September 17, 2021 - Blog
A booby-trapped usb can bypass windows security
In Tuesday’s patch bulletin, Microsoft revealed that a vulnerability exists in all supported versions of Windows which could allow an attacker to execute malicious code from a booby-trapped USB. According to the security bulletin, “An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and execute it.” Microsoft addressed this potential exploit by removing the vulnerable code from their USB components.
The vulnerability utilized functions that process the files which Windows uses to display icons for USB content. A successful exploit of the vulnerability could grant a hacker administrator privileges on a Windows machine. According to Ars Technica, it’s “reminiscent of a critical flaw exploited around 2008 by an NSA-tied hacking group…and later by the creators of the Stuxnet computer worm that disrupted Iran’s nuclear program.” While that critical flaw had a Severity Rating of critical, Tuesday’s patch was rated “Important,” Microsoft’s second-highest severity rating. Security researcherMartijn Grooten believes the lower rating is due to the vulnerability not being exploitable remotely.
According to the security bulletin, “Microsoft has reason to believe that this vulnerability has been used in targeted attacks against customers.” As potential hackers would require direct access to a user’s machine, the vulnerability would have to be exploited in highly specific attacks by hackers who have access to your hardware. The patch was released alongside 13 other patches as part of yesterday’s security bulletin. Windows users with automatic updates enabled will receive the patch for this vulnerability without prompt, otherwise it can be downloaded from theMicrosoft Download Center.