Microsoft's latest patches address new USB hack

The software giant discovers a Windows vulnerability that lets attackers gain access to data in locked or logged-off computers with a USB thumb drive.

A new kind of vulnerability popped up recently, one that lets hackers stick a USB thumb drive into a computer -- even if it's logged-off or locked -- type out a bit of attack code and steal whatever data they want.

In an effort to avoid this type of cyberattack, Microsoft issued its monthly software patches today and included a fix for this Windows vulnerability called MS13-027. This vulnerability lets a hacker get into the computer with a thumb drive and take over administrative privileges.

"When the Windows USB device drivers enumerate the device, parsing a specially crafted descriptor, the attacker could cause the system to execute malicious code in the context of the Windows kernel," Microsoft wrote in a blog post today. "Because the vulnerability is triggered during device enumeration, no user intervention is required. In fact, the vulnerability can be triggered when the workstation is locked or when no user is logged in, making this an un-authenticated elevation of privilege for an attacker with casual physical access to the machine."

According to IDG News Service, security experts also view the vulnerability as a serious issue.

"You've seen this attack method in movies for years, and it's now showing in enterprises all over the world," nCircle's director of security operations Andrew Storms said, according to IDG News Service. "The potential for harm with this vulnerability can't be overstated."

Microsoft issued six other patches today, four of these were categorized as critical and three were listed as important. Combined, the seven patches look to cover 20 vulnerabilities found in Internet Explorer and Microsoft's Silverlight, Office, Windows, and more.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Amazon Fire HD 10 is an affordable tablet with Prime perks

The family-friendly 10-inch tablet is Amazon's biggest yet

by Xiomara Blanco