Software bugs are becoming almost as common as the countless amounts of car hacks that has stolen the attention of consumers. Now, attackers are using “booby-trapper” USB sticks to exploit a bug in Windows. The good news is, Microsoft has released a patch.
“An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links,” according to Microsoft officials in their bulletin.
“An attacker who successfully exploited this vulnerability could write a malicious binary to disk and execute it. To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system. The security update addresses this vulnerability by removing the vulnerable code from the component.”
The attack is being compared to one used by the hacking team Equation Group, according to Arstechnica. The group was tied to the NSA in 2008 by using a similar method of hacking. Their vulnerability is what lead to the Stuxnet computer worm, according to the report.
“The vulnerability—which resided in functions that process so-called .LNK files Windows uses to display icons when a USB stick is plugged in—allowed the attackers to unleash a powerful computer worm that spread from computer to computer each time they interacted with a malicious drive,” according to Arstechnica.
Microsoft hasn’t just fixed the bug, they also plan on releasing software that will allow computer to keep track of the attempts to exploit the bug. This will inform the user as to whether or not they are being attacked, in turn changing the way users go about their machines.
Read the full story.