Greg Kroah-Hartman, a researcher at the Linux Foundation, appears ready to finally disable the USBRNDIS protocol driver once and for all. Hartman has wanted to remove the RNDIS bit from Linux for some time, with the original proposal being made on November 23, 2022.
Now, just over two years later, on December 23, 2024, the commit has finally been pushed again. In the accompanying message, Hartman explains how this ancient Windows XP-era Microsoft protocol is no longer needed, and how it makes systems insecure and vulnerable to threats. He wrote:
USB: Disable all RNDIS protocol drivers.
The Microsoft RNDIS protocol is insecure by design and will be vulnerable on any system where it is used with an untrusted host or device. Since there is no way to ensure the security of the protocol, simply disable all RNDIS drivers to prevent anyone from using them again. This is only required for Windows XP and newer systems. Windows systems earlier than it can use ordinary USB-type protocols and will not have these problems. Android has had this feature disabled for years, so there shouldn't be any real systems that still require it.
You can find the submission here in the LKML public inbox.
RNDIS or Remote Network Driver Interface Specification is a bus-independent messaging protocol for Ethernet (IEEE802.3) network devices on dynamic plug-and-play (PnP) buses such as USB, 1394, Bluetooth and InfiniBand. This standardized approach means that a set of host drivers can support any number of network devices over USB.
As mentioned above, Microsoft first introduced this specification as early as the Windows XP era, and it is still used in Windows 10 and Windows 11 (including the latest version 24H2) that are still supported today. However, the RNDIS driver is not automatically installed on Windows 10 and 11.
After optional installation, Windows1124H2 supports NDIS6.89 version.