Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Microsoft Patches USB-Related Flaw Used in Targeted Attacks

Microsoft Patches USB-Related Flaw Used in Targeted Attacks


Microsoft patched a vulnerability (MS15-085) in Windows Mount Manager, a driver in mountmgr.sys that assigns driver letters for dynamic and basic disk volumes. The flaw is being exploited in targeted attacks and patching this vulnerability should be prioritized. Microsoft rated the vulnerability (CVE-2015-1769) as “important” because it requires local access to a machine to exploit. This vulnerability can allow an attacker to run malicious code on a system if they can gain access to a USB port according to systems engineers at Core Security. However,  since this attack does require physical access to a system, it’s impact is limited to specific environments and circumstances.
 
Source:
 
Cisco Security Bulletin
 
Team Cymru
 
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis