MSRC fixed a RCE bug in TCPIP module.
I found the bug several months ago.
Its score is 9.8 and exploitation is more likely. Please apply the patch immediately.
msrc confirmed a critical rce bug in WIP I reported last month.The bug could be triggered through network and affects default install(no additional service need to enable)and is more likely exploitable.
The Microsoft Researcher Recognition Program offers public thanks and recognition to security researchers who help protect our customers by discovering and sharing security vulnerabilities under Coordinated Vulnerability Disclosure.
Today, we are excited to recognize this year’s
@f4rmpoet
@vanhoefm
well done.But this bug could be triggered after association and before handshake have finished.On the moment data packet is not encrypted.This means that there is no need for attacker to join the network.attacker just do a deauth attack first and then trigger the bug.
@thezdi
@abdhariri
@fluoroacetate
@abdhariri
@fluoroacetate
It seems that the bug can not be triggered with default configuration in vmware workstation.
There are a usb hub devive and a hid device with default config.
In my debugging,they don't support bulk endpoints.
Did i do anything wrong?