No User Interaction Needed To Attack CVE-2024-30078
Microsoft has confirmed that an attacker could expect repeatable success due to the lack of special access conditions or extenuating circumstances, apart from the proximity requirement. The Windows maker has also warned that no authentication is required before exploiting this vulnerability. In addition to that, no access to settings or files on the victim’s machine is needed before carrying out the attack.
The user of the targetted device won’t have to interact at all, they won’t have to click on any link or load any image or execute any file for this attack to happen.
Immediate Patch Priority: Security Expert
Kikta recommends that anyone who is using an end-of-life version of Windows without an extended service contract should update to a supported version as soon as possible. He said, “If patching immediately isn’t feasible, consider using network-level protections such as firewalls and intrusion detection systems to monitor and block suspicious activity. The risk of running outdated software cannot be overstated.”
If you are still not convinced to update as soon as possible then Kikta said that this close access vector threat “potentially bypasses network-based detections and mitigations.” Forbes quoted him as saying, “It circumvents most threat modelling, so this is an immediate patch priority for me.”
