Categories: Breaking NewsCyber CrimeHackingMalware

Attackers exploit a Windows flaw using a booby-trapped USB

Microsoft announced in the Tuesday’s bulletin that crooks have been exploiting a vulnerability that allows to execute malicious code using booby-trapped USB

Microsoft announced in the last Tuesday’s bulletin that crooks have been exploiting a vulnerability that allows to execute malicious code using booby-trapped USB.

The vulnerability affects all supported versions of Windows OS as confirmed by Microsoft.

“An elevation of privilege vulnerability exists when the Mount Manager component improperly processes symbolic links. An attacker who successfully exploited this vulnerability could write a malicious binary to disk and execute it. To exploit the vulnerability, an attacker would have insert a malicious USB device into a target system. The security update addresses this vulnerability by removing the vulnerable code from the component.

Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft has reason to believe that this vulnerability has been used in targeted attacks against customers.” States Microsoft.

This vulnerability, coded as CVE-2015-1769, is reminiscent of the flaw exploited by the creators of Stuxnet as we talked in the past, it affects functions that process so-called .LNK files Windows uses to display icons when a USB stick is plugged in.

In 2010 Microsoft patched the .LNK vulnerability with MS10-046, the main difference between the vulnerability fixed with the release MS10-046 and the new one, is that MS10-046 would be exploited remotely and the new one can be exploited only locally by using a USB stick. For this reason the exploitation of the new flaw is more difficult and severity assigned to the attack isn’t the highest.

Microsoft yesterday patched the vulnerability, MS15-085, in Windows Mount Manager, a driver in mountmgr.sys that assigns driver letters for dynamic and basic disk volumes.

About the Author Elsio Pinto (@high54security) is at the moment the Lead Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog Mcafee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Pierluigi Paganini

(Security Affairs – USB exploit, CVE-2015-1769)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.