News Windows security hole allows attackers to install malware via Wi-Fi — new patch plugs gaping vulnerability

[Admin]

In its June 'Patch Tuesday' release, Microsoft addressed 49 security vulnerabilities in its products, including one that could allow an attacker to deliver malware onto a PC over Wi-Fi.

Windows security hole allows attackers to install malware via Wi-Fi — new patch plugs gaping vulnerability : Read more

 

[FoxTread3]

June 13, 2024 - I think this article is important because I get the impression that a lot of people. Naively use free Wi-Fi in all kinds of places. It would be nice if the reporter writing this article, had provided a list of devices that are available that protect devices like laptops when using them in public places. He also could offer links to Tom's Hardware articles that list products and services that prevent laptops from being hacked when using free/public Wi-Fi. It isn't lost on me that people who haven't locked down their home Wi-Fi could be at risk of being hacked just like free Wi-Fi. I had a friend who was very tech savvy who purposely left his Wi-Fi unlocked so that other people could use it. I told him that he had a good heart, but was missing the point, crazy, and to lock down his Wi-Fi immediately. Which he did. Stay well all. 😊

 

[TJ Hooker]

June 13, 2024 - I think this article is important because I get the impression that a lot of people. Naively use free Wi-Fi in all kinds of places. It would be nice if the reporter writing this article, had provided a list of devices that are available that protect devices like laptops when using them in public places. He also could offer links to Tom's Hardware articles that list products and services that prevent laptops from being hacked when using free/public Wi-Fi. It isn't lost on me that people who haven't locked down their home Wi-Fi could be at risk of being hacked just like free Wi-Fi. I had a friend who was very tech savvy who purposely left his Wi-Fi unlocked so that other people could use it. I told him that he had a good heart, but was missing the point, crazy, and to lock down his Wi-Fi immediately. Which he did. Stay well all. 😊

FYI, there is nothing in the vulnerability description to indicate that the attacker needs to be connected to the same WiFi network as you. Merely that they have to be within range of your device's WiFi adapter. The Tom's article ads the bit linking this to public/open WiFi networks, but I don't see where they're getting that from. The author may have simply misunderstood the issue.

I think the risks of connecting to open/public WiFi are generally overblown. But leaving your home WiFi network open does seem like a terrible idea.

Edit: Or maybe I'm the one misunderstanding. I don't know enough about 802.11, maybe the notion of sending a WiFi packet to a device implicitly means both devices are already connected to the same access point/on the same WLAN.

 

[FoxTread3]

June 12, 2024 - Thank you for your comments. I have no reason to question anything you've said. However.. 😊 as a long time follower of various Tech Guru's, Tech shows and Tech YouTube channels. I am aware of various issues regarding Wi-Fi. Some years back it was highly recommended that people change their home routers' passwords, because some companies sold routers with the same password, and anyone within range of the router and knew the router's password could join the network. There was a lot of discussion about WEP, WPA and WPA2, ( I believe we are up to WPA3 now). If you are unfamiliar with any of this, do a Google search for comparisons and explanations. I also remember watching nerds "War driving" live back in the early 2000s, looking for residential open access points. They found quite a number of networks that they could join. Wikipedia has an article on Wi-Fi War driving if you are interested. Lastly, I know of two reported incidents, one in the past couple of years and the other within the past year. Where neighbors complained to the owners of Wi-Fi networks. When the owners changed their passwords. One incident I believe happened in California, where an older woman approached her neighbor complaining that she couldn't get on the internet because he changed his password. A similar case happened in a some small town in England where an older man confronted his neighbor, because his neighbor had changed his Wi-Fi password. Aside from the gall that these older people displayed, it showed the total lack of understanding of the Tech they were using. To my knowledge, aside from the theft of service, and loss of privacy. There is the legal responsibility that is on the owner of the network. So, if a network has been found to have been used for something illegal. I believe the owner of the Wi-Fi network is held legally accountable, with possible punishment of some sort.

 

[td47]

It is a shame that the latest Monthly MS Update KB5039212 description was very vague, and gave the impression that it was ONLY a fix for an LSASS memory leak. However, if you look at the CVE report on this at:
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30078

it mentions that for Windows 11 23H2 the 5039212 was a ROLLUP FIX, so DID contain this, and possibly other security fixes.