The full details of how it works will probably not be public yet in order to protect people who haven’t had a chance to patch yet
Comment on New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now
BearOfaTime@lemm.ee 5 months ago
Wow, an article full of fear mongering with zero explanation of how it works.
Not saying it isn’t a real concern, but how it works is crucial for understanding mitigation approaches.
9point6@lemmy.world 5 months ago
Spiralvortexisalie@lemmy.world 5 months ago
As someone else said there seems to be no public details. “Improper Input Validation” is about all the info given MSFT Source. It has also been reported a packet has to be sent, suggesting either being on same network or some kind of handshake issue (Source 1 Source 2). It is also said to evade conventional methods (like firewalls and canaries) so I have doubt you actually do need to be on the same network first. So If I had to guess there is some kind of issue with nearby share or wifi direct, since it affects sever versions also I can only assume something in the wifi direct implementation. Since input validation is mentioned and wifi direct can use pins, I would imagine there is some way to craft a special wifi direct packet that holds codes and windows just runs it and/or passes validation. I am just shooting in the dark but I don’t see mitigation short of disabling wi-fi or updating.