In a nutshell: Microsoft's June 2024 Patch Tuesday Windows 10 and 11 updates fix 51 security flaws, including a Wi-Fi vulnerability that enables remote code execution. Despite its low threat rating, the bug is a concern for public hotspot users. Although exploitation is unlikely, an attack doesn't require user authorization.
A recent Windows 10 and Windows 11 Patch Tuesday update includes fixes for a potentially dangerous Wi-Fi vulnerability. Discovered within the Windows Wi-Fi Driver, CVE-2024-30078 allows malicious actors a vector for remote code execution (RCE).
Despite a non-urgent sounding severity classification of "Important," the bug should concern Windows customers who frequently use public hotspots or hotel Wi-Fi internet service.
Microsoft says a hacker can exploit the vulnerability by just being near the target computer and sending a "malicious networking packet," with no authentication required. The security researchers who found the bug did not publicly disclose it before notifying Microsoft, and as far as they could tell, hackers have not used it in the wild. Redmond says exploitation is "less likely" because hackers must be within close range to execute the attack.
Including CVE-2024-30078, Microsoft patched 51 security flaws, 18 classified as RCE bugs. There's also a critical RCE vulnerability to deal with, which was discovered in Microsoft Message Queuing.
There were also 25 elevation of privilege, 18 RCE, three information disclosure, and five denial-of-service vulnerabilities. The bugs include just one previously disclosed zero-day flaw (CVE-2023-50868), although hackers haven't exploited it yet.
Patch Tuesday is a Microsoft "tradition" dating back 20 years, with new bundles of security fixes for Windows and other software products released every second Tuesday of the month.
The company recently offered thoughts about the practice with an abridged version of Patch Tuesday history and its role in Windows security. Microsoft said that security is its number one priority... meanwhile, experts describe its new AI feature, Windows Recall, as a new security and privacy disaster in the making.
Microsoft's latest security update fixes a nasty remote code execution bug in Windows Wi-Fi driver
