Microsoft's June patch includes critical Wi‑Fi vulnerability fix

Microsoft released the June update package for Windows. Among the patched vulnerabilities, the most interesting is the Wi-Fi handling vulnerability. It is possible to execute code remotely by sending a malicious packet. There are more vulnerabilities, and the updates are cumulative.

The most critical vulnerability is CVE-2024-30080, an issue found in MSMQ, an optional component disabled by default in Windows (including server versions). MSMQ has long been a recurring element in the monthly security patch announcements, but its outdated implementation has not aged well.

Next on the list is a vulnerability in a rarely patched component for speech recognition and synthesis (SAPI). The vulnerability, CVE-2024-30097, is a typical example of memory corruption. Similarly, Microsoft’s overuse of definitions for assessing the severity of problems (CVSS) is usual. To exploit the vulnerability in SAPI, a (logged-in, of course) user must click on a malicious link. However, the attack has been classified as network-based and does not require any privileges - based on the premise that the attacker does not need to log in. As a result, the vulnerability, rated at 8.8, is at the top of the list, even though it should not be.

Among the most important vulnerabilities in June are two serious vulnerabilities, CVE-2024-30064 and CVE-2024-30068, that allow bypassing the isolation of AppContainer. However, the real highlight is the vulnerability in the Windows Wi-Fi driver, CVE-2024-30078. The document does not state whether this issue affects a specific third-party driver integrated with the system, a generic driver, or the driver handling mechanism in general.

It is known, however, that the attack involves sending a distorted network packet, which, when received by the Windows system, leads to remote code execution. The classification "adjacent" instead of "network" suggests that the range of the network adapter itself limits the problem's scope.

This means the attacker must be near the victim - they cannot send a malicious packet from an unspecified online location. This limits the severity of this specific problem, but attacks on the network stack are a grave matter. No firewalls, antivirus software, or blocked services can protect against them.

According to Microsoft, the Wi-Fi issue remains theoretical. There have been no confirmed exploits or attempts to exploit this vulnerability, so it should, therefore, be patched before that happens. The patch for CVE-2024-30078 was also released for Windows Server 2008, indicating that the issue affects all versions of Windows and showing that even six months after support ended, server Vista still receives updates.

The update for Windows 11 (KB5039212) grew by seven megabytes over the month and currently weighs 721MB. For Windows 10, it remains approximately the same size as in May.