[Micronet] FW: SF Pac IT Pros: USB Exploit

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] FW: SF Pac IT Pros: USB Exploit

Alex Warren
Sendtogroup News, SF pw:Pacific#1 Pac IT Pros: USB Exploit

Hello my dear friends on Micronet,

 

I got an interesting note from a professional group I belong to and thought it was prudent to pass it along as it not only affects windows machines, but Macs and virtual machines on VMWare as well.  Please read and enjoy!

 

Alex Warren

Facility Services IT

University of California, Berkeley

2000 Carleton St., Room 240

Berkeley, CA 94720

Office: (510) 643-5523

____________________

Pac IT Pros members:  You should be aware of a USB exploit which affects all versions of Windows or if auto-play has been disabled.  It does not matter if the machine is locked, at a login prompt or has just been powered on rebooted.  All an attacker has to do is plug in a USB stick with the malware and they will have access to the machine with elevated privileges. The attack is effective against physical machines and virtual machines (with pass through USB support) even if they are running on VMware or a Mac

There are two fixes.  Disable USB ports in the BIOS, (not through a Group Policy) of all computers or apply patch MS13-027.  (This is an auto-update patch).  Until updated all version of Windows are susceptible to this attack.

References

http://technet.microsoft.com/en-us/security/bulletin/ms13-027

http://arstechnica.com/security/2013/03/new-microsoft-patch-purges-usb-bug-that-allowed-complete-system-hijack/

http://www.techworld.com.au/article/456146/microsoft_latest_patches_squash_potential_usb_hijack/

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Doug Spindler

Pacific IT Professionals

http://www.pacitpros.org

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pac IT News visit http://www.pacitnews.org

Pac IT Pros web site http://www.pacitpros.org


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.