Linux Removes Outdated, Insecure USB Network Protocol Still Present on Windows

Greg Kroah-Hartman, a member of The Linux Foundation, seems ready to disable the RNDIS USB protocol driver once and for all. Interestingly, Hartman has wanted to remove the RNDIS bits from Linux for a while. He actually made the original proposal back in November 2022.

After more than two years, the proposal has finally been officially implemented. In the accompanying announcement, Hartman explains that the 'archaic' USB networking protocol, introduced by Microsoft since Windows XP, is not only no longer necessary, but also makes the system less secure and more vulnerable to threats:

USB: disable all RNDIS protocol drivers

Microsoft's RNDIS protocol is currently insecure and vulnerable to attack on any system that uses it with untrusted hosts or devices. Since it is not possible to secure the protocol, simply disabling all rndis drivers is sufficient to prevent accidental use by users. Microsoft needs to enforce this for Windows XP and newer systems, older Windows systems can use regular USB layer protocols instead. Android has disabled RNDIS for years so there is no issue to speak of.

For those who don't know, RNDIS, which stands for Remote Network Driver Interface Specification, is a bus-independent messaging protocol for Ethernet (IEEE 802.3) network devices over dynamic Plug and Play (PnP) buses like USB, 1394, Bluetooth, and InfiniBand. This standardized approach means that a single set of host drivers can support any number of network devices over USB.

As mentioned above, Microsoft introduced this protocol back in Windows XP, and it is worth mentioning that it is still present on Windows 10 as well as Windows 11, including the latest version 24H2. Windows 11 24H2 supports NDIS version 6.89. Fortunately, however, the RNDIS driver is not automatically installed on Windows 10 and 11.

Isabella Humphrey

Update 05 January 2025