Description:
Windows 8, windows 10, Windows 2012 servers comes with a
default user logon screen and one of the feature in the logon screen is,
the network selection user interface. This feature allows users to connect to the
wireless network, turn on and off the network card etc without having to unlock
the windows screen.
Risk:
This feature expose security risk, If the adversary has physical
access to the machine even for few seconds, the adversary can open this
network UI and connect the system to the attackers rouge wireless access point
and can later perform MITM attack (as an example) and can potentially compromise
the whole system.
Affected System:
Devices running Windows 8, windows 10, windows 2012 operating system with
wireless card.
Recommendation:
To protect from this risk we need to disable this network UI
on the log on screen and this can be achieved by doing it in the group policy or in the registry by going to
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System
and add DontDisplayNetworkSelectionUI=dword:00000001
No comments:
Post a Comment