A new security issue was found in the Windows Wi-Fi driver that let hackers break into your PC through wireless networks. This flaw, which is now fixed, allowed attackers to run malicious programs on affected computers. It impacted all modern versions of Windows and Windows Server, and the hackers didn’t need to have any previous access to the target computer.
Fortunately, Microsoft has released a security update that addresses this Wi-Fi driver vulnerability. However, it’s crucial to keep your software up-to-date and follow best practices to minimize the risk of such attacks.
We’ll provide tips below on what you should do to protect yourself if a similar issue arises in the future.
What you need to know about the security flaw
Microsoft labeled the vulnerability as CVE-2024-30078 with a maximum severity of “Important.” It is described as a “Windows Wi-Fi Driver Remote Code Execution Vulnerability.” If we break down these terms, you’d understand that the flaw allows an attacker within Wi-Fi range of your computer to send a specially crafted network packet to the target and exploit your PC.
This vulnerability is dangerous because it can bypass all security checks, doesn’t need special permissions, and requires no action from the user. For example, imagine you’re at a cafe using their public Wi-Fi. You’d expect some security measures to protect your device. But with this vulnerability, an attacker could easily sneak malware onto your laptop without you knowing. You wouldn’t have to click anything or give permission—just being connected to the Wi-Fi is enough. This could happen at any public hotspot, like at hotels, airports, or cafes, putting many people at risk.
Microsoft admitted there weren’t any known active attacks utilizing this security hole. However, it described the vulnerability itself as fairly easy to exploit. While Microsoft downplays the immediate risk, these announcements can sometimes attract malicious hackers. The vulnerability affects every supported version of Windows, including unpatched versions of Windows 10 and Windows 11. It also affects all Windows Server versions from 2008 onward.
DON’T LET SNOOPS NEARBY LISTEN TO YOUR VOICEMAIL WITH THIS QUICK TIP
Microsoft’s response to their security vulnerability
On June 11, Microsoft released a patch that eliminates the security vulnerability. This patch also addresses 49 CVEs across Windows and its components, Office and its components, Azure Dynamic Business Central, and Visual Studio. This is applicable if you are using a version of Windows that still receives security updates. If you are using an end-of-life version of Windows without an extended service contract, it is recommended to update to a supported version as soon as possible.
Update your Windows software now
In light of the recently discovered and patched Wi-Fi driver vulnerability, it is crucial for all Windows users to promptly update their software to ensure maximum protection against potential cyber threats. Keeping your operating system and other software up-to-date is one of the most effective ways to safeguard your devices from known vulnerabilities and security flaws. To update your Windows software and benefit from the latest security patches, follow these simple steps:
For Windows 10 and Windows 11
- Click on the Start menu and select “Settings” (or press the Windows key + I shortcut).
- In the Settings window, click on “Update & Security.”
- Under the “Windows Update” section, click on “Check for updates.”
- If updates are available, including the patch for the Wi-Fi driver vulnerability, Windows will download and install them automatically.
- Once the installation is complete, you may be prompted to restart your computer to apply the updates.
For Windows 8.1 and Earlier Versions
- Open the Control Panel and navigate to “System and Security.”
- Under the “Windows Update” section, click on “Check for updates.”
- If updates are available, including the patch for the Wi-Fi driver vulnerability, select them and click “Install updates.”
- Follow the on-screen instructions to complete the installation process.
- Restart your computer if prompted to apply the updates.
By keeping your Windows software up-to-date, you not only protect yourself from the recently discovered Wi-Fi driver vulnerability but also ensure that your system is fortified against other known security threats. Regular software updates are essential for maintaining a secure and reliable computing environment. Remember, cybercriminals are constantly seeking new ways to exploit vulnerabilities, so it’s crucial to stay vigilant and promptly install updates as they become available.
CYBER SCAMMERS USE AI TO MANIPULATE GOOGLE SEARCH RESULTS
6 ways to protect yourself from Wi-Fi cyberattacks
There are many ways a Wi-Fi network can be exploited by bad actors. However, you can protect yourself by following these steps.
1) Enable encryption: WPA2 and WPA3 (WiFi-protected access) are the standard encryptions now. If your network is using WEP (wired equivalent privacy) security, this is outdated. New routers should automatically come with WPA2 or WPA3 encryption, but you may have to enable it to be sure your router is secure. Your wireless network manual will show you how to enable this on your particular network, but be sure to do so so your Wi-Fi requires a password.
2) Update your WiFi password often: When you first set up a new router, it will come with a pre-set Wi-Fi router name and password. Be sure to change this as soon as you set it up and use a strong password. Always make sure your network requires a password to log in. It’s also important to change this information regularly. This makes it harder for anyone to hack into your network. Use these Best Password Managers for 2024 to help create and store your passwords.
3) Update firmware and software: As with computers and phones, it’s essential to keep your software up to date to help protect against security threats. Always run the latest software, some routers will call this firmware – so make sure to keep that updated.
4) Install a strong antivirus program: Hackers often gain access to devices by sending infected emails or documents or tricking users into clicking a link that downloads malware. You can avoid all of this by installing antivirus software that will detect any potential threat before it can take over your device or router.
Since this specific malware can affect Windows and Macs, use an antivirus program like our #1 pick TotalAV (Limited time deal for CyberGuy readers: $19 your first year (80% off), which offers real-time protection on all types of devices.
5) Pick a secure router: If you’re in the market for a new router, check out my list of top routers. These routers are recommended not only for their security features but also for their compatibility with VPN service providers.
6) Use a VPN: A Virtual Private Network (VPN) can provide an additional layer of security, especially when accessing your network remotely.
My top recommendation is ExpressVPN. It has a quick and easy setup, is available in 105 countries, and will not log your IP address, browsing history, traffic destination or metadata, or DNS queries.
Right now you can get 3 extra months FREE with a 12-month ExpressVPN plan. That’s just $6.67 per month, a savings of 49%! Try 30 days risk-free.
Remember, while no system can be completely invulnerable, these steps can significantly reduce the risk of cyberattacks on your Wi-Fi network.
Kurt’s key takeaway
The Wi-Fi driver flaw on Windows is particularly concerning because it gives bad actors an open invitation to exploit your computer. Since Microsoft has now made the vulnerability public, cybercriminals may try to exploit it even though the Redmond-based company says it has patched it. As a rule of thumb, avoid using public Wi-Fi networks you don’t trust. If necessary, connect to a VPN, turn off file sharing, and disable auto-connect.
Do you often use public Wi-Fi networks? If yes, do you take any measures to protect your digital privacy and safety? Let us know in the comments below.
FOR MORE OF MY SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE
Copyright 2024 CyberGuy.com. All rights reserved. CyberGuy.com articles and content may contain affiliate links that earn a commission when purchases are made.