U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Attackers exploit a Windows flaw using a booby-trapped USB

Microsoft announced in the Tuesday’s bulletin that crooks have been exploiting a vulnerability that allows to execute malicious code using booby-trapped USB Microsoft announced in the last Tuesday’s bulletin that crooks have been exploiting a vulnerability that allows to execute malicious code using booby-trapped USB. The vulnerability affects all supported versions of Windows OS as […]

Attackers exploit a Windows flaw using a booby-trapped USB

Microsoft announced in the Tuesday’s bulletin that crooks have been exploiting a vulnerability that allows to execute malicious code using booby-trapped USB

Microsoft announced in the last Tuesday’s bulletin that crooks have been exploiting a vulnerability that allows to execute malicious code using booby-trapped USB.

The vulnerability affects all supported versions of Windows OS as confirmed by Microsoft.

“An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and execute it.  To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system. The security update addresses this vulnerability by removing the vulnerable code from the component.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft has reason to believe that this vulnerability has been used in targeted attacks against customers.” States Microsoft.

usb stuxnet

This vulnerability, coded as CVE-2015-1769, is reminiscent of the flaw exploited by the creators of Stuxnet as we talked in the past, it affects functions that process so-called .LNK files Windows uses to display icons when a USB stick is plugged in.

In 2010 Microsoft patched the .LNK vulnerability with MS10-046, the main difference between the vulnerability fixed with the release MS10-046 and the new one, is that MS10-046 would be exploited remotely and the new one can be exploited only locally by using a USB stick. For this reason the exploitation of the new flaw is more difficult and severity assigned to the attack isn’t the highest.

Microsoft yesterday patched the vulnerability, MS15-085, in Windows Mount Manager, a driver in mountmgr.sys that assigns driver letters for dynamic and basic disk volumes.

About the Author Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Pierluigi Paganini

(Security Affairs – USB exploit, CVE-2015-1769)