Windows shortcut threat spreads via USB drives
|Warnings of the new USB attack vector began to appear recently, including a Microsoft Advisory which included the observation that one attack approach could come via removable drives.
Vulnerable versions of Windows, including Service Packs, identified by Microsoft are:
- Windows XP Service Pack 3
- Windows XP Professional x64 Edition Service Pack 2
- Windows Server 2003 Service Pack 2
- Windows Server 2003 x64 Edition Service Pack 2
- Windows Server 2003 with SP2 for Itanium-based Systems
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
Look for Microsoft to address this one aggressively and quickly — the breadth of the exposure guarantees that.
And look at the announcement of this new vulnerability, and particularly the USB/AutoRun/AutoPlay as an opportunity to tighten up on your company’s approach to both removable drives, and automatic executions.
AutoRun-based attacks launched from USB drives — or CD-Roms — are nothing new; we’ve talked here of USB risks before.
Disabling AutoRun, and any automatic players seems to me to be a good first step. But equally important is establishing and communicating a solid removable drive policy — and, by extension, a solid overall device and media policy — that could at least make employees aware of the large risks that can come in small attachable packages.
- 7 Key Web Design Principles To Create Impactful Web Experiences - June 20, 2024
- Why Your Small Business Needs SEO To Succeed - June 1, 2024
- Ultimate Guide to How Encoders Work: Types & Applications - June 1, 2024