{"id":8543,"date":"2015-08-12T11:28:30","date_gmt":"2015-08-12T15:28:30","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=8543"},"modified":"2015-08-12T11:28:30","modified_gmt":"2015-08-12T15:28:30","slug":"attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2015\/08\/12\/attackers-actively-exploit-windows-bug-that-uses-usb-sticks-to-infect-pcs\/","title":{"rendered":"Attackers actively exploit Windows bug that uses USB sticks to infect PCs"},"content":{"rendered":"

Attackers are actively exploiting a vulnerability in all supported versions of Windows that allows them to execute malicious code when targets mount a booby-trapped USB on their computers, Microsoft warned Tuesday in a regularly scheduled bulletin that patches the flaw.<\/p>\n

In Tuesday’s bulletin, Microsoft officials wrote:<\/p>\n

An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and execute it.<\/p>\n

To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system. The security update addresses this vulnerability by removing the vulnerable code from the component.<\/p>\n

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft has reason to believe that this vulnerability has been used in targeted attacks against customers.<\/p>\n

The vulnerability is reminiscent of a critical flaw exploited around 2008 by an NSA-tied hacking group dubbed Equation Group and later by the creators of the Stuxnet computer worm that disrupted Iran’s nuclear program. The vulnerability\u2014which resided in functions that process so-called .LNK files Windows uses to display icons when a USB stick is plugged in\u2014allowed the attackers to unleash a powerful computer worm that spread from computer to computer each time they interacted with a malicious drive.<\/p>\n

When Microsoft patched the .LNK vulnerability in 2010 with MS10-046, company officials classified the vulnerability as “critical,” the company’s highest severity rating. The classification seemed appropriate, considering the success of the .LNK exploits in infecting large numbers of air-gapped computers. For reasons that aren’t clear, Tuesday’s vulnerability has been rated “important,” Microsoft’s second-highest severity rating. Update: As Virus Bulletin researcher Martijn Grooten pointed out, the .LNK vulnerability was remotely exploitable, allowing it to infect millions of people. By contrast, the bug patched Tuesday appears to require a USB stick, a requirement that would greatly limit the scale of attacks. That’s the likely reason for the lower severity rating.<\/p>\n

In addition to fixing the bug, Microsoft is also releasing software that allows patched computers to log attempts to exploit the bug. That will make it easier for people to know if they were targeted by attackers.<\/p>\n

Separately, a word of caution: the installation of Windows language packs will require Tuesday’s patch to be reinstalled. Accordingly, before running the update, users should make sure they install any language packs they expect to need in the future.<\/p>\n

The fix for the USB vulnerability was one of 14 patch bulletins Microsoft published on Tuesday as part of its monthly update cycle. Microsoft typically identifies by name the person or group reporting the vulnerabilities that get fixed. In this case, however, the company didn’t elaborate beyond saying notification came “through coordinated vulnerability disclosure.”<\/p>\n

via Attackers actively exploit Windows bug that uses USB sticks to infect PCs | Ars Technica<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Attackers are actively exploiting a vulnerability in all supported versions of Windows that allows them to execute malicious code when […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[7,10],"tags":[341,1138,1178],"class_list":["post-8543","post","type-post","status-publish","format-standard","hentry","category-security","category-technology","tag-exploit","tag-usb","tag-vulnerability"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-2dN","jetpack-related-posts":[{"id":9806,"url":"https:\/\/nccomputertech.com\/techtalk\/2024\/11\/08\/ai-vulnerability-discovery-rts-ai-tv-hosts-windows-10-updates\/","url_meta":{"origin":8543,"position":0},"title":"AI Vulnerability Discovery – RT’s AI TV Hosts, Windows 10 Updates","author":"NCCT","date":"November 8, 2024","format":false,"excerpt":"https:\/\/youtu.be\/g7ZsibpgoWQ","rel":"","context":"In "Security"","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/g7ZsibpgoWQ\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9902,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/02\/11\/tpm-2-0-is-not-required-for-windows-11\/","url_meta":{"origin":8543,"position":1},"title":"TPM 2.0 Is Not Required for Windows 11","author":"NCCT","date":"February 11, 2025","format":false,"excerpt":"https:\/\/youtu.be\/yjjCbOOpREg On Security Now, Steve Gibson talks about Microsofrt dropping the TPM 2.0 requirement from Windows 11.","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/yjjCbOOpREg\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9405,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/10\/07\/odorless-and-weightless-hackers-this-week-in-tech-687\/","url_meta":{"origin":8543,"position":2},"title":"Odorless and Weightless Hackers – This Week in Tech 687","author":"NCCT","date":"October 7, 2018","format":false,"excerpt":"https:\/\/youtu.be\/lb4rnqfNdas Chinese Spy Chips, Microsoft Highs and Lows, Pixel 3 Event Predictions, and More! Bloomberg reports that China used tiny chips to spy on Apple, Amazon, and the US government. Apple and Amazon deny it. How do we know who is right? All the news from the Microsoft Surface event,\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/lb4rnqfNdas\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9932,"url":"https:\/\/nccomputertech.com\/techtalk\/2025\/05\/16\/microsoft-makes-70-billion-cuts-3-of-workforce\/","url_meta":{"origin":8543,"position":3},"title":"Microsoft Makes $70 Billion, Cuts 3% of Workforce","author":"NCCT","date":"May 16, 2025","format":false,"excerpt":"https:\/\/youtu.be\/L0nyc9O5qYY On Windows Weekly, Paul Thurrott and Richard Campbell try to comprehend the sweeping employee layoffs happening at Microsoft in the wake of $70 billion in revenue. The company wants to increase its \"agility by reducing layers.\" Is this the return of Dark Satya?","rel":"","context":"In "Microsoft"","block_context":{"text":"Microsoft","link":"https:\/\/nccomputertech.com\/techtalk\/category\/microsoft\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/L0nyc9O5qYY\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9511,"url":"https:\/\/nccomputertech.com\/techtalk\/2019\/01\/22\/millsplain-it-to-me-this-week-in-tech-702\/","url_meta":{"origin":8543,"position":4},"title":"Millsplain It to Me – This Week in Tech 702","author":"NCCT","date":"January 22, 2019","format":false,"excerpt":"https:\/\/youtu.be\/EtTfFJVBZ6s -Apple's Tim Cook Calls for Data Privacy. -773M Passwords Pwned - How to Find Out If Yours Was. -Amazon Tries to Make Alexa Sound \"Newsy.\" -Google Buys Fossil. -74% of Facebook Users are Clueless. -Facebook's 10 Year Challenge. -Atari Founder Making Alexa Board Games. -Stop Using Windows Phone! -Tokyo\u2026","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/EtTfFJVBZ6s\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":9320,"url":"https:\/\/nccomputertech.com\/techtalk\/2018\/04\/08\/this-week-in-tech-661-the-ant-man-canon\/","url_meta":{"origin":8543,"position":5},"title":"This Week in Tech 661: The Ant Man Canon","author":"NCCT","date":"April 8, 2018","format":false,"excerpt":"https:\/\/youtu.be\/BOkNYwQ_k1Y Facebook issues the latest in a long string of apologies.YouTube shooter and the lure of fame. Apple plans its own chips for 2020, Mac Pro for 2019. Is Amazon spending too much on video? Terry Myerson out at Microsoft - the end of the Windows era. FBI seizes Backpage.com.","rel":"","context":"In "Apple"","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/BOkNYwQ_k1Y\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=8543"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/8543\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=8543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=8543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=8543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}