Microsoft yesterday released the patch to fix a privilege elevation vulnerability that exposes the risk of attacks via USB drive, similar to what has enabled the spread of the Stuxnet malware.
All currently supported versions of Windows are subject to a vulnerability that allows malicious code to run when connected to a computer USB drive compromise. Microsoft is already aware of the problem and has released a patch in the day yesterday to plug the leak.
” A privilege elevation vulnerability occurs when the Mount Manager component processes improperly symbolic links. Who exploits this vulnerability could write malicious code on the disk and run it. To exploit an attacker should insert a USB drive in the target system. The update addresses this vulnerability by removing the component portion of vulnerable code, ” Microsoft wrote in the security bulletin issued yesterday.
The vulnerability is reminiscent of a critical flaw exploited in 2008 by the hacker collective Equation Group and subsequently by the creators of Stuxnet worm that destroyed the Iranian nuclear program. The vulnerability, which resided in functions that process the .lnk file that Windows uses to display icons when you plug in a USB drive, allowed the attackers to release the worm that has spread on each computer that has interacted with the drive compromise.
Microsoft over the issue of the patch to fix the problem is releasing a software utility that enables systems that have already been patched to log attempts to exploit the bug. This measure allows users to find more easily if they have been the target of an attack.