this post was submitted on 15 Jun 2024
11 points (82.4% liked)

Windows

405 readers
4 users here now

For all things Windows.

founded 3 years ago
MODERATORS
top 4 comments
sorted by: hot top controversial new old
[–] BearOfaTime@lemm.ee 6 points 5 months ago (2 children)

Wow, an article full of fear mongering with zero explanation of how it works.

Not saying it isn't a real concern, but how it works is crucial for understanding mitigation approaches.

[–] 9point6@lemmy.world 5 points 5 months ago* (last edited 5 months ago) (1 children)

The full details of how it works will probably not be public yet in order to protect people who haven't had a chance to patch yet

It's a zero user input, remote code execution exploit that doesn't require direct physical access—that pretty much means anyone with WiFi is at risk until they patch

[–] sporks_a_plenty@lemmy.world 2 points 5 months ago

Agreed.

The exploit was discovered by a security research firm who did the right thing and reported it to the SW creator, giving them the opportunity to distribute a patch.

Since it hasn't yet been reported as being exploited "in the wild" publishing details on how to perform the exploit would be at best negligent, and worst carelessly malicious.

[–] Spiralvortexisalie@lemmy.world 3 points 5 months ago

As someone else said there seems to be no public details. “Improper Input Validation” is about all the info given MSFT Source. It has also been reported a packet has to be sent, suggesting either being on same network or some kind of handshake issue (Source 1 Source 2). It is also said to evade conventional methods (like firewalls and canaries) so I have doubt you actually do need to be on the same network first. So If I had to guess there is some kind of issue with nearby share or wifi direct, since it affects sever versions also I can only assume something in the wifi direct implementation. Since input validation is mentioned and wifi direct can use pins, I would imagine there is some way to craft a special wifi direct packet that holds codes and windows just runs it and/or passes validation. I am just shooting in the dark but I don't see mitigation short of disabling wi-fi or updating.