I accidentally found that my Linux screenshare program is able to send leftover video memory from a previous Windows boot (shut down 5 days ago) over the Internet, showing the private Windows desktop contents of the last logged in user.
This doesn't seem good security-wise for all parts involved.
I’m surprised that the video RAM doesn’t decay almost instantly when the power shuts off, but not for five days?! From my understanding, the whole computer, including the graphics card, shuts off when you power off a computer. That means that the video RAM is being written to non volatile storage somewhere.
My only guess: Do you have Windows Quick Start turned on? Because that doesn’t shut down the computer all the way; it just puts it in a deep sleep (i.e. the graphics card and its RAM are still powered)
Hmm. That might be it. I don’t think the power gets cut when you reboot; the processor just resets itself to its starting state.
I think the reason this hasn’t been addressed is because, from my understanding of the problem, people don’t reboot to a different OS running at a different resolution, so the problem was never noticed
Can you retest with a cold reboot? I don't think this is a new security issue,mostly because there is nothing the OS can do if the reboot was abrupt or due to a panic/bsod.
Quite certainly a cold reboot will wipe GPU RAM, but that's beside the point that software should make sure that unprivileged software from one OS should be able to read privileged contents from another if the first one had all the chances to wipe it from memory.
Alternatively the GPU or driver could, at initialisation time, wipe the memory.
I accidentally found that my Linux screenshare program is able to send leftover video memory from a previous Windows boot (shut down 5 days ago) over the Internet, showing the private Windows desktop contents of the last logged in user.
This doesn't seem good security-wise for all parts involved.