New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now - eviltoast
  • Spiralvortexisalie@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 months ago

    As someone else said there seems to be no public details. “Improper Input Validation” is about all the info given MSFT Source. It has also been reported a packet has to be sent, suggesting either being on same network or some kind of handshake issue (Source 1 Source 2). It is also said to evade conventional methods (like firewalls and canaries) so I have doubt you actually do need to be on the same network first. So If I had to guess there is some kind of issue with nearby share or wifi direct, since it affects sever versions also I can only assume something in the wifi direct implementation. Since input validation is mentioned and wifi direct can use pins, I would imagine there is some way to craft a special wifi direct packet that holds codes and windows just runs it and/or passes validation. I am just shooting in the dark but I don’t see mitigation short of disabling wi-fi or updating.