before 10.0.22631.3737 | ARM64-based Systems |
| Windows 11 Version 23H2 | Affected from 10.0.0 before 10.0.22631.3737 | x64-based Systems |
| Windows Server 2022, 23H2 Edition (Server Core installation) | Affected from 10.0.0 before 10.0.25398.950 | x64-based Systems |
| Windows 10 Version 1507 | Affected from 10.0.0 before 10.0.10240.20680 | 32-bit Systems, x64-based Systems |
| Windows 10 Version 1607 | Affected from 10.0.0 before 10.0.14393.7070 | 32-bit Systems, x64-based Systems |
| Windows Server 2016 | Affected from 10.0.0 before 10.0.14393.7070 | x64-based Systems |
| Windows Server 2016 (Server Core installation) | Affected from 10.0.0 before 10.0.14393.7070 | x64-based Systems |
| Windows Server 2008 Service Pack 2 | Affected from 6.0.0 before 6.0.6003.22720 | 32-bit Systems |
| Windows Server 2008 Service Pack 2 (Server Core installation) | Affected from 6.0.0 before 6.0.6003.22720 | 32-bit Systems, x64-based Systems |
| Windows Server 2008 Service Pack 2 | Affected from 6.0.0 before 6.0.6003.22720 | x64-based Systems |
| Windows Server 2008 R2 Service Pack 1 | Affected from 6.1.0 before 6.1.7601.27170 | x64-based Systems |
| Windows Server 2008 R2 Service Pack 1 (Server Core installation) | Affected from 6.0.0 before 6.1.7601.27170 | x64-based Systems |
| Windows Server 2012 | Affected from 6.2.0 before 6.2.9200.24919 | x64-based Systems |
| Windows Server 2012 (Server Core installation) | Affected from 6.2.0 before 6.2.9200.24919 | x64-based Systems |
| Windows Server 2012 R2 | Affected from 6.3.0 before 6.3.9600.22023 | x64-based Systems |
| Windows Server 2012 R2 (Server Core installation) | Affected from 6.3.0 before 6.3.9600.22023 | x64-based Systems |
Mitigation of CVE-2024-30078
The main solution is to urgently upgrade the Windows version to the new versions available that correct this vulnerability, as indicated in the table above.
Vulnerability detection
The presence of the vulnerability can be identified by the Windows version.
As part of its emerging vulnerabilities service, Tarlogic proactively monitors the perimeter of its clients to report, detect, and urgently notify of the presence of this vulnerability, as well as other critical threats that could have a serious impact on the security of their assets.