‘USB For Remote Desktop’ Bug Lets Hackers Add Fake Devices

In response to reports that an unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices, a cybersecurity expert offers perspective.

Experts Comments

June 18, 2020
James McQuiggan
Security Awareness Advocate
KnowBe4
When it comes to developing products for organizations to support, security must be baked in during the early phases. Whether it's for remote access, functionality for a software service, or the latest operating system, access control and vulnerability management are two vital elements for a secure product or feature. Without these, the product can be accessing administrator functions or control parts of a device that may be unknown by the organization. In an organization's supply chain and.....Read More
When it comes to developing products for organizations to support, security must be baked in during the early phases. Whether it's for remote access, functionality for a software service, or the latest operating system, access control and vulnerability management are two vital elements for a secure product or feature. Without these, the product can be accessing administrator functions or control parts of a device that may be unknown by the organization. In an organization's supply chain and reliance on third-party products, it's important to have risk mitigation plans to determine how isolated an application or device should be from damaging other systems. An unpatched vulnerability of a product that has unsafe Remote Code Execution (RCE) capability requires a decision from the Enterprise Risk Team or Chief Information Security Officer (CISO) to deactivate the feature or isolate it or provide additional risk mitigation measures.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.