Microsoft has announced a security patch that will help to protect users from a new vulnerability where hackers can steal data and passwords using USB drive disk even while the computer system is locked. Hackers can use USB stick to acquire data and passwords from a user's computer even while the 'CTRL+ALT+DEL' lock screen is on. A statement released from the Microsoft blog -
https://blogs.technet.com/b/srd/archive/2013/03/12/ms13-027-addressing-an-issue-in-the-usb-driver-requiring-physical-access.aspx?Redirected=true (read below) shows how an attacker can use a simple USB drive to steal data.
"Today we are addressing a vulnerability in the way that the Windows
USB drivers handle USB descriptors when enumerating devices. (KB 2807986
).
This update represents an expansion of our risk assessment methodology
to recognize vulnerabilities that may require physical access, but do
not require a valid logon session. Windows typically discovers USB
devices when they are inserted or when they change power sources (if
they switch from plugged-in power to being powered off of the USB
connection itself). To exploit the vulnerability addressed by
MS13-027,
an attacker could add a maliciously formatted USB device to the system.
When the Windows USB device drivers enumerate the device, parsing a
specially crafted descriptor, the attacker could cause the system to
execute malicious code in the context of the Windows kernel.
Because the vulnerability is triggered during device enumeration, no
user intervention is required. In fact, the vulnerability can be
triggered when the workstation is locked or when no user is logged in,
making this an un-authenticated elevation of privilege for an attacker
with casual physical access to the machine. Other software that enables
low-level pass-through of USB device enumeration may open additional
avenues of exploitation that do not require direct physical access to
the system".
No comments:
Post a Comment