Microsoft patches against evil maid attack

Microsoft on Tuesday released seven patches for 20 vulnerabilities including one fix to close off a dangerous kernel mode driver flaw that could enable root access via the use of malicious USB drives.

The patches -- four of which are graded critical and three labelled important -- cover issues in Windows, Office, Internet Explorer (IE), Server Tools, and Silverlight.

Most pressing to organisations is the cumulative IE patch (MS13-021) which corrects nine client-side flaws in all supported versions of the browser that could be exploited by attackers if a user is convinced into viewing a malicious web page.

Security update (MS13-027) resolves three vulnerabilities in kernel-mode drivers in Windows that could allow for privilege escalation.

Those heightened privileges could then grant an attacker the ability to execute code in the kernel by plugging in an infected USB stick into a targeted computer, in an technique known as an evil maid attack. 

"While this isn't the first issue to leverage physical access and USB devices, it is different in that it doesn't require a machine to be logged on," Microsoft's communications group manager Dustin Childs said in a blog post.

"It also provides kernel-level code execution, where previous attacks only allowed code execution at the logged-on level. Because of this, someone with casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds, could simply plug in a USB device to perform any action as an administrator."

"While it may be tempting to dismiss this sort of issue since it requires physical access, again, we want to do what is best for the customer. Casual physical access combined with kernel-mode code execution represent a significant enough threat that we released an update to address this issue.

Microsoft is not yet aware of any of the bugs that it patched on Tuesday being attacked in the wild.

This article originally appeared at scmagazineus.com