Microsoft addresses critical wi‑fi vulnerability in June update

Microsoft has released the June update package for Windows. The most notable patched vulnerability is the Wi-Fi handling vulnerability, which allows remote code execution by sending a malicious packet. There are additional vulnerabilities, and the updates are cumulative.

The most critical vulnerability is CVE-2024-30080, another issue found in MSMQ, an optional component disabled by default in Windows (including server versions). MSMQ has been a recurring feature in the monthly security patch announcements for a long time, and its outdated implementation has not aged well.

Next on the list is a vulnerability in a rarely patched component for speech recognition and synthesis (SAPI). Identified as CVE-2024-30097, it is a typical example of memory corruption. Similarly typical is Microsoft’s extensive use of definitions for assessing the severity of problems (CVSS). To exploit the vulnerability in SAPI, a logged-in user must click on a malicious link. However, the attack is classified as network-based and not requiring any privileges, based on the premise that the attacker did not need to log in. As a result, the vulnerability, rated at 8.8, is at the top of the list, even though it probably should not be.

Among the most critical vulnerabilities in June are two serious ones, CVE-2024-30064 and CVE-2024-30068, which allow bypassing the isolation of AppContainer. However, the real highlight is the vulnerability in the Windows Wi-Fi driver, CVE-2024-30078. It is unclear whether this issue affects a specific third-party driver integrated with the system, a generic driver, or the driver handling mechanism in general.

It is known that the attack involves sending a distorted network packet, which, when received by the Windows system, leads to remote code execution. The classification "adjacent" instead of "network" suggests that the range of the network adapter itself limits the problem's scope.

This means that the attacker must be near the victim—they cannot send a malicious packet from an unspecified location on the Internet. This indeed limits the severity of this specific problem, but attacks on the network stack are very serious matters in general. No firewalls, antivirus software, or blocked services can protect against them.

According to Microsoft, the Wi-Fi issue remains theoretical. There have been no confirmed exploits or attempts to exploit this vulnerability, so it should, therefore, be patched before that happens. The patch for CVE-2024-30078 was also released for Windows Server 2008, indicating that the issue affects all versions of Windows and showing that even six months after support ended, Server Vista still receives updates.

The update for Windows 11 (KB5039212) grew by seven megabytes over the month and currently is about 721MB. For Windows 10, it remains roughly the same size as in May.