On Tuesday morning, some personal computer players woke up to discover their computers apparently to the threat. “Hacktool”, which is suddenly called Wining0, started running Windows defender alert, as if their computers were attacking. Some of these computers have even started to act strange – such as the bombing of their fans at high speed – as soon as the quarantine is done. I know, because it happened to me.
But my computer was not actually under the attack – at least, not yet.
When I reviewed where the Windows cannons already discovered the threat, it was in The fan control The app that I use to cool my computer intelligently. Windows Defender had broken it, that is why my fans were running amok. For others, the threat was discovered in the Razer, Stelseries, OpenRGB, Libre hardware monitor, Capframex, MSI AFTERBURNER, OMENMON, Fanctrl, Zentimings, and Panorama9, among many others.
“As of now, all third -party / open source devices are tight,” told me the developer of monitoring fans Rémi Mercier.
This is because all these programs have something common, eight of their developers say freedom. They (or do) contain part of the core level programs, which are already called Wining0. And winning0 can Really a threat As of today, it was even Associated with some harmful programs in the real world to some extent Theoretically disappears your computer.
But again, this is not what happens on computers with these specific useful applications – there is no kidnapping. Instead, Winring0 is marked because it is an inappropriate way for these parts of the surveillance programs to see how quickly my computers and their LED lamp colors are among other readings. However, Winping0 is widely scattered, as many developers told me, because it is one of the only ways that Microsoft and the computer industry allow this device from the Windows operating system.
“There are only two Windows drivers available freely I know that they are able to reach the SMBUS records that we need to be able to control LEDS: Inpout32 and Winping0”. “We are used to using Inpout32, but it was conflicting as antibiotic vanguard combat, so we turned into Winping0 because it did not contradict.”
House and others are freely admits that Wining0 can be misused. “It is not some secret weakness. It is literally a library aimed at giving USSERPACE applications access to something only Kernel drivers can usually reach them.
They also do not warn of Microsoft’s attempt to close this potential gap. after Crowdstrike interruption, which removed 8.5 million devices With the update of animals that are drawn by animals last year, Microsoft was pressed to restrict programs that have special access to low -level devices, so nothing like this can happen again. Microsoft did not say why you wandered only in the processing of Winring0 now, but it was Gradually repair The driver’s requirements for annual updates, which are largely routine for the company to weaknesses in the black list on the movement.
The truth remains that this weak wine has found its way to all kinds of programs because it was useful The vulnerability, and many developers now say they are stuck because Microsoft will charge a lot to fix it. Some even call the discovery of Windows Defender “false”, which means that it should be safe to use Wining0 anyway, because their own applications are not harmful and there is no other cost -effective way to make them work.
The founder of Signalrgb Timothy Sun says the threat of security is more complicated than this. “Since Winping0 is installing at the system level, we have realized that we were relying on any version that was first installed on the user system. This made it very difficult to check if other applications have installed possible versions, exposing our users effectively despite our efforts.”
For this reason, his company has invested at its RGB interface instead, in the end, getting rid of Winring0 in 2023 for the SMBUS driver. But the developers I spoke to, including Sun, agree that this is an expensive proposal.
Sun. “Small small sources projects do not have the financial ability to walk in this way, and do not devote the Microsoft Kerneel to do so to do so,” says Honse from OpenRGB.
But there may be a simpler alternative: Why not repair weakness in Wining0 itself? For my amazement, three developers told me that his Wining0 It has already been correctedBut the open source community does not believe that they can afford the costs of obtaining a new version of Microsoft – and without signing the digital Microsoft, Windows will not allow users to install it to start.
Mercier explains that Winping0 was “one of his gentle driver” in that its source was open and signed. “There is nothing else like it, as institutions do not develop open source nucleus drivers.”
According to Physionnl, the famous Libre hardware developer that supports many monitoring applications (including fan control), Winping0 Its history returns Until Windows did not ask Microsoft signature such drivers; Its author Nurioki Miazaki (see also: CrystaldiskmarkApparently, he signed it.
But to sign a new version, developers will need Microsoft’s approval – and they will need to pay.
It is not possible to request a non -profit hobby [free open source software] Projects to pay the same costs to sign drivers as profit companies. It seems that the signature of drivers is limited to the time that will need a continuous renewal, so it will be a frequent cost. Also, from the initial search, you should be a company to be able to obtain a Kerneel signature certificate. Microsoft has accumulated the deck against us.
Piotr Szczepanski says that it is not a good application completely to Microsoft and Virustotal for inspection, too, “Although OvenMon is placed every time, ultimately the same implemented can be placed frequently again, where the definition versions and signatures are updated.”
“Microsoft accumulated the deck against us.”
Zentimings’ Ivan Rusanov, and Mercier Mercier of Fan Control says there is nothing they can really do in the absence of a newly signed driver like Winring0. “I will definitely replace it with something else at the moment it is available, but it is clear now, I cannot advise users to ignore it and add an exception to the defender,” says Rosanov.
But there is some hope. IBUYPOWER, the Past Games Manufacturer, IBUYPOWER, which also uses the Hyte Nexus Winping0 monitoring program and has obtained a mark by Windows Defender, freedom He will seek to sign up the updated Wining0 signature – and return the results to developers.
“If this solution succeeds, we will share our updated and signed version of the library, so that the developer community can distribute new versions of their applications with the authenticated Microsoft operating programs,” the director of the Hyte Robert Teller product.
Tiller says he is waiting for Microsoft’s response. Microsoft did not have any comment freedom.
Signerrgb Sun asked if his SMBUS driver might participate, but he said no, “We have invested significant resources in developing this solution specifically to meet our needs and the rule of users.”
As for Razer and Stelseries users, you may simply want to update your program to the latest version to avoid Winping0, and the two companies also tell me that they got rid of it recently. But know that you may lose some jobs as a result. Some of the very old Razer devices still require Synapse 2, and steel factories Just remove the system of system monitoring completely To address weakness, in the sense that players can no longer see system data on peripheral devices.
The Razer Software VP QUYEN QUACH says SYNAPSE 4 has never used Wining0 at all and that the company has corrected Synapse 3 to remove it just three weeks ago.
