A new security flaw has been discovered in Microsoft Corp.'s MSFT Windows that allows hackers to infect personal computers over Wi-Fi, posing a significant threat to users.
The flaw, which affects all versions of Windows, has a Common Vulnerability Scoring System, or CVSS, score of 8.8 out of 10, making it particularly dangerous.
What Happened: The vulnerability, tracked as CVE-2024-30078, enables attackers to infect vulnerable PCs with malware without needing physical access to the target system. The attacker only needs to be on the same Wi-Fi network to exploit the flaw, reported Tom's Guide.
Microsoft has confirmed that no special obligations need to be met to exploit this flaw, except for the hacker being close to a target and on the same Wi-Fi network. They also don't have to be authenticated nor do they need access to any settings or files on a victim's PC.
Subscribe to the Benzinga Tech Trends newsletter to get all the latest tech developments delivered to your inbox.
What makes this flaw particularly concerning is that it doesn’t require any interaction from the victim. This means that users don't need to click on a link in a phishing email or download a malicious attachment for this to work.
Microsoft has already patched this flaw along with 48 other vulnerabilities as part of its June 2024 Patch Tuesday updates. However, the exploitation of this vulnerability is still considered “less likely” by Microsoft, but the company warns that enterprising hackers could try to develop an exploit for it now that the news about this flaw is out in the open.
Why It Matters: This new security flaw adds to the growing list of concerns around Windows security. Microsoft has been under scrutiny for its security measures after major cyberattacks by Russian and Chinese hackers.
The company’s security measures were criticized by the Cyber Safety Review Board for not being transparent about the Chinese hack, which they deemed preventable.
Microsoft’s President Brad Smith will testify before a U.S. House of Representatives Homeland Security panel on Thursday regarding the company’s security measures after these breaches.
Moreover, in the face of mounting criticism from security and privacy experts, the company decided to modify its upcoming Recall feature in Windows 11, keeping it disabled by default.
This Recall feature, intended to assist PC users in retrieving previously viewed information, has been under the microscope for potential security vulnerabilities.
It also comes at a time when Microsoft has been working to regain trust after a security lapse where internal company files and credentials were exposed to the internet. The server reportedly contained crucial information (i.e., passwords, keys, and credentials), but lacked password protection, making it accessible to anyone online.
Check out more of Benzinga's Consumer Tech coverage by following this link.
Read Next: A Day After Shutting Down Tesla Phone Rumors, Elon Musk Says It Is ‘Not Out Of The Question'
Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.
Photo courtesy: Shutterstock
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
