According to security experts, the security update named MS13-027 should be installed immediately, especially in enterprises. By preparing a USB stick with a special code, an attacker can gain administrator rights on a computer, even though the autorun function has been turned off.
– This is a type of attack we’ve seen in movies for years, and now it’s possible in real life. The potential risk of this security hole cannot be underestimated, says Andrew Storms of the security company Ncircle Security.
A person with physical access to a company’s premises could theoretically connect a USB stick to one of the company’s computers and access sensitive information stored on the computer.
– This vulnerability makes it possible for a hacker to freely run programs on a computer, but it requires physical access to the computer and the ability to connect a USB stick, says Marc Maiffret of the security company Beyondtrust.
The vulnerability affects all versions of Windows. You download the latest updates via Windows Update.
IDG News