Microsoft patches against evil maid attack

By

Twenty holes plugged.

Microsoft on Tuesday released seven patches for 20 vulnerabilities including one fix to close off a dangerous kernel mode driver flaw that could enable root access via the use of malicious USB drives.

Microsoft patches against evil maid attack

The patches -- four of which are graded critical and three labelled important -- cover issues in Windows, Office, Internet Explorer (IE), Server Tools, and Silverlight.

Most pressing to organisations is the cumulative IE patch (MS13-021) which corrects nine client-side flaws in all supported versions of the browser that could be exploited by attackers if a user is convinced into viewing a malicious web page.

Security update (MS13-027) resolves three vulnerabilities in kernel-mode drivers in Windows that could allow for privilege escalation.

Those heightened privileges could then grant an attacker the ability to execute code in the kernel by plugging in an infected USB stick into a targeted computer, in an technique known as an evil maid attack. 

"While this isn't the first issue to leverage physical access and USB devices, it is different in that it doesn't require a machine to be logged on," Microsoft's communications group manager Dustin Childs said in a blog post.

"It also provides kernel-level code execution, where previous attacks only allowed code execution at the logged-on level. Because of this, someone with casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds, could simply plug in a USB device to perform any action as an administrator."

"While it may be tempting to dismiss this sort of issue since it requires physical access, again, we want to do what is best for the customer. Casual physical access combined with kernel-mode code execution represent a significant enough threat that we released an update to address this issue.

Microsoft is not yet aware of any of the bugs that it patched on Tuesday being attacked in the wild.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Travel eSIMs secretly route traffic over Chinese and undisclosed networks: study

Accenture to buy Australian cyber security firm CyberCX

Accenture to buy Australian cyber security firm CyberCX

TPG Telecom reveals iiNet order management system breached

TPG Telecom reveals iiNet order management system breached

"Shade BIOS" stealth malware hides below operating system

"Shade BIOS" stealth malware hides below operating system

Log In

  |  Forgot your password?