Η Microsoft κλείνει πολύ σοβαρό κενό ασφαλείας των Windows που αφορά USB συσκευές

Στην χθεσινή patch Tuesday της Microsoft, ένα από τα bug fixes αφορούσε ευπάθεια των Windows σε μολυσμένες USB συσκευές. Εκτός του κλεισίματος του συγκεκριμένου κενού ασφαλείας, δόθηκε επιπλέον λογισμικό που καταγράφει σε log file όσες απόπειρες γίνουν στους αναβαθμισμένους υπολογιστές για εκμετάλευση του USB flaw.

Οι επηρεαζόμενες εκδόσεις Windows είναι :

Vulnerability Severity Rating and Maximum Security Impact by Affected Software
Affected Software	Mount Manager Elevation of Privilege Vulnerability - CVE-2015-1769	Aggregate Severity Rating
Windows Vista
Windows Vista Service Pack 2 (3071756)	Important Elevation of Privilege	Important
Windows Vista x64 Edition Service Pack 2 (3071756)	Important Elevation of Privilege	Important
Windows Server 2008
Windows Server 2008 for 32-bit Systems Service Pack 2 (3071756)	Important Elevation of Privilege	Important
Windows Server 2008 for x64-based Systems Service Pack 2 (3071756)	Important Elevation of Privilege	Important
Windows Server 2008 for Itanium-based Systems Service Pack 2 (3071756)	Important Elevation of Privilege	Important
Windows 7
Windows 7 for 32-bit Systems Service Pack 1 (3071756)	Important Elevation of Privilege	Important
Windows 7 for x64-based Systems Service Pack 1 (3071756)	Important Elevation of Privilege	Important
Windows Server 2008 R2
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (3071756)	Important Elevation of Privilege	Important
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (3071756)	Important Elevation of Privilege	Important
Windows 8 and Windows 8.1
Windows 8 for 32-bit Systems (3071756)	Important Elevation of Privilege	Important
Windows 8 for x64-based Systems (3071756)	Important Elevation of Privilege	Important
Windows 8.1 for 32-bit Systems (3071756)	Important Elevation of Privilege	Important
Windows 8.1 for x64-based Systems (3071756)	Important Elevation of Privilege	Important
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 (3071756)	Important Elevation of Privilege	Important
Windows Server 2012 R2 (3071756)	Important Elevation of Privilege	Important
Windows 10
Windows 10 for 32-bit Systems (3081436)	Important Elevation of Privilege	Important
Windows 10 for x64-based Systems (3081436)	Important Elevation of Privilege	Important
Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) (3071756)	Important Elevation of Privilege	Important
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) (3071756)	Important Elevation of Privilege	Important
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (3071756)	Important Elevation of Privilege	Important
Windows Server 2012 (Server Core installation) (3071756)	Important Elevation of Privilege	Important
Windows Server 2012 R2 (Server Core installation) (3071756)	Important Elevation of Privilege	Important

An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and execute it.

To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system. The security update addresses this vulnerability by removing the vulnerable code from the component.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft has reason to believe that this vulnerability has been used in targeted attacks against customers.