CVE-2024-30078 Can Be Exploited Without Any User Interaction
Microsoft has confirmed that with no special access conditions or extenuating circumstances needed, apart from the proximity requirement, an attacker could “expect repeatable success against the vulnerable component.” Microsoft also warns that an attacker requires no authentication as a user before exploiting this vulnerability, nor any access to settings or files on the victim’s machine before carrying out the attack. Furthermore, the user of the targeted device does not need to interact at all: there is no link to click, no image to load, and no file to execute.
Jason Kikta, chief information security officer at Automox, said that, given its nature, “this vulnerability poses a significant risk in endpoint-dense environments including hotels, trade shows, or anywhere else numerous devices connect to WiFi networks.” In these kinds of environments, it would be all too easy for an attacker to target users without raising any red flags. “To protect against this vulnerability,” Kikta said, “it’s recommended that you apply the latest patches as soon as possible.”
This Is An Immediate Patch Priority, Security Expert Says
Assuming, that is, you are using a version of Windows that still receives security updates. Anyone using an end-of-life version of Windows without an extended service contract is recommended to update to a supported version as soon as possible by Kikta. “If patching immediately isn’t feasible, consider using network-level protections such as firewalls and intrusion detection systems to monitor and block suspicious activity,” Kikta said, adding “the risk of running outdated software cannot be overstated.”
In case you need any further incentive to get patching as soon as possible, this close access vector threat “potentially bypasses network-based detections and mitigations,” according to Kikta. “It circumvents most threat modeling, so this is an immediate patch priority for me.” Most security experts agree that publicly available exploitation tools will be available before long, so the window of opportunity to patch before the attacks start is getting smaller all the time.
A fix for this important security vulnerability has been issued as part of the June 2024 Patch Tuesday update.
