Thank you Josh - I enjoyed your insight On Fri, Sep 11, 2009 at 6:18 AM, Joshua Wright <[email protected]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I sent this note to the WifiSec mailing list this morning. Reposting > here, since I think this community appreciates a remote 0-day in Vista > machines over wireless more than most. :) > > - -Josh > > - -------- Original Message -------- > Subject: MS09-049: Vista Wireless LAN Autoconfig Service Code Execution > Vulnerability > Date: Fri, 11 Sep 2009 06:16:39 -0400 > From: Joshua Wright <[email protected]> > To: [email protected] <[email protected]> > > I'm including a write-up from the SANS @RISK vulnerability alert system > below. With Vista, Microsoft re-wrote the native wireless stack, > reducing the amount of packet-handling code an independent hardware > vendor (IHV) had to do and standardizing the functionality of wireless > interface. One one hand, this was great, as it meant that we could > quell the stream of vulnerabilities in wireless drivers from Atheros, > Broadcom, Intel and more, relying instead on the Microsoft-native code > for handling 802.11 frames. > > On the other hand, now every Vista client with a wireless card (that > hasn't yet patched) is vulnerable to a drive-by wireless exploit. While > wireless driver vulnerabilities have been known to affect XP, it was > difficult to use them since targeting a vulnerable client is difficult > (knowing what driver they are using, for example, is possible but hard > and impractical today). With the Vista stack, that isn't an issue, as > it's trivial to identify a Vista vs. XP box from observing the client > activity over the air. > > I'm still supportive of Microsoft's change to unify the wireless stack > on Vista since it has a lot of other practical benefits over the prior > XP model, plus many users who take advantage of auto update will be > patched shortly (much better than XP where drivers were almost never > updated, unless done manually). Still, as a 0-day, this one is pretty > scary. > > - -Josh > > p.s. Last chance to register for my SANS Institute course Ethical > Hacking Wireless, where we cover wireless driver exploits and more > wireless hacking than you can shake a stick at, delivered live at home > (by me) once a week for 12 weeks. Class starts Wednesday night. Sign up > now and get a free Kindle v2! > http://www.sans.org/vlive/details.php?nid=19608 (enter "kindle" as the > discount code). > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.9 (MingW32) > > iEYEARECAAYFAkqqI9gACgkQapC4Te3oxYz6ggCfZiNe1SSzEfGS/dsSexrCVxyU > 8jkAoIsC6hAVRUBLasHelGHUJLlcU4HB > =/8R3 > -----END PGP SIGNATURE----- > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
