On Wed, Jan 11, 2023 at 02:38:04PM +0100, Jan Engelhardt wrote: > > On Wednesday 2022-11-23 13:46, Greg Kroah-Hartman wrote: > > > >The Microsoft RNDIS protocol is, as designed, insecure and vulnerable on > >any system that uses it with untrusted hosts or devices. Because the > >protocol is impossible to make secure, just disable all rndis drivers to > >prevent anyone from using them again. > > > >Windows only needed this for XP and newer systems, Windows systems older > >than that can use the normal USB class protocols instead, which do not > >have these problems. > > > In other news, someone just proposed adding "RNDIS" things to UEFI, so > now the security problem is added right back into machines but at > another layer?! > > https://edk2.groups.io/g/devel/topic/patch_1_3/95531719 I guess systems that use this will always have to trust that the device plugged into them is "trusted". Seems like an easy way to get access to a "locked down" system if you ever need it :) {sigh} greg k-h
