Microsoft Foils USB Hack In Latest Windows Update

Written by Matt LeBoff on March 14, 2013. Posted in Software, USB Hacks

When a USB stick is connected to a PC the Windows operating system enumerates the device.  In simple terms, this means Windows will check to see what type of device was just connected, a HID device, Mass Storage Devicet etc, it will also check the speed of the device.

During the enumeration process some registry entries are made into the Windows registry…this is where a hacker could get into your system and take control.  This is the update Microsoft issues earlier this week to fix the security flaw.

Since the vulnerability is triggered during USB enumeration, no user intervention is required. In fact, the vulnerability can be triggered when the workstation is locked or when no user is logged in, making this an unauthenticated elevation of privilege for an attacker with casual physical access to the machine. Other software that enables low-level pass-through of USB device enumeration may open additional avenues of exploitation that do not require direct physical access to the system.

So be sure to update your PC with the update notification comes through – it’s in your best interest.

Full Microsoft article here:

Tags: , ,

Trackback from your site.

USB Benchmark Software

Created for testing read / write speeds of a USB device. Free download.

Copyright ©

Copyright © 2011-2014 by
USB Powered Gadgets and more...
All rights reserved.

Sponsor: Copy Secure USB

Nexcopy provides USB copy protection with digital rights management for data loaded to USB flash drives. If you have Intellectual Property worth protecting from illegal copying, duplication or redistribution, then please read on…