Home Microsoft Patches Hollywood-Style USB Windows Exploit

Microsoft Patches Hollywood-Style USB Windows Exploit

A beautiful young systems analyst pulls back from her keyboard and stretches, yawns. It’s late. Sliding into her coat, she taps out a text to her boyfriend: “Be there in 20.” As she leaves the office, silence falls, except for the hum of florescent lights above. 

A squeak. A garbage can appears, pushed by an older, balding man, his eyes suspiciously alert. Setting down his mop, the man sits at the system analyst’s desk and pulls a USB key out of the pocket of his stained overalls. The silent PC hums to life as the USB key is inserted. Files scroll down the screen, and a faint smile flickers across his lips. Otlichno, he murmurs. Excellent.

Hollywood-Style Hacking

Microsoft admitted Tuesday that the risk of this Hollywood-style hacking scenario is very real – and can be eliminated only via its latest Windows patch. 

Yes, it almost sounds like something out of The Net, the 1995 film starring Sandra Bullock that featured a plot device relying on a backdoor passed around on floppy disks (USB drives were first shipped five years later). 

As Microsoft noted in a blog post attached to its Patch Tuesday updates, one should assume that if an attacker has physical access to your computer (through theft, losing a laptop or otherwise), then a knowledgeable attacker will likely be able to crack it through any one of a variety of means. What the kernel-mode driver exploit that Microsoft patched on Tuesday – one of three “critical” vulnerabilities and seven total patches – enabled was casual physical access, of the sort that could be quickly done by a janitor or coworker. 

“While this isn’t the first issue to leverage physical access and USB devices, it is different in that it doesn’t require a machine to be logged on,” the Microsoft Security Response Team (MSRC) wrote. “It also provides kernel-level code execution where previous attacks only allowed code execution at the logged-on level. Because of this, someone with casual physical access, such as a custodian sweeping your office at night or a security guard making his rounds, could simply plug in a USB device to perform any action as an administrator.”

The other two critical patches include Internet Explorer and Silverlight. Others, marked “Important,” involved vulnerabilities in Visio, OneNote and SharePoint.

Windows Store Patches, ASAP

Microsoft also detailed how it would update apps sold via the Windows Store, its source for online apps – exclusively, in the case of Windows RT. Instead of delivering them on a monthly basis on Patch Tuesday, the patches and updates will be delivered as needed. 

“This applies to Microsoft apps that are installed using the Windows Store and to apps like Mail, which are preinstalled with Windows 8 but updated using the Windows Store,” Mike Reavey, senor director within the MSRC, wrote. “Providing security updates to these apps more frequently will allow us to add new functionality, fix issues and improve security. This will also help developers to avoid introducing new issues during the update process.”

This more-active approach to security patches makes sense – except perhaps for aspiring screenwriters, who will have to come up with another preposterous representation of technology hacks. 

Of course, if you don’t apply Microsoft’s new patches, comrade, then it’s do svidaniya for you.

Images from the trailer for The Net, on YouTube.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.