Yesterday Microsoft released a number of security patches as part of Patch Tuesday. Now we have a bit more info on what vulnerabilities they are meant to address. One of the exploits found, and patched by Microsoft under the codename MS13-027 (KB 2807986), relates to a hack via a USB drive.
According to researchers Windows recognizes USB drives, when they are connected or when they change power sources. Then the device driver enumerates the connected devices and then, based on that enumeration, they appear on the system. However, the researchers have found that a maliciously formatted USB drive could gain control of the system during that driver enumeration process. The device could execute code in the context of the Windows kernel.
The most worrisome part is that because of the way this hack works the attacker doesn't need any software access to the PC. The vulnerability can be triggered even while the device is locked and no user is logged in. So all a hacker would need is casual physical access to the device. The researchers also warn that software that goes through low-level USB device enumeration might provide "additional avenues of exploitation" without the hacker actually needing physical access to the machine.
Source: Microsoft Security
11 Comments - Add comment