Hackers typically leverage malicious documents or pirated software to spread malware, but a newly discovered Windows Wi-Fi vulnerability could enable them to do so via Wi-Fi.

According to Forbes, this critical Wi-Fi vulnerability (CVE-2024-30078) affects all Windows versions, allowing attackers to infect PCs with malware without needing physical access to the target system. The flaw has a high severity score of 8.8 out of 10 on the CVSS scale, and attackers only need to be on the same Wi-Fi network as their target to exploit it.

Increased Risks with Public Wi-Fi

Microsoft’s security update guide indicates that to exploit this Windows security flaw, the only requirement is for the hacker to be within the same Wi-Fi network as the target. They don’t need authentication or access to any settings or files on the victim’s PC. Worse still, no user interaction is needed for the exploit to succeed—victims don’t have to click a phishing link or download a malicious attachment.

While this flaw poses less risk for those working from home or in an office, it is particularly dangerous for users who frequently connect to public Wi-Fi networks, such as those in coffee shops or airports.

Public Wi-Fi, although convenient, already comes with inherent risks. This new vulnerability amplifies those dangers, making it crucial to take extra precautions. Using one of the best VPNs can help protect your data when connected to public networks. If you don’t have a VPN, avoid logging into sensitive sites like online banking when using public Wi-Fi and opt to use mobile data instead.

Microsoft’s Response and Your Next Steps

Microsoft rates the exploitation of this Windows security flaw as “less likely.” However, now that the flaw is publicly known, hackers may attempt to develop an exploit for it. The positive news is that Microsoft has already patched this flaw, along with 48 other vulnerabilities, in their June 2024 Patch Tuesday updates.

Protecting Your Windows PC

To keep your Windows PC safe from malware, follow these steps:

1. Regular Updates: Ensure your Windows PC is always running the latest software. Microsoft releases security updates on the second Tuesday of every month. Mark your calendar and make it a habit to update your system promptly.
2. Enable Windows Defender: This built-in antivirus software from Microsoft has significantly improved and is effective at catching the latest threats. For additional protection, consider investing in a premium antivirus solution, which often includes a VPN, password manager, and other security tools.
3. Be Cautious with Public Wi-Fi: Always use a VPN when connecting to public Wi-Fi networks to encrypt your data and keep it secure from potential threats.

New vulnerabilities like CVE-2024-30078 are discovered frequently, but by staying informed and maintaining regular updates, you can protect your devices and data from being compromised.