it's been a rough week for microsoft...
HTML-код
- Опубликовано: 17 июн 2024
- Microsoft is having a ROUGH WEEK. Between the Recall fiasco and this weeks vulnerabilities, I hope its all going okay.
Exploit: msrc.microsoft.com/update-gui...
🏫 COURSES 🏫 Learn to code in C at lowlevel.academy
👕 MERCH 👕 Like the shirt? lowlevel.store
📰 NEWSLETTER 📰 Sign up for our newsletter at mailchi.mp/lowlevel/the-low-down
🛒 GREAT BOOKS FOR THE LOWEST LEVEL🛒
Blue Fox: Arm Assembly Internals and Reverse Engineering: amzn.to/4394t87
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation : amzn.to/3C1z4sk
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software : amzn.to/3C1daFy
The Ghidra Book: The Definitive Guide: amzn.to/3WC2Vkg
🔥🔥🔥 SOCIALS 🔥🔥🔥
Low Level Merch!: lowlevel.store/
Follow me on Twitter: / lowleveltweets
Follow me on Twitch: / lowlevellearning
Join me on Discord!: / discord 
Наука
wanna learn to code in C or assembly? check out lowlevel.academy and use code THREADS20 for 20% off lifetime access. or dont. im not a cop
Just wanted to say it’s been 20 min and there’s no comment nor like under a pinned comment. Have a good day Mr Hacking Guy :)
no.
i suspected but could not confirm this months ago and stopped using wifi and went direct connect.
nope
if you were a cop that would give me less of a reason to lol
recall got recalled LOL
yes i am aware it was not completely "recalled", however it is really funny to think about how fast they went "oh shit" and had to rework the way its rolled out :p
YEP
foreshadowing at its finest
@@Possseidon they thought throught the name. Meta
theory: they planned this for clout
Really? What happened?
Between this and the zero-click Outlook vulnerability they're having a very bad week.
Havent seen the outlook one, does it affect the desktop client or the OneOutlook (web) one?
@@feefre Desktop client, they just pushed a patch for it a few days ago.
Link or CVE number?
@@JaredJeyaretnam CVE-2024-3010
It's funny that the bounty for a zero click outlook vulnerability got bumped to $400k recently...
So basically we almost got into a situation where anyone within WiFi can just walk into your Windows PC with everything you've recently done laid out in a transcript with screenshots attached...?
Absolutely terrific. I'm glad im paying $350 / year for that stability 🙄
Yes.
Yes.
Not ‘Almost’
Yes.
Moreover, by the list of affected products on that page, this vulnerability is in every system from Vista and on. And they don't release updates for old consumer systems, only server ones. So any computer with non-server Windows Vista,7,8,8.1 that has equipped and enabled Wi-Fi module has one more unpatched hole.
If it is bad enough, they have been know to occasionally release patches for Windows versions beyond end of life.
@@piisfun like Windows XP! (cough cough Wannacry)
I hope there is a patch for previous versions if they are affected. Retro computing is a thing after all.
Guess I'll be moving my 7 machine to XP then.
a CHINESE cyber security company warned the American company about this crazy security vulnerability.
The turn tables of the century
Its funny that someone in china really cares about international security, even if they could exploit it.
@@abztract_ Rich Evans: “O how the Turn chables have chabled”
Turns out Chinese people aren’t a homogenous evil blob that hate America and aren’t constantly plotting their downfall… gasp 😮
I seem to remember that they're mandated to inform the government first. It probably means it wasn't very useful.
back in the day I used to snoop the 2.4GHz wifi data just for kicks. and with an outside antenna with about 20ft of height I was able to snoop on stuff up to 1 mile away. So with this kind of set up you don't need to be "next" to someone to exploit. in theory with my old setup I could exploit every windows machine within a mile of me.
My favorite thing was replacing images on webpages people were loading around you by responding to the http request faster than the server. Another favorite was i had a screensaver than just loaded images loaded by other people on the network. The amount of porn that would generate on a collage campus was amazing.
@@AndrewFrink Just fyi I'm 90% sure that's a felony (sending the fake http packets) if you're in America my dude
@@AndrewFrink yeah its illegal dont admit to it prolly best if you delete
@@fernycl Don't worry it happened way before the cyber police was invented
@@TheMrTapei think you mean the statute of limitations
Paraphrasing, “All sites had HTTPS by 2010 or so.”
I sure wish that was true, but I had to convince people, professionally, up until about 2016 or later that it was important. I know people with viable businesses who still host their marketing website with no encryption.
How lol since browsers added warnings every normie will think their site is a virus
@@theairaccumulator7144 I’m not here to convince you
And we had to pay for them!
Sites don't need encryption when there's no login.
There is no excuse to not use https in 2024. It is a red flag.
Don't forget the PHP vulnerbility, that only affects Windows.
Actually, that vulnerability only affects Windows PCs running in specific languages (Chinese and Japanese). If you are running in a European/Latin language or even other Asian languages, then you're unaffected. And you are only affected if you use PHP CGI. CLI, FCGI, and FPM are also unaffected and those are used much more widely than the PHP CGI SAPI. So while serious for affected users, it's actually a rare combination.
Another downside of a public Wi-fi is that HTTPS does not hide the domain name of the site you're going to. Someone may not know the details of what you're doing or URL you're browsing, but they can tell what sites you're going to and how much data is exchanged
Correct me if I'm wrong, but if you use DNS over HTTPS, doesn't that hide the domain? The only thing that should be sent in plain text is the resolved ip address, right? And since multiple domains can reside on the same ip address range, that's should still be better than not hiding the domain at all.
@@JohnSmith-xv1tp even with a secure DNS call, the TLS handshake typically sends the desired domain name (in clear) so the Webserver knows how to reroute it if it hosts multiple domain names.
Not thru HTTPS, it does hide that. But you are talking about DNS (not DNS over HTTPS), or basically resolving the domain into an IP. That might or might not happen during the session. Tho you can always see the IP that you are connecting into and no way around that without some sort of proxy solution.
That's why you always use a VPN when using an untrusted WiFi. You can probably set one up on your home router (for free) in about 10 minutes.
@@JohnSmith-xv1tp IP might as well be domain name, it takes like no effort to look it up. Only way around it is VPN. Honestly only real use for VPN is public wi-fi.
Who asked for Recall? Like who are they marketing it for? What was there plan? I am kinda confused at where they are going as far as windows.
Except for the screenshots, this information has been increasingly available to those in the know since Windows XP. They're just making it easier for users to access.
You don't know where Microsoft is going with Windows? Do you ever look up this information?
Me: Immediately going to update Windows after reading the title and thumbnail. lol.
thx for the reminder
need another one? ;)@@isoldmyfamily
Not a problem if you don't use windows
@@ninjameep8616 or wifi
Doing it over WiFi?
Gotta love the Microsoft AI ad in the background around 5:34 that literally advertises Recall
Actually, if the hacker has a high gain antenna, he doesn't have to be that close.
WiFi connected through a parabolic dish has been used to communicate the several MILES across the Strait of Gibraltar. Wikipedia says it is 8.1 miles or 13 kilometers, but the dishes used were far above the water, which adds to the distance. But you don't want your dish to wobble at all when trying to receive a distant signal in a world often FILLED with WiFI equipment. All that other equipment can easily drown out the desired signal once it is off-axis. Other equipment NOT so far away is even more likely to drown out a distant signal, despite the directionality and RF gain of a dish antenna. Lastly, the ground itself becomes an impediment, as the Fresnel zones between distant line-of-sight antennas run into the ground and get absorbed. That will provide SOME security for distant unpatched 'Winblows' systems. *Overall, we once again see that Windows has all the security of an OPEN WINDOW.*
Thank you for your time. I'm new to these concepts and topics but everything is so interesting. Love knowledge, again appreciate you man and get better !
thank you!
great recall ad at 5:28
the cvss you were talking about also makes it sound like it's a very *stable, reliable* exploit, as well.
Plot twist: It was actually a complimentary feature to Recall to make it easier to steal user data. They wanted it to be a walk in the park, hence the low attack complexity.
Seeing these vulnerabilities I just have to wonder, how many undiscovered ones are there, still waiting to be found?
A lot. The people that make any software or hardware are human, and can make mistakes.
That, and since it's absolutely proprietary in most cases it's harder for the average programmer to find and patch bugs.
Windows ~3k, Linux ~8k discovered vulnerabilities. i would say few thousand vulnerabilities not yet discovered on windows.
@@STCatchMeTRACjRo it seems weird at first that linux has 8k, but that's because it's open and we can find vulns faster lol
@@gonderage i know.. thats why i say linux is secure. more vulnerabilities discovered == more patches == more fixes == more secure; more likely
.
microsoft pls hire me, i could have told you recall was dogpoop before you even started making it.
So, correct me if I'm wrong, but if your computer has no WiFi chip, and it is connected to the Internet through an Ethernet cable, this attack won't work?
That should be correct.
Without details impossible to say for sure, but if it's not transmitting data thru wifi then it should not be possible to exploit it thru wifi either. So just having wifi off should be enough with the details known.
Yes.
It's also avoidable if you ditch Windows 😮
When I first read about the vulnerability, I had the same question. I guess that it’s a good thing I never bothered buying a wifi card.
"It's been a rough week for Microsoft". You know, ya just love to hear it.
Microsoft itself is an advertisement for linux
I guess the more popular Linux becomes the hackers will be sharpening up their Linux compromise tools…. Best to stay somewhat under the radar 🤓
Linux servers are bascially the default and extremely valuable targets. There's already a lot of effort towards hacking and malware for linux.
Maybe so. Linux is just as easy to hack, however. Remember Windows (since NT), OSX, Linux, Android, iOS, etc all are derivatives of the same kernel written decades ago.
@@Name-cs5kv - I thought as much. My comment was really aimed at the smug people that think that moving to Linux is somehow an automatic defence against bad actors. The more Linux is successful on the desktop the more it becomes vulnerable to attack.
As if linux was not vulnerable
I can't even log into my W10 drive because it's bugged and won't let me use the local account I set up day one. Shitware, that's what Windows is.
At least I never have to worry about the MS bugs.
Come. Join us in the lands of Linux. Embrace the FLOSS
sounds like a skill issue bud, windows is spyware but it doesnt just lock you out without you making a mistakr
@@liesdamnlies3372 I do embrace stacking dental FLOSS for a fact.
@@liesdamnlies3372 this guy cant figure out how to get inside his locks creen and you want him to join linux? bro will be stuck deciding wtf is an iso file lmaoo
@@liesdamnlies3372 why? Lose everything and have to start over from complete scratch?
Another important action you can take to protect yourself from the WiFi vulnerability is to disable your WiFi when you aren’t using it.
I think it's the best advice when you keep everything updated.
That vulnerability is not even in the wild. We don't even know what it is or how to exploit it. And there shouldn't be someone 30 ft away from you trying to get into your computer for all the unimportant stuff you got in there.
The concept of Linux is growing on me.
Embrace the Linux :3
You totaly should switch to Linux
Go for it. You'll get used to it eventually.
@@toxicbavariankitten you have old thinkpad vibes
If you want to do that, go for it.
But don't be fooled into thinking that your computer is suddenly way more secure. It might not have this vulnerability, but you may well need go put more effort in to secure it.
This combined with the millions of infected routers and people disabling security updates and/or still being on windows 7 is going to do some serious damage
People wouldn't have such a negative Pavlovian response to updates if Windows and the NT kernel didn't manage it so poorly
I love the kinda people who forcefully stay on Windows 7 (excluding those who need it because of niche hardware or software or something), because from what I've heard upkeeping it is worse than just learning to use Linux. Hell, by now you'd probably get better software support there than on Win7
@@maybenat One of those is a friend of mine. Hates change, as you'd imagine
I've told him as much
@@RadikAlice Just pirate a Windows 10 LTSC iso then, you can hash the iso and compare it to a genuine hash, and use MAS to activate it with an LTSC IoT key. No feature updates, only security and stability ones and it's going to be supported until 2032. And still more secure to use an open source activator than to disable updates.
despite this vid, im not updating my windows. why the f would i install more telemetrics and spying on my computer.
replace a bug that MIGHT get me spied on versus updating and DEFINITELY getting spied on lol
Damn this gives memories of Wannacry and EternalBlue
yep, thats probably why they didnt give details.
Yea it's wormable you can get to airgaped machines with wifi adaptors.
arguably, it’s always a rough week for microsoft
If only they spent as much time as they've been shoving AI in our mouths into working on actual security issues...
5:40 this ad in the background 🤣
"New era of AI lets hackers steal your online self"
The Recall recall as part of the overall plan, imo. Announce something fiery, show customer sensitivity by removing it, all the while sliding in the true choke hold. Microsoft is a one-trick pony and this is it.
Nah, I think that's a little too cynical of a view. Normally, I'd agree with you but Microsoft isnt run by tech people, it's run by marketers that salivate at the "next big thing". "Let's beat Apple to the press" knowing that AI was going to be huge at WWDC and, like everyone else, counted on the customer to be their beta testers. I still don't understand the fundamental idea behind recall except for companies that want to spy on their employees. They can't read the market and they're not used to having to.
What is the true choke hold?
And what one trick is the pony Microsoft doing?
@@SpaceCadet4Jesus That comment was just made by a Microsoft hater. If you ask me, bing copilot is the most useable search engine right now. I avoid the parent company of this website like the plague
Way ahead of you, I updated my computer to Linux a couple months ago.
Thanks for updating us on these vulnerabilities, always nice too get these videos recommended relatively quickly
The most likely bug in the parser for management frames is in the handling of TLV (type-length-value) elements in such frames.
This is an ever recurring problem: code to unpack TLV data often does not handle excessively large length values, or even negative ones (when the length field is not handled as unsigned by the code).
I bet this is another case of such a bug.
What surprises me is that after all those iterations of "this version of Windows is the most secure one we ever released" (a recurring claim by Microsoft when the version number has been bumped), there still has been no comprehensive analysis of this type of software all across the Windows OS.
It should be possible to give some group of good programmers inside the company access to all sourcecode and let them hunt for TLV handling and scrutinize it.
Apparently not a priority inside Microsoft.
I was gonna comment this too, since I actually write such code. I do this in rust, where it's less of an issue, but a lot of elements are a complete nightmare to parse like the RSN element.
Saw this coming, window's wifi driver has always randomly failed for seemingly no reason. That's a tell-tale sign of an over/underflow.
Who needs backdoors, when you leave Windows open?
A low level wi-fi vulnerability could be a 10 if it's wormable, because it may spread between Windows hosts on different wireless networks.
i always name my bluetooth and wifi devices to have format strings in them. i have found a few format string vulnerabilities this way lol
As a programmer, I hate you. As a cybersecurity type: good one!
imagine someone with recall turned on (spyware) and an open door like this is disclosed, the attacker has anything...
also im sure there is an unpatched privilege escalation vulnerability to be discovered next days...
Can u cite your source for 1 vuln for every 1000 loc? It would be really interesting to read that
just write 1000 lines of C and post it on here and we will show you. pastebin
clarification, Windows runs the world of Desktop computing. Not the world of server computing. Most servers run linux.
what big server uses wifi?
Seems Linux is safe about this attack?
Interresting video btw!
Another risk of being on public Wi-Fi even when you're using an SSL is that someone can arp spoof your connection through theirs and then possibly knock you off with an HTTPS website onto HTTP using HSTS hijacking
LOL those recall ads in the bqckground
any network is set to public by default since its a recomended setting, public networks have stricter policies, private networks require more setup and customizetion though
Similar to eternal blue vuln but on the data link and physical layer?
If you use ssl still then you might want to look into the TLS1.3
the real miracle is that the chinese cybersecurity researchers told ms and didn't sell it to a government.
i hope they're well and cuddos to them
What makes you think they didn't already use it?
An incredibly naive perspective
@@ShadowManceri so they already used it but now they're telling microsoft for... nothing? ccp is not known to be like that.
@@notaboutit3565 i am naive then, i guess. what's your opinion on wtc7?
@@ybvb
hate the government not the people!
*literally confuses individual companies and people with the ccp*
Glad I switched over to Linux.
Thats so Wild. I was just looking at that standard from a Ubquiti AP and thought that would be an interesting thing to look at if you were looking for vulerabilities.
Great stuff, Ed. Keep it up. Love your style!
Appreciate how you've broken down the potential pitfalls of this vulnerability and given a clear understanding of why this is such a big deal.
wild to play ads in the browser while recording, next level adblock avoidance.
Hey! I love your content, do you ever plan on localizing the prices for your courses? I would really like to buy them, but where i live it would take two months of minimum wage to buy them
and there is an ad for recall in the wpa3 article, how ironic.
Hi, have you tried the new embedded swift? I would like to know your opinion on that.
When everything is "connected", well, everything is connected. 😕 The only way society could truly be "secure" would be for it to go WAY back to the days when computers were standalone, unconnected, one-user devices. But that ain't gonna happen, obviously.
Well maybe ? I've been in the (computer) business since storage was huge tape drives. I have two workstations with no network connection for secure work. All comms is on encrypted drives sent by Snail Mail or hand delivered. I don't think this is all that uncommon in commercial life (eg. aerospace) and certainly not in military.
Finally someone on RUclips telling people that you don't necessarily need a VPN when using public Wifi. I use public Wifi a lot, and the only times I use VPN is when I actually need to connect to something not public, like the network of my employer or my network at home to access my NAS. (My modem/router fortunately has this capability).
I guess we will never see a video sponsored by the usual VPN companies on this channel... 😅
Thank God. Misinformation abounds.
Thank you for sharing!
Recall is the most careless idea I’ve seen in a minute.
If this bug is at the kernel level, I assume that running in a virtual machine session would not offer any protection, correct?
I use Fedora. We came close with the XZ, but open source worked as intended and I never even got a vulnerable version in my machine. Not worried at all.
What if that one guy didn't notice the slow response or didn't care enough to hunt it down? Do you think that was the first time something like that has happened?
@@xoso599 No, but at least is a lot harder to hide malicious code in open source. If every distro starts compiling from source in their repository, it will almost never happen. Meanwhile, in proprietary code, the backdoor is a feature paid by the government. It is a lot easier to spot a backdoor on source than it is on binary blobs
Mikrosoft needs to kcuF off already
So if a PC only had Ethernet it wouldn't be vulnerable being connected to a WiFi router? It would need a WiFi card and be connected over WiFi instead of Ethernet?
Who in their right mind would hope that MS is doing okay? o.O
guess im not booting into windows for a bit
I think turning off the wifi should be safe. Though it may not be a viable option for most people.
@@superneenjaa718or just update
the fix was released days ago. You need to boot into windows to install it.
if by "bit" you actually mean "ever", then yes, you're correct
@@user-to7ds6sc3p fix for this but what about the other vulnerabilities?
I don't buy that MS is staying silent for the public good. If they cared about the public good, they'd patch Windows XP through 8. It's probably just to save face, avoid headlines like "every Windows laptop sold in the past 20 years can be hacked by unseen passers-by," which is what this seems to be.
In a way this kind of reminds me of the sim card vulnerabilities being open to sms attacks. But makes me think the attack may not need a connection just a way to see other machines with a wifi.
This Wi-Fi vulnerability sounds pretty similar in nature to a Bluetooth vulnerability from a few years ago that abused the advertisement feature
Didn't think much of the WiFi Direct driver giving a warning that it could not start when looking at a different device issue, but maybe it was related to this.
1. Don't run windows
2. Don't use wifi
Imagine the same WIFI vuln but on mobile phones instead of windows.
Just in case !
Wpa3 is more better then wpa2. !
If you have wpa2 if possible pls upgrade your router that you'll have wpa3🙃👍
I’m guessing it must be a subset of the management frames, some of them require the protocol state machine to be in a particular status. If this is the case and there is no weird stuff in the WiFi driver, probably beacon or action frames could be the ones used to trigger the vulnerability.
I do wonder if the WiFi can be shutoff to avoid this bug or how older systems that can't be updated easily can avoid this issue.
Pull out your wifi card
Older systems often have a physical switch to enable/disable the WiFi, and otherwise at least a setting in the BIOS SETUP.
If all else fails buy a reverse SMA (or appropriate) connector and wire a short straight across it. My PC doesn't see the AP right next to it with this fitted.
Also, most Windows builds won't enable WiFi if a connected RJ45 network exists.
@@Rob2 Also allows you to from any installed harware, including WiFi cards.
@@adrianandrews2254 I don't think that will work anymore in Windows 10 or 11. It will just download a new driver.
I don't use wi-fi on my workstations or servers, 98% of my house is Cat 5e wired (eventually Cat 6e), a jack in every room, stable and reliable and unjammable by thief's running around with signal jammers to jam wi-fi cams and alarm systems.
You can easily create a small "jamming alarm" with a simple ESP32 😏 When the connection is lost, start the alarm, and stop it when it's back online.
@@mathieucaron4957 You could, if your tech savvy, but if you reboot your wi-fi router, it may go off.. unless it has a reasonable delay.
definitely followed on twitch. the amount of no bs on this channel is unmatched for RUclips IT category standards
@LowLevelLearning
Umm, so... On a Windows computer, *if* WiFi is not being used (that computer is not connected to any WiFi source), *then* is that computer safe from this (and other) WiFi attacks? Or does the kernel mode WiFI driver still respond in some way over RF?
As a minor matter, no, bank web sites were always https, even at the beginning. They probably had lots of problems, but encrypted login was the norm. Unlike the rest of the web.
This bug also allows a hostile actor to take over the connection thereby disguising themselves as the target machine and allowing nefarious actions which look like they're coming from the target machine instead of the hacker's box. It's also a way to get free WiFi in that one can disguise themselves as a logged in user without any authentication. The router simply assumes that the traffic is coming through the authenticated machine instead of the attacking machine or threat actor in this scenario. This has been a bug since XP was big news. It surprises me that it's taken this long to come out. Us red hats have been using it for literally decades...
All software ends up having vulnerabilities that needs to be fixed. That's neither surprising, nor something we can really blame anyone for. It's pretty much unavoidable.
However, it's exactly why the Recall thing was such a nightmare.
just like i thought, recall got recalled. excellent job microsoft ...
Damned if you, damned if you don't.
since windows 10 is just windows 7 with unwanted bullshit attached, can we apply the ten fix to windows 7 somehow?
Fantastic video, love the explanations
Gotta love how the unreleased feature gets recalled
Was recall uninstalled or not-installed -- or was the software just only disabled ?
So am I wrong to be worried that this flaw is potentially in every WiFi enabled device like say a cell phone. I think we really need to know if this is a potential issue in Android and iOS
not this flaw but they to have their own flaw "Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices". iOS too has its own wifi flaw as well. of course all this get patched up, so if your devices are up to date then this flaw are no more. of course new flaws might get discovered with time.
I have been watching for a while, and i just noticed the Rubik's cube in the background. Are you able to solve it? If so, how fast can you do it?
To your discussion on public WiFi, don't use public WiFi, folks! Not same as this bug, but my phone got infected simply from connecting to a public network. I hadn't opened any pages at all, just connected and then my phone started opening this abandoned russian gaming site that hadn't had new articles in months. The phone would just open it randomly while not browsing anything.
I hate Microsoft with a burning passion..
Odd thing to be passionate about
@@jamieamc I take it that you haven't been a programmer for many years and/or don't care about open source and/or don't care about anti-competitive corporate behavior.
Imagine this with recall... oh boy
im disappointed that you didn't mention the kernel object race condition privilege elevation vulnerability
4:34 damn!
Thanks for sharing
I'm honestly surprised there aren't more RCE exploits for wifi or Bluetooth, seems like a fairly easy entry point
Knowing nothing deeper about the internals, I also wonder if, rather than management frames, it could also relate to WPA3.
Based only on my knowledge that "WPA3 allows for secure open networks", etc.
Yes, in WPA3 the management frames are protected as well.
Thanks
I would rate that CVE at 9.8/10 due to a 0 day exploit that takes over a router remotely, subsequently allowing the attacker to execute the RCE management packet which can compromise the victim system.
+1 FOR SWITCHING TO LINUX