‘USB For Remote Desktop’ Bug Lets Hackers Add Fake Devices

By   ISBuzz Team
Writer , Information Security Buzz | Jun 18, 2020 01:43 am PST

In response to reports that an unpatched vulnerability in software that redirects local USB devices to a remote system could help attackers elevate privileges on a target machine by adding fake devices, a cybersecurity expert offers perspective.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
June 18, 2020 9:45 am

When it comes to developing products for organizations to support, security must be baked in during the early phases. Whether it\’s for remote access, functionality for a software service, or the latest operating system, access control and vulnerability management are two vital elements for a secure product or feature. Without these, the product can be accessing administrator functions or control parts of a device that may be unknown by the organization.

In an organization\’s supply chain and reliance on third-party products, it\’s important to have risk mitigation plans to determine how isolated an application or device should be from damaging other systems.

An unpatched vulnerability of a product that has unsafe Remote Code Execution (RCE) capability requires a decision from the Enterprise Risk Team or Chief Information Security Officer (CISO) to deactivate the feature or isolate it or provide additional risk mitigation measures.

Last edited 3 years ago by James McQuiggan

Recent Posts

Would love your thoughts, please comment.x