Microsoft's June update tackles critical wi‑fi vulnerability

Microsoft has released the June update package for Windows. Among the patched vulnerabilities, the most interesting one seems to be the Wi-Fi handling vulnerability, which allows remote code execution by sending a malicious packet. The update addresses more vulnerabilities, and the updates are cumulative.

The most critical vulnerability is CVE-2024-30080, found in MSMQ, an optional component in Windows (including server versions) turned off by default. MSMQ has been a recurring issue in the monthly security patches for a long time, as its outdated implementation has not aged well.

Next, there is a vulnerability in a rarely patched component for speech recognition and synthesis (SAPI). Identified as CVE-2024-30097, it is a typical example of memory corruption. Similarly, Microsoft typically uses the Common Vulnerability Scoring System (CVSS) to assess severity. A logged-in user must click on a malicious link to exploit this vulnerability in SAPI. However, the attack is classified as network-based and not requiring any privileges, assuming the attacker did not need to log in. As a result, the vulnerability is rated 8.8, placing it at the top of the list, even though it arguably should not be.

Among June's most important vulnerabilities are two serious issues that allow bypassing AppContainer's isolation: CVE-2024-30064 and CVE-2024-30068. However, the real highlight is the vulnerability in the Windows Wi-Fi driver, CVE-2024-30078. The document does not specify if this affects a particular third-party driver integrated with the system, a generic driver, or the driver handling mechanism in general.

It is known, however, that the attack involves sending a distorted network packet, which, when received by the Windows system, leads to remote code execution. The classification "adjacent" instead of "network" suggests that the range of the network adapter itself limits the problem's scope.

This means the attacker must be near the victim; they cannot send a malicious packet from an unspecified online location. This limits the severity of this problem, but attacks on the network stack are generally severe. No firewalls, antivirus software, or blocked services can protect against them.

According to Microsoft, the Wi-Fi issue remains theoretical, with no confirmed exploits or attempts to exploit this vulnerability. Nonetheless, it should be patched before any such attempts occur. The patch for CVE-2024-30078 was also released for Windows Server 2008, indicating that the issue affects all versions of Windows and that even six months after support ended, server Vista still receives updates.

The update for Windows 11 (KB5039212) grew by seven megabytes over the month and currently weighs 721MB. For Windows 10, it remains approximately the same size as in May.