Caution Urged over Patched Windows USB Driver Flaw

  • 9 March 2016
  • 0 replies
  • 111 views

Userlevel 7
Badge +54
by Michael Mimoso March 9, 2016
 
                                                  


 
USB-related vulnerabilities make people nervous; you need look no further than Stuxnet and BadUSB to see the dangers associated with infected portable storage devices and peripherals.
 
Yesterday, Microsoft patched a flaw in the Windows USB Mass Storage Class Driver that could put some people on edge. Though the flaw was rated “important,” likely because it requires local access to exploit, previous work in this arena shows that such a bug could be attacked remotely.
 
Andy Davis of NCC Group in the U.K. privately disclosed the flaw, CVE-2016-0133, to Microsoft. His recent research includes a focus on USB bugs that are no longer limited to local exploits. For Black Hat Asia 2014, for example, Davis released a paper explaining techniques that could allow an attacker to take advantage of RDP and RemoteFX USB redirection features in Windows.
 
Full Article

0 replies

Be the first to reply!

Reply