by Michael Mimoso March 9, 2016
USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals.
Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it requires local access to exploit, previous work in this arena shows that such a bug could be attacked remotely.
Andy Davis of NCC Group in the U.K. privately disclosed the flaw, CVE-2016-0133, to Microsoft. His recent research includes a focus on USB bugs that are no longer limited to local exploits. For Black Hat Asia 2014, for example, Davis released a paper explaining techniques that could allow an attacker to take advantage of RDP and RemoteFX USB redirection features in Windows.
Full Article
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.