Microsoft Windows operating system

A critical remote code execution (RCE) vulnerability, designated as CVE-2024-30078, has been identified in the Wi-Fi drivers of various Microsoft Windows versions, affecting over 1.6 billion active devices globally. This vulnerability is present in Windows 10, Windows 11, and several Windows Server versions, specifically within the Dot11Translate80211ToEthernetNdisPacket() function of the native Wi-Fi driver (nwifi.sys). It has been actively exploited in regions like the United States, China, and parts of Europe, posing risks to industries reliant on Wi-Fi networks and Windows infrastructure. The vulnerability allows attackers to send specially crafted network packets to gain unauthorized access without requiring advanced techniques or user interaction. The root cause is a flaw in the Link Layer Control (LLC) component of the network stack related to packet length management when using Virtual LAN (VLAN), leading to potential out-of-bounds reads and arbitrary code execution. Successful exploitation can result in malware installation, lateral movement within networks, botnet recruitment, and data exfiltration. Microsoft released a security patch in June 2024 to address this vulnerability. Recommended mitigation strategies include timely patch application, implementing WPA3, using strong passwords, network segmentation, deploying intrusion detection and prevention systems, conducting regular security audits, user education on cybersecurity best practices, and adopting a zero-trust security model.