Vulnerability in Windows USB Drivers Allows Admin Access

Slashdot linked to this article on eWeek which describes a buffer-overflow vulnerability that would allow a person with physical access to your machine (enough to plug in a USB device) to get admininstrator access to it.

According to the article, there are a number of standard drivers built-in to Windows known to have buffer-overflow vulnerabilities. A user who wants access to a Windows 2000 or XP machine could program a USB memory stick to pose as a device with the driver vulnerability. This will trigger the loading of the flawed driver (as a system level user) and open up the system for the buffer-overflow exploit.

Read the article for more about this issue and what can be done about it.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay

Comments are closed.