Latest Windows update patches critical Wi-Fi vulnerability

Windows updates don’t just exist to annoy you and make you reboot your computer twice as often as you normally would. They often include some actually important stuff.

This week’s update has a critical patch for a known Wi-Fi vulnerability, which Microsoft rates as an 8.8 out of 10 in terms of danger—so, go ahead and spin up Windows Update sooner rather than later.

As The Register reports, the CVE-2024-30078 bug fix prevents remote code execution (that means “running scary stuff on your PC from somewhere else”) via a Wi-Fi driver. The details of this vulnerability aren’t public, and it doesn’t appear to be being exploited “in the wild,” but Microsoft isn’t leaving things up to chance. Hackers might be able to figure it out now that it’s been addressed.

The same can’t be said for the critical CVE-2024-30080 patch, which allows remote code execution via the Microsoft Message Queuing system. This one’s dangerous enough that it gets a 9.8 rating, and it may be being exploited at the moment.

Rounding out the security patches is an older issue, CVE-2023-50868, which can be used as a remote denial of service method by overloading resources using Domain Name System Security Extensions. It’s mostly a server issue and less important for regular users.

These fixes should be applied for all Windows 10 and Windows 11 users, so don’t delay. That’s the KB5039214 update for builds 14393.7070, 22621.3737, and 22631.3737 — if you see any of those numbers on your System>About page, you’re all set.