Critical remote code execution vulnerability discovered in Microsoft Windows Wi-Fi drivers
A critical remote code execution (RCE) vulnerability, identified as CVE-2024-30078, has been discovered in the Wi-Fi drivers of multiple versions of Microsoft Windows, including Windows 10, Windows 11, and various Windows Server editions. This flaw could potentially affect over 1.6 billion devices globally and allows attackers within Wi-Fi range to execute unauthorized code on affected systems without sophisticated techniques or user interaction. The vulnerability is located in the Dot11Translate80211ToEthernetNdisPacket() function of the native Wi-Fi driver and involves a discrepancy in packet size expectations that can lead to an out-of-bounds read and a 2-byte write vulnerability. Attackers can exploit this by sending specially crafted network packets to overwrite critical address information and execute arbitrary code. The consequences of such an attack include malware installation, lateral movement within networks, botnet recruitment, and data exfiltration. To mitigate the risk, Microsoft released a security patch in June 2024. Additional protective measures include enabling advanced network security features like WPA3, disabling unnecessary network protocols, using strong passwords, network segmentation, deploying IDPS, conducting regular security audits and penetration testing, educating users on cybersecurity best practices, and implementing a zero-trust security model. CVEs: CVE-2024-30078 [View Article](https://www.techradar.com/pro/critical-remote-code-execution-vulnerability-discovered-in-microsoft-windows-wi-fi-drivers)