14 DAY TRIAL // Microsoft rolled out a total of seven different bulletins on Patch Tuesday to fix flaws in Windows, Internet Explorer, Office, Silverlight and other products, but the company has also released an update supposed to repair an USB vulnerability in the Windows platform.
According to a security advisory published by Microsoft, an attacker could execute malicious code on an unpatched system by plugging in an USB device even when the computer is locked or when no user is logged in.
“This [is] an un-authenticated elevation of privilege for an attacker with casual physical access to the machine. Other software that enables low-level pass-through of USB device enumeration may open additional avenues of exploitation that do not require direct physical access to the system,” Josh Carlson and William Peteroy, MSRC, explained.
The update is aimed at all Windows versions, including 8, RT, 7, Vista, Server and XP. As usual, it’s being delivered through the built-in Windows Update option, so no user interaction is necessary.