‘USB For Remote Desktop’ Bug Lets Hackers Add Fake Devices

In response to reports that an unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices, a cybersecurity expert offers perspective.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
June 18, 2020 9:45 am

When it comes to developing products for organizations to support, security must be baked in during the early phases. Whether it\’s for remote access, functionality for a software service, or the latest operating system, access control and vulnerability management are two vital elements for a secure product or feature. Without these, the product can be accessing administrator functions or control parts of a device that may be unknown by the organization.

In an organization\’s supply chain and reliance on third-party products, it\’s important to have risk mitigation plans to determine how isolated an application or device should be from damaging other systems.

An unpatched vulnerability of a product that has unsafe Remote Code Execution (RCE) capability requires a decision from the Enterprise Risk Team or Chief Information Security Officer (CISO) to deactivate the feature or isolate it or provide additional risk mitigation measures.

Last edited 2 years ago by James McQuiggan
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x