Microsoftrecently plugged asecurity hole in the Windows Wi-Fi driver. This exploit would have allowed attackers to run malicious code on vulnerable systems over Wi-Fi. The vulnerability affects all modern versions ofWindows and Windows Server, and the attacker doesn’t need to have had prior access to the target computer.

While Microsoft acknowledges there were no known active exploits of thesecurityhole, the weakness is described as having a low attack complexity. It’s described inCVE-2024-30078with a maximum severity of “Important.” An attacker need only be within Wi-Fi range of the computer to send a specially crafted network packet to the target PC and exploit the vulnerability.

A hacker with a hood up looking at a computer screen.

The Wi-Fi attack bypasses all authentication protocols, does not require prior access rights, and requires no user interaction at all. Because of this, in theory, an attacker could slip malware to Windows users logging intopublic Wi-Fi networkscompletely undetected. Such hotspots are common at hotels, airports, and in cafes.

Microsoft considers exploitation of the vulnerability “less likely,” but these announcements often bring bad actors out of the woodwork. The ease with which someone could take advantage of the exploit is also troublesome. The weakness, categorized as an Improper Input Validation security vulnerability, exists on all common versions of Windows.

Jeff Butts

This includes unpatched versions ofWindows 10andWindows 11. It also includes all Windows Server versions from 2008 on. The patch eliminating the security vulnerability was released on June 11. The samepatch addresses 49 CVEsin Windows and Windows components,Office and Office components, Azure Dynamic Business Central, and Visual Studio.

Only one of the patched security holes was rated as Critical, a vulnerability in Microsoft Message Queuing that allowed remote, unauthenticated attackers to run malicious code with elevated privileges. The rest, including the aforementioned Wi-Fi driver security hole, were rated as Severity: Important. None are known to be actively exploited.

Patch Tuesdayfor June is an important one, so get those updates installed, friends and neighbors.

Get Tom’s Hardware’s best news and in-depth reviews, straight to your inbox.

Jeff Butts has been covering tech news for more than a decade, and his IT experience predates the internet. Yes, he remembers when 9600 baud was “fast.” He especially enjoys covering DIY and Maker topics, along with anything on the bleeding edge of technology.